This is the first article of a two part series looking at how to reduce the chances of recruiting unsuitable staff while avoiding the pitfalls of other legislation. This first article will look at recruitment and complying with the Privacy Act. The second article will focus on recruitment and avoiding running afoul of the adverse action provisions of the Fair Work Act.

Victoria’s new Child Safe Standards have thrown the spotlight onto recruitment practices in schools as a step towards creating a safer environment for students. Essentially the Standards look at embedding sound contemporary recruitment practices using child protection as the point of leverage.  In addition to a Working with Children Check, schools in Victoria are required to verify the identity of the individual and conduct a background check, verify professional or other qualifications relevant to the job, conduct an examination of the applicant’s history of child-connected work, and ensure proper reference checks are completed (Child Safe Standard 4).

Many schools outside of Victoria will find the supporting guidance and checklists provided by the Victorian independent schools’ regulatory authority, the VRQA, as a useful map for reviewing the adequacy of their own recruitment practices.

However, the obligation to ensure that child safety is incorporated into the school’s enhanced recruitment practices should be approached in a way that ensures compliance with the Australian Privacy Principles (APPs) under the Privacy Act. Failure to comply with the Privacy Act 1988 (Privacy Act) carries penalties of up to $360,000 for individuals and $1.8M for body corporates.

Compliance with the Privacy Act

As part of the recruitment process, most schools will collect and use personal information about potential candidates. This will include the information provided by the applicant directly as well as information from referees, past employers, the Working with Children Check, possibly the Department of Immigration (where residency status may be an issue), and any other freely available information such as social media. The collection of this information in the course of an individual’s employment application is subject to the Privacy Act, which includes the APPs.

Under the Privacy Act “personal information” can include information or an opinion about an individual whose identity is apparent or can reasonably be ascertained from that information. While the personal information about actual employees is exempt from the Privacy Act, this exemption does not apply where candidates are unsuccessful (or choose not to accept employment). As a result, schools must ensure compliance with the Privacy Act in the recruitment and selection process for all external candidates.

The APPs provide a number of requirements which address the various stages of the recruitment process, namely:

• The type of information collected eg personal information collected only if it is reasonably necessary for the performance of the school’s functions (APP 3, APP 4);
• How the information is collected (APP 5);
• Ensuring the accuracy of the information (APP 10);
• How the information is used (APP 6);
• Who has access to the information (APP 6);
• Access to the information by the candidate (APP 12);
• Keeping the information stored securely (APP 11); and
• How the information is disposed of (APP 11).

How to reduce the risk of background checks breaching the Australian Privacy Principles (APPs)

In practical terms, the measures taken by a school as part of its child safety due diligence will not be too different from normal good practice in recruitment; and both require compliance with the APPs.

The starting point to mitigating the legal risks from a school’s perspective, is to ensure that the information collected, used, and the people who see it, are all clearly relevant to the position for which the candidate is applying. This means that the child safety responsibilities of a school and the employee should be clearly articulated in writing and included in the job description and job advertisement.

The job advertisement should specify the role’s child safety responsibilities and advise that by applying for the role, the applicant consents to the school conducting due diligence searches to meet the school’s child safety and other legal responsibilities. There should be a link to the school’s Privacy Policy.

In practice, a school is not likely to conduct the searches until applicants have been shortlisted. This means that shortlisted applicants at the interview stage should be advised that referee checks will be conducted, past employers consulted, and social media may be accessed. Applicants should be advised:

• How their personal information (e.g. in their curriculum vitae) will be collected from them, and from third parties such as referees;
• That they will be asked to provide written consent for further pre-employment background searches. The consent form will also include how the information will be used and how it will be collected;
• Should they decide not to provide consent this will affect the school’s ability to consider their application and for due diligence reasons may prevent them from proceeding further with the selection process; and
• Should negative information be obtained, if it is relevant for the consideration of the applicant for the position, the applicant will have an opportunity to respond. This does not mean that you must provide them with all of the information and who provided it, but giving the opportunity is necessary to ensure the accuracy of the information and the candidate’s access to the personal information held.

If the applicant consents, the school will then need to ensure that:

• It only collects information that is relevant to the position, and any other information obtained will be destroyed or ignored;
• Where negative information is collected, the candidate be given an opportunity to explain;
• The personal information is only provided to those who need to make the decision;
• The information is stored securely;
• The recruitment decision is made using only relevant information relating to the job description and the school’s duty of care responsibilities;
• The information is destroyed once the process is complete unless the candidate’s written permission is obtained to keep the information on file for consideration in future positions, and
• All of the above are documented.

The changes to the Federal Privacy Act in 2014 have undoubtedly made recruitment a far more documented and therefore onerous process, and the person conducting background checks and writing recruitment decisions will need to be far more careful that they comply with their obligations. However, with the addition of child safety requirements, the more rigorous recruitment steps should lead to an improved decision-making process which results in the selection of the best candidate in line with the school’s child safe culture.