The IP Act requires Queensland government agencies to comply with the privacy principles1 when handling personal information. This includes personal information collected and used during recruitment processes.
While the privacy issues may be generally applicable, this guideline specifically discusses the privacy impacts of public sector recruitment by Queensland government departments and agencies that have been declared public service offices.2 These will be collectively referred to as departments throughout this guideline.
The Directives and rules this guideline discusses do not apply to local governments, universities, or public authorities not listed in the PS Regulation.
Contracting out recruitment processes
If a department engages a private-sector contractor for any part of the recruitment process and recruitment material will pass between the contractor, the department, and/or the applicants, the department must take reasonable steps to bind the contractor to comply with the privacy principles. This requirement should form part of the contract.
Particular consideration should be given to a contractor’s storage of recruitment material and their communications with both the agency and, if relevant, the applicants during the recruitment. The contract should also require that at the end of the recruitment process all recruitment material is either returned to the agency and deleted from their systems or destroyed.
Limitations of this guideline
This guideline covers general privacy issues that may arise in public sector recruitment. It does not deal with department-specific legislation or employment-specific screening processes such as criminal history checks or Blue Card requirements.
Privacy and personal information
Personal information is information about an individual whose identity is apparent or can reasonably be ascertained.3 The privacy principles set the rules for how departments collect, store, secure, use and disclose personal information.
Specific rules that apply to departmental recruitment
The primary rules that govern departmental recruitment come from:
- Public Service Act 2008 (Qld)
- Public Service Regulation 2008 (Qld)
- Directives made by the Public Service Commission’s (PSC) Chief Executive and/or the Industrial Relations Minister.4
The use or disclosure of personal information in accordance with an Act, Regulation, or Directive will not be a breach of the privacy principles.5
When a department collects information from an individual it must tell them why it is being collected, any authority for its collection, and anyone it is the department’s usual practice to give it to.6 This can take the form of a notice included in recruitment material.
Preparing recruitment material – key criteria, role descriptions, application forms and application guides
The privacy principles only allow relevant personal information to be collected. Before preparing recruitment material, the drafter must understand what qualifications, experiences, skills and capacities the position requires. This will ensure recruitment material will not request irrelevant personal information from applicants.
Take care with templates
Generic or template recruitment material must be reviewed carefully to ensure it is not asking for information irrelevant to the specific position being recruited for.
If a position has mandatory qualifications or requirements, the recruitment material should make this clear. If a qualification or requirement is not required but is desirable, this distinction should also be made clear.
However, if qualifications or requirements are neither mandatory nor desirable, requesting information about them could result in the department collecting irrelevant personal information in breach of the privacy principles.
Evidence for successful applicants
An agency may require the preferred applicant to provide evidence of:
- the applicant's identity
- the applicant's citizenship or permanent resident status, as set out in section 127 of the PS Act; or
- the applicant's claimed qualifications.
Best practice is for an authorised officer to sight the documents and make a statement to that effect on the relevant file. There is generally no benefit to retaining a copy of the document.
Any employment screening the position requires must be explained in the recruitment material, including any conditions that apply—for example, that the position requires a criminal history check to which the prospective employee must consent.
Equal Employment Opportunity material
As part of meeting their Equal Employment Opportunity (EEO) obligations departments may ask applicants about EEO personal information. When doing so, it must be clear to applicants that providing this information is voluntary.
Reasonable adjustment requirements
Some applicants may need reasonable adjustments for interviews and/or aptitude tests. There is generally no need to ask about this at the initial stage, prior to selection of candidates for interviews or aptitude tests, because not every applicant will make it to those stages. Requesting this information before the department knows it will be required could lead to an unnecessary collection of personal information.
Applicants sometimes include irrelevant material in their application, such as personal interests or hobbies. If the department has not requested the irrelevant information, the applicant’s supply of it is not a breach of the privacy principles.
Dealing with application material
Storage and security of personal information
Departments must protect the personal information they collect and hold against loss, misuse, and unauthorised access, use, modification and disclosure.7
Receipt and storage
Applications and supporting documentation contain extensive amounts of personal information, such as education, referee, and contact details. Information concerning a person’s current employment and employment history is also their personal information. Access should be limited only to those involved in the process and applications must be stored securely and protected.
Distribution to panel members
Where the recruitment process is conducted wholly within the recruiting department, or the recruiting department retains control of material provided to people outside the department, distribution of applications among panel members will be part of the use for which the personal information was collected.
All panel members must store application material securely and not discuss it with anyone outside the panel. Application material must be returned to the panel chair or securely destroyed at the end of the recruitment process.8
Assessment and shortlisting
Only relevant personal information can be used in the recruitment process. What constitutes relevancy should be decided based on the requirements of the advertised position.
Interviews and selection
The fact that an individual has applied for a position is their personal information. If a panel member calls an applicant and they are not available, they need to limit what they say. No assumption should be made that the person answering the phone knows about the applicant's application, even when the person is a close family member or spouse.
Conducting the interview
Interviewers must be careful not to ask for personal information not relevant to the position being applied for, even during casual conversation with the applicant. It could result in the department collecting irrelevant personal information in breach of the privacy principles. Additionally, the applicant may feel compelled to answer even conversational questions or think their answers will impact the panel’s assessment.
As part of the application material, applicants are generally required to provide details of at least one referee. Applicants are required to obtain a referee’s agreement to being consulted in a selection process, so the panel’s subsequent contact of the referee will not inappropriately disclose that the applicant has applied for the position.9 However, this only applies to the applicant’s nominated referees. Disclosure of the information to anyone else could be a breach of the privacy principles.
If the panel is unable to contact the referee, or if the referee is not able to provide meaningful comment on the applicant’s skills and experiences, the panel cannot opt to contact someone else. They must contact the applicant and ask them to nominate another referee and obtain the new referee’s agreement to be a referee before giving their details to the panel.
Collection notices and referees
A referee report is the referee's opinion of the applicant, which is the referee’s personal information. This means the department must give them a collection notice,10 although it can be verbal.
The collection notice does not need to be complex or overly formal. However, it must include that the panel is obligated to disclose any adverse comments about the applicant to the applicant so that they can respond.11
In most cases, the panel members are not authorised officers or delegates with the authority to appoint the preferred applicant. They will generally be limited to preparing a statement on the shortlisted applicants, identifying the preferred applicant they recommend for appointment with reasons for their choice. The authorised officer or delegate will then review the recommendations and decide whether to approve the appointment.
The panel’s report should include only personal information about the applicants which is relevant to the decision to appoint an applicant to the position. What is considered relevant information will depend on the facts and circumstances of each matter.
While information about an applicant's love of the ballet is unlikely to be relevant to the position's requirements, the fact that the applicant chose to talk about ballet instead of responding to the panel's questions may be relevant to the panel concluding that the applicant did not address the core requirements of the position.
Offer and Gazette notification
When the successful applicant is offered the position they should be told that their appointment may be announced in the Government Gazette as required by the PS Act.
Because this disclosure is required by law it is not a breach of the privacy principles.
If the applicant was a public service officer in a department prior to being appointed, the PS Regulation requires that their employee record is transferred to their new department. Because this is required by law, it is not a breach of the privacy principles.
- 1The National Privacy Principles (NPPs) for Health agencies and the Information Privacy Principles (IPPs) for all other agencies.
- 2 Under section 21 of the Public Service Act 2008 (Qld) (PS Act) and section 4 and schedule 1, column 1 of the Public Service Regulation 2008 (Qld)(PS Regulation).
- 3 Section 12 of the IP Act. Refer to ‘What is personal information’ for further guidance.
- 4 The Minister responsible for administering the Industrial Relations Act 1999 (Qld).
- 5 See IPP 10(1)(d) and 11(1)(d) and NPP 2(1)(f).
- 6 As set out in IPP 2. Health agencies have additional obligations, set out in NPP 1. See All agencies - Obligations when collecting personal information for more information.
- 7 IPP 4 and NPP 4. See Health agencies - data security or Non-health agencies - Protection and security of personal information for more information.
- 8 Subject to any Public Records Act 2002 retention requirements.
- 9 The definition of disclosure in section 23 of the IP Act does not include information that is known by the person to whom the personal information is disclosed.
- 10 IPP 2 and NPP 1.
- 11 See paragraph 9.1 ‘Dealing with adverse information that may affect the selection outcome’ in PSC Recruitment and Selection Directive 12/20.
Current as at: May 17, 2021