RIW Privacy Protocol
1About this Protocol
This Protocol is designed to set out the privacy requirements and standards applicable to use of the RIW Program and RIW card. These terms are defined below.
The purpose of the RIW Program is to:
(a) Establish a national mechanism to validate the competency of individuals to safely access and carry out works on railway and other sites;
(b) Prescribe a process for the issuance of RIW cards to individuals.
(c) Provide a mechanism for RIW Participants to access RIW card data in order to manage safety and site access issues in relation to sites they own or control.
All RIW Participants must comply with this Protocol, and must ensure their personnel comply.
In particular, RIW Participants must ensure their personnel with user access rights to RIW card information are aware of and understand and comply with this Protocol.
RIW Participants must ensure that any non-RIW Participants to whom they disclose RIW Information (including any third party that hosts that information) agrees to and complies with this Protocol.
The obligations in this Protocol continue to apply to a RIW Participant for as long as that RIW Participant holds RIW Information, even after the RIW Participant ceases to be a RIW Participant.
Authorised Health Professionals are required to comply with the System Access Rules which specifically includes compliance with the National Standard for Health Assessment of Rail Safety Workers. Registered Training Organisations are required to comply with the System Access Rules.
ARA means the Australasian Railway Association Incorporated ABN 64 217 302 489 of Suite 4, Level 4, Plaza Offices (East), Canberra Airport ACT 2609.
Associate means to use the RIW System to link a Rail Industry Worker to a RIW Participant.
Authorised Health Professional means a medical professional who is authorised to enter fitness for work assessments, medical records, and drug and alcohol testing results into the system.
Database Provider means the provider, as specified by the ARA from time to time, of the online database system through which the RIW information can be uploaded and verified.
Permission Access Agreement means the RIW Permission Access Agreement (PAA) approved by the Rail Industry Worker Governance Committee of the ARA.
Personal Information means information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or who is reasonably identifiable.
Privacy Laws, in respect of an RIW Participant, means the primary data privacy legislation applicable to the RIW Participant, or where no such legislation is applicable, the Australian Privacy Principles in the Privacy Act 1988 (Cth).
Rail Industry Worker means any individual who applies for or is issued a Rail Industry Worker card for the purpose of working on a Site.
RIW Card means a Rail Industry Worker identification token, which could be either a physical card or e-card which contains data linked with the RIW System for the purposes of identification and information checks.
RIW Information means Personal Information about a Rail Industry Worker, where that Personal Information is or has been held on the RIW System, excluding Personal Information obtained independently of its inclusion on the RIW System.
RIW Governance Committee:The Rail Industry Worker (RIW) Governance Committee is made up of representatives from rail operators and infrastructure organisations, as noted in the ARA’s records from time to time.
RIW Program means the online competency and safety management system for Australian rail workers. It is owned and endorsed by the Australasian Railway Association (ARA) and operated by the Database Provider.
RIW Participant means rail operators and other organisations that are authorised participants in the RIW Program.
RIW System means an online database system through which the RIW Information can be uploaded and verified, and which is also accessed by RIW Participants. The RIW System includes all relevant user interfaces, servers and any upgrades of the RIW System issued or made by the Database Provider from time to time.
Site means a site or location in Australia where a RIW Participant requires Rail Industry Workers to perform rail safety work.
System Access Rules means prescribed rules that Authorised Health Professionals and Registered Training Organisation acknowledge prior to using the RIW System, which can be viewed at https://www.riw.net.au/system-access-rules as amended from time to time.
Registered Training Operator means a provider of skills and competency training services who is registered to use the RIW System.
3Supplying Personal Information to the RIW System
On and from the date of this Protocol, RIW Participants must:
(a) Ensure that an individual employed by them who applies for a RIW card accepts the PAA prior to making an application;
(b) Only supply Personal Information about a Rail Industry Worker to the RIW System where the Rail Industry Worker has accepted the PAA, and
(c) Ensure that a record of each RIW cardholder who has accepted a PAA is captured within the RIW System.
RIW Participants that supply any Personal Information to the RIW System on behalf of an employee or RIW cardholder must take reasonable steps to ensure, taking into account the competency and safety management purpose of the RIW System, that the Personal Information:
(a) is accurate, up-to-date, complete and relevant; and
(b) is not excessive or misleading.
However, RIW Participants do not warrant that any RIW Information which they supplied to the RIW System is in fact accurate, up-to-date, complete or relevant.
3.3Prohibited information types
RIW Participants must not supply any of the following types of information about Rail Industry Workers to the RIW System:
(a) tax file number;
(b) credit card details;
(c) credit assessments;
(d) criminal record;
(e) ethnic or racial origin;
(f) political, religious or philosophical beliefs;
(g) trade union membership;
(h) sexual preferences or activities;
(i) general human resources records beyond the specific types of competency and safety information the RIW System is designed to record and share.
RIW Participants must not supply any Personal Information about individuals other than Rail Industry Workers to the RIW System, except for the name and contact details of a Rail Industry Worker’s emergency contact.
Opinions or assessments about personality character or performance are opinions and subjective, each RIW Participant must make their own assessment of the information.
4Using the RIW System
4.1Searching for a Rail Industry Worker
A RIW Participant must only search for a Rail Industry Worker on the RIW System or collect RIW Information when searching for prospective Rail Industry Workers to work onsite, if it has employed or engaged the Rail Industry Worker, or the Rail Industry Worker (including by his or her employer) has applied to work with the RIW Participant.
4.2Associating a Rail Industry Worker
A RIW Participant must only Associate a Rail Industry Worker with itself where:
(i) The Rail Industry Worker has accessed a RIW Participant’s work site; or
(ii) The RIW Participant asks the Rail Industry Worker (or their employer) to do so; or
(iii) it has employed or engaged the Rail Industry Worker;
(iv) the Rail Industry Worker has applied to work or has applied for a job role within the RIW System for an RIW Participant; or
(v) the Rail Industry Worker has undertaken training with a rail operator or one of their approved training providers.
5Handling RIW Information
Once a RIW Participant is satisfied that a Rail Industry Worker has accepted the PAA the RIW Participant may collect, use or disclose RIW Information about that Rail Industry Worker to the extent necessary for the purposes of:
(a) processing RIW card applications;
(b) safety, workforce and work site planning, procuring resources, training and reporting for the RIW Participant;
(c) competency and safety management;
(d) breach management
(e) managing any safety related regulatory claims, investigations or issues.
(f) enabling other entities that are used by RIW Participants to verify competencies for pre-qualification of suppliers and workforce management.
The RIW Participant may only otherwise collect, use or disclose the RIW Information where:
(g) required by law (including for investigations or prosecutions);
(h) the RIW Participant reasonably believes that use or disclosure is necessary to prevent or lessen a serious and imminent threat to a person’s life or health; or
(i) the Rail Industry Worker gives further clear consent to the RIW Participant.
If the RIW Participant is a Network Operator, the Network Operator may access information on the RIW System for the purpose of reviewing Rail Industry Workers who hold a rail corridor access job role for the Network Operator
RIW Participant must comply with Privacy Laws in respect of RIW Information.
RIW Participants should use reasonable endeavours to proactively update inaccurate RIW Information.
RIW Participants acknowledge that RIW Information is confidential information and RIW Participant must ensure they keep all RIW Information confidential at all times.
RIW Participant must use appropriate technical and organisational measures to protect RIW Information against misuse, interference and loss and against unauthorised access, use, modification or disclosure.
RIW Participants must not copy, remove, store, use or disclose RIW Information outside the RIW System except for a purpose referred to in clause 5.1 of this Protocol.
6.2Retention and destruction
RIW Participants must securely and immediately destroy any RIW Information held outside the RIW System that is no longer needed for a purpose permitted under this Protocol or any relevant legislation.
RIW Participants must ensure access to the RIW System is only available to their personnel on a limited and need-to-know basis, and that access is revoked when appropriate (e.g. when someone resigns or changes role).
RIW Participants must ensure that each of their personnel with access to the RIW System, follow good password practices, protect the security of their passwords and do not share their passwords with any other person.
RIW Participants must:
(a) implement practices, procedures, systems to ensure they and their personnel comply with this Protocol;
(b) at least annually, monitor and assess compliance with this Protocol in conjunction with the ARA;
(c) regularly monitor and assess privacy and security measures in place regarding the operation of the RIW System;
(d) report any concerns, errors, faults or issues resulting from the actions referred to in (b) and (c) above to the ARA as soon as possible (which will be treated confidentially by the ARA unless the matter affects other RIW Participants);
(e) take appropriate action (including revoking RIW System access) in the event of staff breaches of this Protocol.
(f) ensure that any of their service providers comply with this Protocol if they extract a report from the RIW System to provide to any of its service providers.
7.2Privacy policies and notices
On becoming aware of:
(a) a breach of this Protocol; and
(b) any loss, unauthorised use or unauthorised disclosure of RIW Information,
A RIW Participant must:
(c) promptly notify the ARA and the RIW Participant which supplied the RIW Information to the RIW System and any third party hosting that information; and
(d) provide all reasonable information, updates and assistance to assist the ARA and the RIW Participant which supplied the RIW Information to the RIW System in respect of investigating, assessing, reporting and remediating the incident.
In relation to RIW Information, a RIW Participant must provide reasonable co-operation and assistance in respect of any investigation or enquiry by any regulatory authority, whether at the request of the regulatory authority itself or another RIW Participant subject to the relevant Privacy Laws.
7.5Protocol Review and Amendment
The RIW Governance Committee will review the terms of this Protocol annually and as the need arises. In the event that a change to the Protocol is proposed by the RIW Governance Committee, the Database Provider will notify all RIW Participants 30 days ahead of the change taking place.
Updated 1 April 2021