As part of our ongoing commitment to data security and privacy, and adherence to the Australian Privacy Principles (Privacy Act 1988), we recently deployed some changes to Personal Identifiable Information (PII) retention duration.

The Privacy Act 1988 requires an organisation to not retain PII data for any longer than is reasonably required to complete the process that it is needed for. With that in mind, we are minimising retention where possible.

CheckWorkRights continue to provide an industry best practice solution for right to work declaration, evidence collection, and verification. In response to the very public data breaches of the past two years, we have recently conducted a review and overhaul of our application architecture, data security processes and testing, as well as customer workflow in relation to PII.

Each document type collected and stored within the CWR application has a designation that determines retention timeframe.

We minimise the duration that any document containing PII is retained within the CheckWorkRights application, whilst completing the requirement of identity / document verification and ongoing checks.

The deletion schedule deals with three components: file deletion, metadata retention, and obfuscation.

- We delete the image of a document as soon as possible.
- We retain metadata from a document when required.
- We obfuscate metadata* to retain a record of an action occurring (following move to historical status).

*Metadata (e.g. Passport details: Name, Passport number, DOB, etc)

You will notice documents are removed from the application following verification being completed.

We recommend all customers to use the provided document verification process within CheckWorkRights. This process ensures that the identity of the individual working for you is confirmed (by one of your team, who actually sights the individual) as being of likeness to the documentary evidence provided for their right to work check.

We maintain a visible status / record of who in your organisation has verified document/s, and when that verification occurred. Click here to learn more about document verification.

In event that a document has not been verified, then it will be retained for a defined (varies by document type), but longer than normal timeframe. After this the document is deleted. In event that you require the document for verification in the future, it will need to be collected again.

Following document deletion or metadata obfuscation in the CheckWorkRights application, the document is no longer able to be recovered.
​

In event that you require the document again. The individual will need to be requested to provide it again.

Where we display documents in CheckWorkRights, we display a notification indicating when a document will be removed based on the document type, and current status of that employee.

After we have removed a document, we display a status indicating that deletion has occurred in place of where you ordinarily view the document.

Specific detail of our file deletion policy can be provided to account managers / owners only. Please reach out to the CWR team should you have any questions.