How does Metro Trains Australia comply with Privacy Laws?

The protection of personal information in the private sector is required by the Privacy Act 1988 (Cth) and, where applicable, State and Territory privacy laws (collectively the “Privacy Laws“) and Metro Trains Australia (MTA) are bound to comply with these Privacy Laws as they apply to our business. All of our employees and officers are expected to comply with the Privacy Laws and our policies and procedures concerning the protection of personal information. 


MTA manages personal information for the purposes of the Rail Industry Worker Program (RIW Program). The RIW Program provides an online competency and safety management system for Australian rail workers. It is owned and endorsed by the Australasian Railway Association (ARA) and operated by MTA.


You can view the Privacy Policy at https://www.riw.net.au/privacy-policy/.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

How can a cardholder get their personal data in future?

Subject to certain exemptions provided for under the Privacy Laws, Rail Industry Workers have the right to access Personal Information MTA holds about them. MTA will also take reasonable steps to keep accurate and up to date Personal Information which we hold about Rail Industry Workers. If a Rail Industry Worker believes that the Personal Information that MTA holds about them is inaccurate, incomplete, out of date or no longer relevant, please notify MTA via the contact details below.


If you would like to seek access to Personal Information that MTA may have about you or update that information, then please contact the RIW Service Desk on 1300 101 682 or info@riw.net.au in the first instance, or write to Metro Trains Australia’s Privacy Officer via the details below:


Catherine Speers

Privacy Officer

Metro Trains Australia Pty. Ltd.

GPO Box 1880

Melbourne VIC 3001


For further information, please refer to the Privacy Policy at https://www.riw.net.au/privacy-policy/.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

How does Metro Trains Australia manage cyber security?

MTA strives to ensure the security, integrity and privacy of information we collect. MTA has established reasonable security measures to protect Personal Information from misuse, interference, loss, unauthorised access, modification or disclosure in contravention of MTA’s Privacy Policy for the RIW Program. MTA’s employees, contractors, agents and service providers who provide services related to our information systems, are obliged to respect the confidentiality of any Personal Information held by us. MTA reviews and updates their security measures in light of current technologies, working in an ISO 27001 Information Security Management System framework.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

What personal information does the RIW Program collect?

For the RIW Program, MTA may collect a workers name, gender, photo, date of birth, address, contact details, identification information (e.g. signatures, driver’s licence), health information (e.g. fitness for work assessments, medical records, and results of drug and alcohol tests), competency information (e.g. skills, credentials, registrations and qualifications), right to work details (e.g. visas and passports), work roles, site attendance timestamps, employment history, emergency contact and other personal information as required for the RIW Program.


Please refer to the Privacy Policy for more information about how your personal information is managed.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Why does the RIW Program collect and how does it use personal information?

MTA collects and uses Personal Information in order to manage and provide services in relation to the RIW Program.


MTA will only disclose Personal Information that we collect for the RIW Program to:


  • The Australasian Railway Association;
  • Rail Transport Operators and other organisations that wish to access and use the RIW Program;
  • MTA’s contractors, agents and advisors helping us to manage and provide services in relation to the RIW Program;
  • Authorised health practitioners;
  • Other entities as required or permitted by law.

Personal Information will only be disclosed to these entities to the extent that those entities are entitled to access that information under the RIW Program.


For more information about collection of personal information, please refer to the Privacy Policy.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Can Employers view a cardholders details after the cardholder has ended their employment?

No. A company has no visibility of a cardholders details once the cardholder elects to end their employment or association with them.


Only Primary, Secondary and Associated Employers have visibility of a cardholders profile.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

How does MTA ensure overseas Third Party Service Providers comply with Australian Privacy Law?

Metro Trains Australia (MTA) has taken steps to ensure that overseas Third Party Service Providers will comply in accordance with Australian Privacy Law.  MTA has enacted this by ensuring that MTA has contractual arrangements in place with these Service Providers that require them to comply with Australian Privacy Law.  If MTA’s Third Party Service Providers fail to adhere to contractual or privacy requirements, then MTA will exercise its rights under the contract depending on the circumstances of the case. Material and severe breaches may lead to termination.



Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

How is personal information stored in the RIW System?

No personal information on the RIW System is stored overseas.  It is all hosted on secure government approved servers located in Australia.

 

MTA only has one overseas Service Provider who has access to the RIW System to undertake Level 3 support and upgrades. 

 

This Service Provider is located in the UK and is therefore subject to the General Data Protection Regulation (GDPR), which imposes stringent privacy and security requirements on organisations who have exposure to personal information.

 

In addition, MTA has taken steps to ensure that this overseas Service Provider will comply in accordance with Australian Privacy Law in respect of the RIW System.  MTA has enacted this by ensuring that MTA has contractual arrangements in place that require the overseas service provider to comply with Australian Privacy Law.  If MTA’s service provider fail to adhere to contractual or privacy requirements, then MTA will exercise its rights under the contract depending on the circumstances of the case.  

 

Material and severe breaches may lead to termination of the Service Provider.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

What is the Permission Access Agreement (PAA)?

The Permission Access Agreement (PAA) serves a number of purposes, including informing Rail Industry Workers and other system users entering and accessing personal information into the system about:


  • the purposes of the RIW Program and why information is collected;
  • the types of information collected for the RIW Program;
  • the way personal information is stored, used, managed and deleted;
  • who may access the information and the circumstances they can do that under


The PAA provides assurance to RIW workers that their personal information is used, stored, handled and disclosed for the RIW Program in a controlled manner. Acceptance of the terms of the PAA ensures:


  • that users enter complete, accurate and up to date information into the system;
  • compliance with MTA’s Privacy Policy (which is accessible via the PAA) and other applicable employer policies;
  • responsible use of RIW cards


Metro Trains Australia (MTA), as the provider of RIW Program Services, is obligated to comply with all applicable laws, including data privacy and security requirements. All RIW participants must provide consent for MTA to store their data – this consent must be given by the cardholder in order to maintain their RIW card. If a cardholder does not accept the terms of the PAA, they will not be able to access or use the RIW system as their profile will be deleted.


Related articles


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

What are the system access rules for using the RIW System?

When logging into the RIW System the first time, users will be presented with the System Access Rules below, which must be acknowledged and understood before proceeding to use the RIW System.


The Rail Industry Worker (RIW) System is operated by Metro Trains Australia Pty Ltd (MTA).  Your access to the RIW System is subject to the following system access rules:

  • You must keep your access credentials (including your username and password) secret and not share those credentials with any other person.
  • You must only access and use information on the RIW System for properly authorised purposes as part of the RIW Program.  For rail operators and other organisations that are authorised participants in the RIW Program, this includes using information accessed on the RIW System for safety, workforce and worksite planning, procuring resources, training, and reporting purposes. For Authorised Health Professionals, this includes using information accessed on the RIW System for conducting health and fitness for work assessments.
  • You must keep all information you access on the RIW System strictly confidential and must not use that information for any purpose other than as set out above.
  • You must take reasonable steps to ensure that any information you enter onto the RIW System is accurate, up-to-date, complete and relevant and is not excessive or misleading.
  • You must promptly notify the RIW Service Desk on becoming aware of any error in the RIW System or any breach of these system access rules.
  • You must comply with any additional instruction or direction given by MTA or the RIW Service Desk in relation to your access to or use of the RIW System.
  • Where applicable to the activities you are carrying out on behalf of your employer, you must comply with the RIW Privacy Protocol (a copy of which is available at https://www.riw.net.au/riw-privacy-protocol)
  • For Authorised Health Professionals, you must comply with the National Standard for Health Assessment of Rail Safety Workers (a copy of which is available at https://www.ntc.gov.au/codes-and-guidelines/national-standard-health-assessment-rail-safety-workers).

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.