Data Security Policy

Committed to protecting your information assets

1. Introduction

HireStream (“we”, “our”, “us”) is committed to protecting the confidentiality, integrity, and availability of all information entrusted to us. This Data Security Policy outlines the measures we take to safeguard personal information and business data in accordance with:

  • « Privacy Act 1988 (Cth)
  • « Australian Privacy Principles (APP 11 – Security of Personal Information)
  • « Notifiable Data Breaches (NDB) Scheme
  • « Industry best practices, including guidance from the Australian Cyber Security Centre (ACSC)

This policy applies to all HireStream employees, contractors, and authorised personnel.

2. Information Classification

HireStream classifies information into three categories:

2.1 Public Information

Information intended for public release. No special handling requirements apply.

2.2 Internal Information

Operational information used within HireStream. Access is restricted to authorised personnel.

2.3 Confidential Information

Includes personal information, client data, financial information, and sensitive business information. This information requires the highest level of protection and must be handled in accordance with this policy and the Privacy Act 1988.

3. Access Control

We apply strict access controls to ensure that only authorised personnel can access confidential information.

  • « Access is granted on a least‑privilege basis.
  • « Multi‑factor authentication (MFA) is required for all systems containing confidential information.
  • « Access rights are reviewed regularly and revoked immediately when no longer required.
  • « Passwords must meet strong‑complexity requirements and be updated regularly.

4. Data Storage and Encryption

HireStream uses secure, industry‑standard technologies to store and protect information.

4.1 Cloud Storage
  • « All data stored in cloud platforms (e.g., Microsoft 365, OneDrive, SharePoint) is encrypted in transit and at rest.
  • « Access to cloud systems is restricted and monitored.
4.2 Workstations and Devices
  • « All company devices are protected by encryption, password protection, and automatic lockout.
  • « Portable storage devices (e.g., USB drives) are prohibited unless explicitly approved by management.
  • « Devices are regularly updated with security patches.
4.3 Data Retention and Destruction
  • « Personal information is retained only for as long as necessary to fulfil business or legal requirements.
  • « When no longer required, data is securely destroyed or de‑identified in accordance with APP 11.

5. Remote Access and Work Practices

HireStream supports secure remote work arrangements.

  • « Remote access is permitted only through secure, encrypted connections.
  • « Employees must use approved devices and follow all security protocols.
  • « Confidential information must not be stored on personal devices.

6. Third‑Party Systems and Client Platforms

Where authorised, HireStream may access client systems such as CRMs, accounting platforms, or workflow tools. We ensure that:

  • « Access is limited to the scope of the services we provide.
  • « All actions comply with client agreements and Australian privacy requirements.
  • « No client data is transferred or stored outside approved systems without written consent.

7. Vendor and Contractor Security

Third‑party service providers engaged by HireStream must:

  • « Comply with the Privacy Act 1988 and APPs
  • « Maintain appropriate security controls
  • « Sign confidentiality agreements
  • « Undergo security assessment where relevant

We do not engage vendors who cannot meet our security standards.

8. Monitoring, Logging, and Auditing

HireStream monitors system activity to detect unauthorised access or suspicious behaviour.

  • « System logs are maintained and reviewed regularly.
  • « Security alerts are investigated promptly.
  • « Regular internal audits ensure compliance with this policy.

9. Incident Response and Data Breaches

HireStream maintains a formal incident response process.

In the event of a suspected or confirmed data breach:

  • 1. The incident is immediately assessed.
  • 2. Containment and remediation actions are taken.
  • 3. A risk assessment is conducted.
  • 4. If the breach is likely to cause serious harm, affected individuals and the Office of the Australian Information Commissioner (OAIC) are notified in accordance with the Notifiable Data Breaches (NDB) Scheme.

10. Employee Responsibilities

All HireStream personnel must:

  • « Follow this Data Security Policy
  • « Complete regular security awareness training
  • « Report any suspected security incidents immediately.
  • « Protect passwords and authentication credentials
  • « Ensure confidential information is handled appropriately

Failure to comply may result in disciplinary action.

11. Contact Us

If you have questions about this Data Security Policy or wish to report a potential security concern, please contact us by completing the Contact Us form on our website. Your enquiry will be directed to the appropriate team member, and we will respond within a reasonable timeframe.

12. Policy Review

This policy is reviewed regularly to ensure it remains current with:

  • « Australian legal requirements
  • « Industry best practices
  • « Technological changes
  • « Organisational needs

Updates will be published on our website.

Last updated: 31/07/2025

Success! Your message has been sent.