Security and privacy on your Career Passport

Your Career Passport holds sensitive information: identity details, screening outcomes, qualifications and training records. That information helps you move between care jobs without re-proving yourself each time. It also has to be protected. This guide explains how credential data is secured, how sharing works, and how Koora's approach lines up with Australian privacy law. Koora is pre-launch, so this describes the product's design and intent rather than a track record.

For the bigger picture of what the record is and why it exists, start with what is a Career Passport.

You hold your own record

The core idea of a Career Passport is that the worker holds the record, not the employer. Your credentials are not locked inside one provider's filing cabinet or HR system. They live with you and travel with you between roles.

That ownership has practical consequences:

• You can see everything held about you in one place.
• You decide who gets to view your compliance status.
• When you leave a provider, your record does not stay behind with them.
• You can take the same reviewed credentials to your next role without starting again.

This matters because care workers often work across multiple care providers or move between agency and direct employment. The record following you is the point.

How the data is protected

Protecting personal information is not optional under Australian law. Australian Privacy Principle 11 requires entities that hold personal information to take reasonable steps to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. The Office of the Australian Information Commissioner (OAIC) describes these as a mix of technical and organisational measures: APP 11 security of personal information.

Koora's approach follows that model:

• Encryption. Data is encrypted in transit and at rest, so information moving between your device and Koora, and information stored at rest, is protected.
• Access controls. Access to records is restricted by role. A provider granted access sees only what you have shared, and internal access is limited to what is needed to operate the platform.
• Authentication. Sign-in is protected so that only you can act on your own record.
• Data minimisation and retention. APP 11 also expects information to be destroyed or de-identified once it is no longer needed, unless it must be kept by law. The aim is to hold what is necessary and no more.

Consent: you decide who sees what

A Career Passport is private by default. Nothing is published, and no provider sees your compliance until you grant access.

When a provider wants to confirm you meet their requirements, they request passport access. You choose whether to grant it. Once granted:

• The provider sees a current-state compliance view: where your screening, qualifications and training stand when the report runs. It is not a reconstructed history of past states.
• You can see who currently has access to your Career Passport.
• You can revoke a provider's access when a role ends or when you no longer want them to see your status.

This consent model is also why it helps to understand your rights when a provider asks for documents. A provider can ask to confirm your compliance, but you control the grant, and you should only be asked for what is genuinely relevant to the role.

It is worth being clear about what Koora does and does not do here. Koora pre-clears: it reviews and, where an authoritative source exists, verifies credentials, then surfaces a compliance status. The provider keeps the legal duty to sight evidence and make the engagement decision. The Career Passport speeds that up; it does not remove the provider's obligation.

What "reviewed" and "verified" mean

Trusting a compliance status means knowing how it was reached. Koora uses two different words on purpose:

• Verified at source means the credential was checked against an authoritative register. Examples include the AHPRA register for registered health practitioners, and state working with children check portals. Source verification reflects what the register said at the time of the check.
• Reviewed means a Koora team member assessed the document itself. Police checks, qualifications, training certificates and NDIS Worker Screening Clearances are reviewed. Source verification for NDIS clearances is on Koora's roadmap, not live today.

Keeping these terms distinct is part of being honest about what the record actually proves. A reviewed police certificate is not the same as a register match, and the Career Passport says which it is.

Alignment with the Privacy Act

The Privacy Act 1988 and its 13 Australian Privacy Principles set the framework Koora's privacy approach is built around. The principles that matter most for a credential record include:

• Open handling (APP 1). Personal information is handled in line with a published privacy policy. Koora's privacy policy on the site sets out the current detail.
• Use and disclosure (APP 6). Information is used for the purpose it was collected for: confirming care-sector compliance. It is not repurposed without a basis to do so.
• Security (APP 11). Reasonable technical and organisational steps protect the information, as described above.
• Access (APP 12). You can ask for access to the personal information held about you. Because you hold your own Career Passport, much of this is visible to you directly.
• Correction (APP 13). APP 13 requires reasonable steps to correct information so it stays accurate, up to date and not misleading. If a detail is wrong, it can be corrected.

If something goes wrong, the Notifiable Data Breaches scheme applies to organisations covered by the Privacy Act. Where a data breach is likely to result in serious harm, affected individuals and the OAIC must be notified, along with recommended steps to take. Koora builds its incident handling around that obligation.

Sharing data with other systems

Some providers will want compliance data to flow into their existing tools. Koora's current model for this is API and webhooks, with direct integrations built on demand. There are no live native connectors or vendor partnerships to claim. Any data flowing out through an integration still follows the same consent and access rules: it moves because someone with the right access made it move, not by default.

Feedback and references are future, not live

Care workers often ask whether providers can leave reviews or feedback on a Career Passport. The intent is to support portable, verified feedback and references over time, so a worker's track record travels with them the way their credentials do. This is roadmap, not a current feature. When it does arrive, it will sit under the same principle as everything else: you hold the record, and sharing happens with your consent.

How Koora ties this together

Security and privacy on a Career Passport come down to a few commitments: encrypt the data, restrict access by role, put the worker in control of who sees what, and build around the Australian Privacy Principles rather than around any single employer's convenience. Koora pre-clears credentials so providers can move faster, while the provider keeps the legal duty to sight evidence and decide. The status is current-state, the terms "reviewed" and "verified" mean specific things, and the record is yours to carry between roles.