Your rights when a provider asks for your documents

Starting a care role usually means handing over a stack of personal documents: a police certificate or worker screening clearance, qualifications, first aid certificates, proof of identity and your right to work. It is fair to wonder what a provider can reasonably ask for, why, and what happens to your information after you send it. This guide explains the balance between a provider's compliance duties and your privacy rights, and where your Career Passport fits in.

Why providers ask for so much

Care providers do not collect documents to make your life difficult. They collect them because the law requires it before you can support vulnerable people. The exact rules depend on the sector you work in, but the pattern is consistent: a provider has to confirm you are screened, qualified and entitled to work before you start, and keep evidence of that on file.

• Aged Care: From 1 November 2025, Aged Care worker screening generally requires either a National Police Certificate issued within the last 3 years, or an NDIS Worker Screening Clearance. Those are the two accepted options. See the Aged Care worker screening requirements guide for the detail.
• Disability and NDIS: Risk-assessed roles need an NDIS Worker Screening Check. That check already includes a national police history component, so a provider should not need a separate police check on top of it.
• Childcare: A valid Working With Children Check is required in every state and territory. Police history is built into the WWCC process, so again a standalone police check is not a separate requirement.

On top of screening, a provider may reasonably ask for qualification certificates, current first aid and CPR, mandatory training records, and proof of your right to work in Australia. These map closely to the documents you need to start working in care.

What "reasonable" means under the Privacy Act

Most providers are bound by the Privacy Act 1988 and its Australian Privacy Principles, overseen by the Office of the Australian Information Commissioner (OAIC). A few principles shape what a provider can ask for and how it must treat your information.

• Collect only what is needed (APP 3). An organisation must collect personal information by lawful and fair means and only where it is reasonably necessary for its functions. Asking for a clearance you genuinely need is fine. Asking for unrelated personal details is harder to justify.
• Tell you why (APP 5). At or around the time it collects your information, a provider should notify you of matters such as why it is collecting the information and how it will be handled. This is usually set out in a privacy policy or collection notice.
• Keep it secure (APP 11). A provider must take reasonable steps to protect your information from misuse, loss and unauthorised access, and to destroy or de-identify it when it is no longer needed.

You are entitled to ask any provider how it handles your documents: where they are stored, who can see them, how long they are kept, and how they are protected. A provider that takes privacy seriously will be able to answer.

The employee records nuance

One detail worth knowing: once you are employed, records a private sector employer holds that are directly related to your current or former employment relationship may fall under the employee records exemption. That means some of the APPs may not apply to those specific records in the same way. The exemption does not cover information collected about prospective workers who are never engaged, so the rules around collecting your documents during recruitment still bite. The practical takeaway is the same either way: a good provider should still be transparent and secure, regardless of which rules technically apply.

Consent and giving documents

In reality, screening and compliance obligations mean you cannot work in a regulated care role without providing the required checks. So while you technically choose to share your documents, declining usually means you cannot take the role. That is not a provider overreaching; it is the law setting a baseline before you support vulnerable people.

What consent does protect is the scope. You are agreeing to share information for screening and compliance, not for any purpose a provider invents later. If a provider wants to use your documents for something unrelated, that is a separate question and you can ask about it.

A few practical things you can always do:

• Ask which specific obligation each document relates to.
• Ask to see the provider's privacy policy or collection notice.
• Ask how long records are retained and how they are stored.
• Keep your own copies, with current expiry dates, so you are never caught out.

For a closer look at protecting your information, see security and privacy on your Career Passport.

You hold your own credentials

The traditional model puts every provider in the position of separately collecting, copying and storing your documents. That is duplicated effort for them and scattered copies of your personal information across multiple organisations. A Career Passport flips this. You hold a single, portable set of reviewed credentials, and you decide which provider can see them and when.

Holding your own Career Passport does not remove a provider's legal duties. The provider still has to sight evidence and make the final decision about whether you can work. What changes is the friction. Instead of re-collecting the same documents at every new job, you share access once, and the provider reviews what is already in order. If you work across multiple care providers, this matters even more, because your checks travel with you rather than being re-gathered each time.

Where Koora fits

Koora is building a Career Passport so care workers can hold their reviewed credentials in one place and choose who sees them. Documents are reviewed against the relevant requirements, and where an authoritative source exists, such as a state WWCC portal or the AHPRA register, status can be verified at source rather than taken on trust. Screening clearances and qualifications are reviewed, with source verification of more credential types on the roadmap.

The point is to put you in control of your own information while still giving providers the assurance they are legally required to have. Koora pre-clears; your provider keeps the duty to sight evidence and decide. That keeps the rigour where it belongs and spares you from handing the same stack of documents to every employer who asks.