Below you will find a range of training, instructional and support information for using the RIW System. You can browse the various categories, or type keywords into the search box. If you are new to RIW, please view the Getting Started category.
Knowledge Centre Search
How does Metro Trains Australia comply with Privacy Laws?
The protection of personal information in the private sector is required by the Privacy Act 1988 (Cth) and, where applicable, State and Territory privacy laws (collectively the “Privacy Laws“) and Metro Trains Australia (MTA) are bound to comply with these Privacy Laws as they apply to our business. All of our employees and officers are expected to comply with the Privacy Laws and our policies and procedures concerning the protection of personal information.
MTA manages personal information for the purposes of the Rail Industry Worker Program (RIW Program). The RIW Program provides an online competency and safety management system for Australian rail workers. It is owned and endorsed by the Australasian Railway Association (ARA) and operated by MTA.
How can a cardholder get their personal data in future?
Subject to certain exemptions provided for under the Privacy Laws, Rail Industry Workers have the right to access Personal Information MTA holds about them. MTA will also take reasonable steps to keep accurate and up to date Personal Information which we hold about Rail Industry Workers. If a Rail Industry Worker believes that the Personal Information that MTA holds about them is inaccurate, incomplete, out of date or no longer relevant, please notify MTA via the contact details below.
If you would like to seek access to Personal Information that MTA may have about you or update that information, then please contact the RIW Service Desk on 1300 101 682 or firstname.lastname@example.org in the first instance, or write to Metro Trains Australia’s Privacy Officer via the details below:
Metro Trains Australia Pty. Ltd.
GPO Box 1880
Melbourne VIC 3001
How does Metro Trains Australia manage cyber security?
What personal information does the RIW Program collect?
For the RIW Program, MTA may collect a workers name, gender, photo, date of birth, address, contact details, identification information (e.g. signatures, driver’s licence), health information (e.g. fitness for work assessments, medical records, and results of drug and alcohol tests), competency information (e.g. skills, credentials, registrations and qualifications), right to work details (e.g. visas and passports), work roles, site attendance timestamps, employment history, emergency contact and other personal information as required for the RIW Program.
Why does the RIW Program collect and how does it use personal information?
MTA collects and uses Personal Information in order to manage and provide services in relation to the RIW Program.
MTA will only disclose Personal Information that we collect for the RIW Program to:
- The Australasian Railway Association;
- Rail Transport Operators and other organisations that wish to access and use the RIW Program;
- MTA’s contractors, agents and advisors helping us to manage and provide services in relation to the RIW Program;
- Authorised health practitioners;
- Other entities as required or permitted by law.
Personal Information will only be disclosed to these entities to the extent that those entities are entitled to access that information under the RIW Program.
Can Employers view a cardholders details after the cardholder has ended their employment?
No. A company has no visibility of a cardholders details once the cardholder elects to end their employment or association with them.
Only Primary, Secondary and Associated Employers have visibility of a cardholders profile.
How does MTA ensure overseas Third Party Service Providers comply with Australian Privacy Law?
Metro Trains Australia (MTA) has taken steps to ensure that overseas Third Party Service Providers will comply in accordance with Australian Privacy Law. MTA has enacted this by ensuring that MTA has contractual arrangements in place with these Service Providers that require them to comply with Australian Privacy Law. If MTA’s Third Party Service Providers fail to adhere to contractual or privacy requirements, then MTA will exercise its rights under the contract depending on the circumstances of the case. Material and severe breaches may lead to termination.
How is personal information stored in the RIW System?
No personal information on the RIW System is stored overseas. It is all hosted on secure government approved servers located in Australia.
MTA only has one overseas Service Provider who has access to the RIW System to undertake Level 3 support and upgrades.
This Service Provider is located in the UK and is therefore subject to the General Data Protection Regulation (GDPR), which imposes stringent privacy and security requirements on organisations who have exposure to personal information.
In addition, MTA has taken steps to ensure that this overseas Service Provider will comply in accordance with Australian Privacy Law in respect of the RIW System. MTA has enacted this by ensuring that MTA has contractual arrangements in place that require the overseas service provider to comply with Australian Privacy Law. If MTA’s service provider fail to adhere to contractual or privacy requirements, then MTA will exercise its rights under the contract depending on the circumstances of the case.
Material and severe breaches may lead to termination of the Service Provider.
What is the Permission Access Agreement (PAA)?
The Permission Access Agreement (PAA) serves a number of purposes, including informing Rail Industry Workers and other system users entering and accessing personal information into the system about:
- the purposes of the RIW Program and why information is collected;
- the types of information collected for the RIW Program;
- the way personal information is stored, used, managed and deleted;
- who may access the information and the circumstances they can do that under
The PAA provides assurance to RIW workers that their personal information is used, stored, handled and disclosed for the RIW Program in a controlled manner. Acceptance of the terms of the PAA ensures:
- that users enter complete, accurate and up to date information into the system;
- responsible use of RIW cards
Metro Trains Australia (MTA), as the provider of RIW Program Services, is obligated to comply with all applicable laws, including data privacy and security requirements. All RIW participants must provide consent for MTA to store their data – this consent must be given by the cardholder in order to maintain their RIW card. If a cardholder does not accept the terms of the PAA, they will not be able to access or use the RIW system as their profile will be deleted.
RIW Knowledge Centre Article Link:
What are the system access rules for using the RIW System?
When logging into the RIW System the first time, users will be presented with the System Access Rules below, which must be acknowledged and understood before proceeding to use the RIW System.
The Rail Industry Worker (RIW) System is operated by Metro Trains Australia Pty Ltd (MTA). Your access to the RIW System is subject to the following system access rules:
RIW Knowledge Centre Article Link: