Review of employee records privacy legislation

News

Review of employee records privacy legislation

A discussion paper released in late February 2004 examines the current level of privacy protection for employee records in federal privacy legislation and workplace relations legislation.

WantToReadMore

Get unlimited access to all of our content.

A discussion paper released in late February 2004 examines the current level of privacy protection for employee records in federal privacy legislation and workplace relations legislation. 

It also examines some concerns raised about the privacy of employee records and suggests options for enhancing that privacy.

An edited version of the executive summary in the paper follows.

Background

Under Australian law an individual’s claims to privacy are balanced against a range of competing community and public interests.Privacy protection provided by legislation focuses on information privacy. Information privacy is also referred to as ‘data protection’ or ‘information protection’.

The Commonwealth Privacy Act 1988 specifies standards for the collection and handling of personal information. The Information Privacy Principles (IPPs) apply to Commonwealth agencies and the National Privacy Principles (NPPs) apply to the private sector. 

There are a number of exemptions under the private sector provisions of the Act including the employee records exemption. 

Current employee records exemption

The employee records exemption means that the standards for the collection and handling of personal information in the Act do not apply to employee records of private organisations. The exemption operates where:

  • the employer is acting in its capacity as the employer or former employer of the individual,

  • the act or practice of the employer relates directly to that employment relationship with the individual, and

  • the act or practice directly relates to an employee record. 

Not all personal information about an employee will be regarded as an employee record. Personal information that is not an employee record is protected by the Privacy Act. 

Sensitive personal information such as health information and genetic information is given greater protection under the Act when the information is handled by private organisations. This higher level of protection does not apply to employee records.

Commonwealth workplace relations legislation requires employers to keep records of certain employment matters. The legislation provides employees with rights to access and correct records but does not restrict disclosure or publication of those records. 

State workplace relations legislation also requires employers to keep records. Some State Acts prohibit unauthorised disclosure of that information. 

A higher level of privacy protection for employee records would assist in addressing concerns raised by Australia’s trading partners that employee records data being transferred to Australia be given appropriate protection. 

Options for reform

One option to increase the privacy protection of employee records could be to modify the scope of the exemption. For example, the exemption could be revised to exclude sensitive or other types of personal information.

Another option would be to amend the Privacy Act so that the exemption only applied to low risk privacy principles. For example, the exemption could be amended so that employee records were not exempt from, say, the principles relating to data quality (NPP 3), security and retention (NPP 4), openness (NPP 5), access (NPP 6), transborder data flows (NPP 9) and sensitive information (NPP 10). 

Enacting specific employee records privacy principles would also increase privacy protection. However, this could be confusing for organisations which may be required to comply with different privacy principles for different types of personal information. 

To address concerns raised about allowing authorised union representatives to access records of non-union members, the Workplace Relations Act could be amended to specify that access by union representatives is limited to members’ records.

Further amendments to the WR Act could be made so that one piece of legislation governed general record-keeping obligations and privacy requirements in relation to employee records. This would simplify employer obligations and clarify employees’ rights.

Another option would be to amend the WR Act to direct parties to consider, or compulsorily require, privacy provisions in certified agreements or Australian workplace agreements.

Comments sought

The review is being conducted by officers of the Attorney-General’s Department and the Department of Employment and Workplace Relations.This discussion paper forms the basis of the consultation on the review. 

The paper will be distributed to employer groups, employee groups, the Federal Privacy Commissioner and the State and Territories seeking comments and submissions on the issues and options discussed in the paper. Comments are sought by 16 April 2004

Following this consultation, the review will make its report to the Attorney-General and the Minister for Employment and Workplace Relations.

The full text of the paper can be accessed on the Attorney General's website.

Related

Detailed writings on privacy in the context of employment

 

 

 

Post details