Victorian workplace privacy regulator: recommendation

News

Victorian workplace privacy regulator: recommendation

A Victorian workplace privacy regulator should be established to oversee breaches of drug and alcohol tests among other matters, a Victorian Law Reform Commission has recommended. In addition, drug and alcohol tests should be covered by mandatory codes of practice.

WantToReadMore

Get unlimited access to all of our content.

A Victorian workplace privacy regulator should be established to oversee breaches of drug and alcohol tests among other matters, a Victorian Law Reform Commission has recommended. In addition, drug and alcohol tests should be covered by mandatory codes of practice.

The report contains 65 recommendations which seek to introduce a regulatory scheme which will provide a framework for workplace privacy protection in Victoria.  

The Commission proposes a ‘light-touch’ regulatory system which should provide that an employer must not engage in acts or practices that unreasonably breach the privacy of prospective workers or workers engaged in work-related activities. 

The proposed regulator would oversee the operation of the legislation and investigate and resolve complaints about privacy breaches.

Legislation 

Under the proposed legislation, employers will unreasonably breach the privacy of a worker where an act or practice is performed or carried out: 

  • for a purpose not directly connected to the employer’s business;

  • in a manner that is not proportionate to the purpose for which the act or practice is undertaken;

  • without first taking reasonable steps to inform and consult with workers;

  • without providing adequate safeguards to ensure the act or practice is conducted appropriately, having regard to the obligation to not unreasonably breach workers’ privacy.

The legislation also proposes that an employer would not be required to seek an authorisation to monitor a worker’s email or internet use when the worker is using the employer’s communication system, wherever the worker is situated. 

Function of the regulator 

The main functions of the regulator would include: 

  • promote understanding of and compliance with the workplace privacy regime;

  • provide educational programs to promote understanding of the workplace privacy regime;

  • provide advice to any person or organisation on compliance with the legislation;

  • issue guidelines on the development of approved codes of practice prepared by employers;

  • receive complaints about an act or practice of an organisation that may contravene the workplace privacy legislation and investigate, conciliate and make rulings on complaints;

  • conduct an inquiry into acts or practices which affect workers’ privacy;

  • make public statements in relation to any matter affecting workplace privacy;

  • undertake research into and monitor developments affecting workplace privacy.

Mandatory code for drug and alcohol testing 

The Commission recommends that the regulator have the power to issue approved, advisory and mandatory codes of practice. 

The regulator will be required to produce mandatory codes to govern activities affecting workers which are particularly privacy invasive. These include covert surveillance of workers while they are working and taking bodily samples from workers or prospective workers to test for the presence of drugs and alcohol.  

So, if the company’s OHS program includes random alcohol and drug testing, it must comply with the relevant mandatory code of practice. 

Illegal activities 

The Commission recommends that an employer should be prohibited from using any device to observe, listen to, record or monitor the activities, conversations or movement in toilets, change rooms, lactation rooms, washrooms or in any other prescribed circumstances. 

An employer must not use acts or practices which affect workers’ privacy while they are working at home, unless authorised by the regulator. 

The Commission also recommends that victimisation of the employee for making a complaint to the privacy regulator will be prohibited - workers will be able to complain to the regulator about employer threats or retaliation. 

Stricter controls for genetic testing 

The Commission recommends that an employer must not conduct genetic testing of workers or prospective workers unless genetic testing is authorised by the regulator. 

The regulator may authorise an employer to undertake genetic testing of workers if the regulator is satisfied that: 

  • workers have consented to being genetically tested;

  • there is substantial evidence of a connection between the working environment/workplace hazard and the existence or predisposition to a condition which may be detected using genetic testing;

  • the condition or predisposition which may be detected has potential to seriously endanger the health and safety of the worker or a third party;

  • there are no other reasonable means by which the hazard, which genetic testing seeks to eliminate or reduce, can be eliminated or reduced;

  • there are no other reasonable means of detecting a condition;

  • the proposed genetic test is scientifically reliable;

  • the employer has put in place adequate safeguards to ensure tests are conducted appropriately;

  • the employer has taken appropriate steps to ensure any information obtained as a result of the test will be adequately protected from disclosure;

  • the employer has taken reasonable steps to inform and consult with workers about the conditions under which the genetic testing will be undertaken.

Non-compliance penalties 

The Commission proposes that civil penalties be imposed where employers:

  • perform an act which is prohibited;

  • fail to report to the regulator about action taken in response to ruling;

  • don’t seek an authorisation for an act or practice which affects the privacy of workers while they are engaged in non-work-related activities;

  • breach an authorisation for an act or practice that affects the privacy of workers while they are engaged in non-work-related activities;

  • don't seek authorisation or breach an authorisation for genetic testing.

The Commission released the report earlier this week, with accompanying draft legislation.

The publication of the report is the result of an investigation into the protection of people’s privacy while they are at work. It is the first stage of a two-part reference into privacy - the second stage will focus on surveillance in public places.

Workplace Privacy: Final Report

Related

EEO/Privacy webpage


 

Post details