In an age where the management of data is largely electronic,
employers have a much greater opportunity to collect and retain
vast amounts of information, much more than ever before. This
information is useful to have on file - but what are the risks?
With the new Australian Privacy Principles (APPs) to take effect
from 12 March 2014, it is a timely reminder that Australian
employers must observe strict requirements of handling employee
The risks an employer faces range from costly penalties of up to
$1.7 million for the Company and $340,000 for individuals,
unforeseeable investigations under the Privacy Commissioner's
new "own motion" investigative powers and reputational
Now, more than ever, employers should implement or update
privacy policies and procedures to offer themselves greater
'I have a policy and, besides, employers have the
employee records exemption!'
We hear this phrase a lot, and blindly relying on either,
without considering their application to the specific
circumstances, is extremely dangerous.
The employee records exemption only applies to personal
information collected and used as part of the employment
relationship (current or former), or contained in an 'employee
The hidden risk here is that individuals like contractors and
job candidates are not covered by the exemptions.
Many employers hold, use and even disclose personal information
of individuals who are not exempt, placing them at risk.
Another critical but frequently overlooked risk is where a
member of a corporate group collects personal information of a
subsidiary's employee assuming the employee record exemption
applies. Only the legal employer has the benefit of the exemption.
Therefore, the notification requirements and other privacy
obligations of the APPs will need to be considered before any such
Having policies and procedures is a good start, but they will
only be as useful as they are up to date.
Our top privacy tips for employers collecting non-exempt
Collecting personal information from job
new APPs, and it should accurately deal with:
the types of information collected,
the uses to for the information (i.e. during the job
application process and afterwards), and
how individuals are notified of collection.
If an employer collects sensitive information, like
pre-employment health checks, it will be important to obtain
consent and to have a legitimate business use/purpose for the
If the purpose for which the employer has collected information
is complete, the information should ordinarily be destroyed or
But what about defending an adverse action or discrimination
These types of claims can be pursued by individuals who are not
covered by the exemption, like job candidates.
Information that is collected or created, such as notes relating
to a candidate's suitability against the selection criteria,
could prove to be crucial evidence in defending a claim. In certain
circumstances this information may be exempt from destruction, but
only if is collected and managed in accordance with a bespoke
Employees who handle employee related information should be
prepared for the APPs. Mishandling information now has even greater
consequences. Conducting privacy training sessions that
specifically cover non-exempt employee information is one of the
best ways to instil best practice in your workplace.
There are many
misconceptions about privacy and data protection laws, so it is
important that your workplace is prepared for the new changes. The
Privacy Commissioner will want to test out its new 'own
motion' investigative powers in the coming months, and you run
the risk of your workplace may not complying if you are not
This publication is intended as a general overview and
discussion of the subjects dealt with. It is not intended to be,
and should not used as, a substitute for taking legal advice in any
specific situation. DLA Piper Australia will accept no
responsibility for any actions taken or not taken on the basis of
DLA Piper Australia is part of DLA Piper, a global law firm,
operating through various separate and distinct legal entities. For
further information, please refer to www.dlapiper.com
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The legal rights and wrongs of taking photos can be confusing, so what does the law say about photos in a public place?
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).