As an employer, you should be aware that you owe your employees obligations in relation to any personal information they have disclosed to you.
Information about an employee collected by an employer is considered personal information under the Privacy Act 1988 (Cth) (Privacy Act).
What is defined as “personal information”?
The Privacy Act defines personal information as:
“Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in material form or not.”
Personal information of an employee that has been disclosed to or collected by an employer may be subject to the Australian Privacy Principles (APPs).
APPs are contained in the Privacy Act and establish standards for the way in which an employee’s personal information is to be dealt with.
If you are an employer who is not required to strictly comply with APPs, it is best practice to have a privacy policy regardless. This gives confidence to customers and the public that your business respects and takes people’s confidential personal information seriously.
We also recommend you seek legal advice to help develop an internal Information and Privacy Policy which includes a plan on how employees’ personal information will be treated, the type of information an employer may collect, and the manner in which this can be used or disclosed.
How am I required to deal with my employees’ personal information?
Employers are only allowed to keep personal information about their employees directly in relation to their employment.
This information includes:
- Employees’ personal and emergency contact details
- Information about terms and conditions of an employee’s employment, wage or salary details, leave balances and records of work hours
- Employees’ records of engagement, resignation or termination of employment
- Information about an employee’s training, performance and conduct
- Taxation, banking or superannuation details of an employee
- Any union, professional or trade association membership information
These provisions also apply to personal information about unsuccessful job candidates, which may include an applicant’s resume, contact details, references and academic transcripts.
When can I disclose my employees’ personal information?
An employer can legally disclose employees’ personal records to third parties in some situations, for example, to the Australian Taxation Office, Centrelink, Fair Work Inspectors and Union Officials.
Employees are also entitled to access to their own private records. If an employee requests to view their own employment record, the employer must make a legible copy available for their employee to inspect.
The copy of the employment record must be made available at the workplace within 3 business days or posted to the employee within 14 days after receiving the request.
If an employee record is not kept at your workplace, the employer must make a copy available to their employee or post it to them as soon as practicable.
Conclusion
It is clear from the above discussion that an employees’ personal information must be collected, managed, used and disclosed in accordance with legislative requirements and any privacy codes within a workplace.
This information is for general purposes only. If you are unsure about any of the above requirements, we recommend you seek advice from an experienced lawyer.
If you or someone you know wants more information or needs help or advice, please contact us on 1300 421 599 or email [email protected].