With everything and everyone moving online, going paperless and adopting flexible work practices, it’s no wonder employers are collecting more and more personal information, including sensitive personal information, from their employees.
At present, an organisation acting in its capacity as the employer (or former employer) of an individual in relation to acts or practices directly related to the employment relationship is exempt from complying with the Privacy Act 1988 (Cth) (the Act). The exemption covers any record of personal information relating to the employment of an employee, including the terms of conditions of employment and the engagement of the employee.
This exemption is likely to change in the near future. The privacy act review report released by the Attorney General’s department on 16 February 2023 (Report) recently concluded there should be greater transparency around employers’ collection and use of employee personal information.
The Report did not specify how the exemption would be changed to achieve such transparency and improve privacy protections for employees. That said, there are three options on the table for the employee record exemption:
We are likely to see greater protection of employee personal information from misuse and limitations on retention of that personal information, regardless of the approach taken.
It is not yet clear whether employers will need to update their policies to require consent from employees to collect personal information. The Report acknowledges that it would be impracticable to obtain an employee’s consent each and every time personal information is requested (regardless of the information being collected) to comply with Australian Privacy Principles (APPs) 3 and 5. It is likely that consent will only be required for certain sensitive information, at the beginning of the relationship or as a result of a change in role within the employer’s organisation.
Similarly, it is unclear whether employees will have a right to access and correct the personal information held by their employer under APPs 12 and 13. This is unlikely to extend to some types of information employers keep about their employees, such as performance reviews.
Employers should still prepare for the removal or modification of the employee record exemption. Some things employers can do now include:
If you found this insight article useful and you would like to subscribe to Gadens’ updates, click here.
Dudley Kneller, Partner
Clare Cullen, Associate
 Privacy Act 1988 (Cth) s 7B(3).
 Australian Government, Attorney General’s Department (16 February 2022) Privacy Act Review Report, proposal 7.1(a) <https://www.ag.gov.au/sites/default/files/2023-02/privacy-act-review-report_0.pdf>.