Australian Privacy Principles and the Employee Records Exemption
In the case of ALI and ALJ (Privacy), the Australian Privacy Commissioner found that an employer breached Australian Privacy Principle (APP) 6.1, which governs the use or disclosure of personal information under the Privacy Act 1988 (Cth).
ALJ (the Respondent) employed ALI (the Complainant) who suffered a medical episode at work. The Complainant’s husband informed the Complainant’s manager that she was in a stable condition. The manager then emailed approximately 110 management employees, disclosing information regarding the medical episode and the full names of the Complainant and her husband. The Complainant resigned and lodged a complaint relating to APP 6, stating that the Respondent must not use or disclose personal information for a purpose other than the one for which it was collected, subject to certain exceptions.
The primary issue was whether ALJ had complied with its obligations under the Privacy Act and APPs. The Respondent claimed that sending the email fell within the Employee Records Exemption under s7B(3) of the Privacy Act because it directly related to a current employment relationship. Personal information held by an employer relating to current or former employees is exempt from the APPs if the information is directly related to the employment relationship.
The Commissioner found that the information was collected to ensure the Complainant’s welfare and meet work, health, and safety obligations. Therefore, the employer’s use of the information to update other staff was not the primary purpose for which it was collected. The email did not directly relate to the employer relationship and therefore, the Employee Records Exemption did not apply. The Respondent interfered with the Complainant’s privacy by breaching APP 6.1 and was ordered to pay $3,000 in non-economic loss.
Key Takeaway
This decision is an important reminder to all employers to ensure that employee privacy is maintained. Employers should obtain consent before disclosing personal or sensitive information about its employees to other staff. Alternatively, in order to receive protection under the Employee Records Exemption, the employer’s act or practice must directly relate to the employment relationship in question.
Get in touch to discuss your options with our team.