24 May 2016

The privacy trap: Privacy obligations owed to employees

When handling personal information about employees, private sector employers haven’t had to concern themselves too much with obligations imposed by the Privacy Act 1988 (Cth) (Privacy Act) because of the application of the ‘employee records exemption’.

However, as employers’ appetites (and abilities) to monitor employees in (and out of) the workplace increases, so too do the legal implications.

What is the employee records exemption?

The ‘employee records exemption’ exempts private sector employers from having to comply with the Privacy Act when handling an employee’s personal information for a purpose directly related to the employment relationship.

However, if a private sector employer handles personal information for a purpose that is not directly related to the employment relationship, the exemption will not apply and the Privacy Act will.

When does the Privacy Act apply, because the exemption won’t?

Employers can attract obligations under the Privacy Act in all sorts of ways (eg. providing employees with additional perks or benefits, such as gym memberships, health services or insurances, the provision of which requires or results in the handling of (non-work related) personal information).

Alternatively, and increasingly, employers are monitoring employees in ways that extend beyond the workplace. Whether through GPS tracking, computer monitoring, video surveillance, call recording, health checks or drug and alcohol testing, most employee monitoring has scope to capture employees’ personal activities.

For example, tracking an employer-provided vehicle (and therefore the employee using the vehicle) during an employee’s work hours is directly related to the employment relationship and exempt from the Privacy Act. However, tracking the whereabouts of the vehicle (and employee) in the employee’s personal time is likely to result in the collection of personal information not directly related to the employee’s employment. The Privacy Act, and its compliance obligations, will therefore apply.

Employee monitoring: it’s not just a matter of privacy!

But it’s not only privacy laws that employers need to consider. Depending on the type of monitoring, and the personal information collected as a result, employers must also comply with applicable workplace surveillance legislation, general surveillance legislation, and/or health records legislation. Each type of legislation will set up specific employer compliance obligations.

What should employers be doing?

Employers will be well placed to demonstrate legal compliance if they have implemented, and communicated to employees, policies on:

  • the reasons for, and methods of, collection of employee information; and
  • the processes in place to manage, control and protect the information collected.


Melinda Woledge

Marketing & Communications Manager

You might be also interested in...

Thinking | Thu 03 2007

Corporate and Financial Services Reform Update March 2007

The first tranche of draft regulations was released for public consultation on 26 March 2007 as part of the Corporations and Financial Services Regulation Review process. Some key issues dealt with in the first round of draft regulations are set out below: Keeping Financial Services Guides and Product Disclosure Statements up to date Where there […]

Thinking | Mon 05 2007

Compensation Arrangements for Financial Services Providers

Yesterday the Parliamentary Secretary to the Treasurer (Chris Pearce), announced that regulations to complement section 912B of the Corporations Act 2001 (the Act) are expected to be made by 1 July 2007. The Act requires financial services licensees that provide financial services to retail clients to have in place appropriate compensation arrangements. The arrangements must either be approved […]