The Australia Privacy Principles (APPs) under the Privacy Act 1988 (the “Act”) came into effect from 12 March 2014.
The Act differentiates between public versus private sector employees as to how their of personnel records are maintained by their employer.
The handling of personal information by a private sector employer has an “employee record exemption” under the Act.
This means that private sector employers are exempt from complying with the Act when their “acts or practices” directly relate to records about current or former employees.
This means that private sector employers are not required to comply with the APPs when:
- managing employee records; and
- giving current and former employees access to those records.
Personal information that could form part an employee’s record includes their:
- engagement, training, disciplining, resignation or termination;
- terms and conditions of their employment;
- personal and emergency contact details;
- performance or conduct;
- hours of employment;
- salary or wages;professional or trade union membership;
- leave taken; and
- taxation, banking or superannuation affairs.
The “touchstone” is that the information is gathered during, relates to and is necessary for the employment relationship.
Despite the exemption, employee records must always be dealt with in the utmost confidence. Mishandling this information can severely damage an employer’s reputation and their relationship with a current or former employee and give rise to enforceable rights.
To comply with the APPs, personal information collected from a prospective employee should be destroyed or at the least “de-identified” once the purpose for collection has been met. Different rules may also apply to unsolicited job applications. Employers risk hefty penalties of $340,000 to $1.7 million if they fail to comply with the Act. The message is, once a CV is received from a job applicant, considered and rejected, the CV has to be destroyed.
However, employers need also to protect themselves against adverse action claims brought by prospective employees, which can be up to 6 years after the event in question. In other words, the unsuccessful job applicant may have rights that may be exercised some time after being turned down for a position.
The Fair Work Act 2009 states that “adverse action” may be taken by a prospective employer against a prospective employee if the employer:
- refuses to employ the prospective employee; or
- discriminates against the prospective employee in the terms or conditions on which the prospective employer offers to employ the prospective employee.
The paradox is, if you’ve destroyed the CV and the interview notes- where might you stand?