As featured in the June edition of the Bendigo Enterprise Magazine.
The Australia Privacy Principles (APPs) under the Privacy Act 1988 (the “Act”) came into effect from 12 March 2014.
The Act differentiates between public versus private sector employees as to how their of personnel records are maintained by their employer.
The handling of personal information by a private sector employer has an “employee record exemption” under the Act.
This means that private sector employers are exempt from complying with the Act when their “acts or practices” directly relate to records about current or former employees.
This means that private sector employers are not required to comply with the APPs when:
- managing employee records; and
- giving current and former employees access to those records.
Personal information that could form part an employee’s record includes their:
- health;
- engagement, training, disciplining, resignation or termination;
- terms and conditions of their employment;
- personal and emergency contact details;
- performance or conduct;
- hours of employment;
- salary or wages;professional or trade union membership;
- leave taken; and
- taxation, banking or superannuation affairs.
The “touchstone” is that the information is gathered during, relates to and is necessary for the employment relationship.
Despite the exemption, employee records must always be dealt with in the utmost confidence. Mishandling this information can severely damage an employer’s reputation and their relationship with a current or former employee and give rise to enforceable rights.
Private sector employers need to be aware that the exemption does not cover prospective employees or contractors (e.g. job applicants, tenders). The handling of personal information collected, held, used or disclosed about them must accord with an employer’s privacy policy.
To comply with the APPs, personal information collected from a prospective employee should be destroyed or at the least “de-identified” once the purpose for collection has been met. Different rules may also apply to unsolicited job applications. Employers risk hefty penalties of $340,000 to $1.7 million if they fail to comply with the Act. The message is, once a CV is received from a job applicant, considered and rejected, the CV has to be destroyed.
However, employers need also to protect themselves against adverse action claims brought by prospective employees, which can be up to 6 years after the event in question. In other words, the unsuccessful job applicant may have rights that may be exercised some time after being turned down for a position.
The Fair Work Act 2009 states that “adverse action” may be taken by a prospective employer against a prospective employee if the employer:
- refuses to employ the prospective employee; or
- discriminates against the prospective employee in the terms or conditions on which the prospective employer offers to employ the prospective employee.
The paradox is, if you’ve destroyed the CV and the interview notes- where might you stand?
For further information regarding the APPs and their impact on businesses please contact Andrew Pickles on 03 5434 6666 or andrew.pickles@robertsonhyetts.com.au