Reading time: 4 minutes

Understanding when privacy laws apply to your business’ handling of employee information will make you better placed to avoid any complaints. Businesses often face complaints about unlawfully collecting or mishandling sensitive information. Therefore, if you are collecting sensitive information from your employees, you must be aware of how Australian privacy laws function. This article explains how you should handle sensitive information about your employees.

What is Sensitive Information?

Under the Privacy Act, sensitive information comes under the broader banner of personal information. Here, personal information is any information which you can use to identify someone. It includes a person’s:

  • name;
  • email; 
  • telephone number; and 
  • address. 

In contrast, sensitive information is personal information which is more likely to pose a risk to someone if it is shared. 

For example, sensitive information is more serious because it could be used to discriminate against someone. 

Sensitive information includes a person’s: 

  • religion;
  • ethnicity; or 
  • sexual orientation.

How Does the Employee Exemption Work?

The Privacy Act excludes employee personal information that is directly related to their employment. However, this exemption is only applicable to private sector businesses.

For example, this means that if you collect an employee’s bank details because you need these to be able to process their salary, you do not need to comply with the Privacy Act when doing so.

However, if you collect personal information from your employee for a purpose not directly related to their employment, then the Privacy Act will apply.

Further, it is important to note that where the Privacy Act does not apply, workplace laws may dictate how records must be kept and made available for access.

Therefore, if you wish to collect sensitive information about your employees, you should consider whether this is a requirement of their employment with you. If not, you should look at how the Privacy Act will impact on the collection of this information.

Case Example: Fingerprints

A recent case provides an example of where the collection of sensitive information falls outside of the employee exemption.

In this case, the employer made employees use a fingerprint scanner to record the time they entered and left the office. This was a collection of sensitive information as the Privacy Act considers a fingerprint to be biometric data. This means it is information about a person’s features and requires a higher level of protection.

The employee refused to provide his fingerprint to his employer. His employer then fired him for not following a reasonable direction. Accordingly, the employee brought a case for unfair dismissal against his employer.

The Fair Work Commission found that the fingerprint collection was not allowed, for two reasons:

  1. personal information can only be collected if it is reasonably necessary. In this case, the type of business did not justify high-security processes. Instead, a swipe card could be sufficient; and
  2. as fingerprints are sensitive information, the employee had to consent to its collection. Here, the employee was not able to give true consent as he did not have the option to say no.

This case demonstrates that you need to carefully consider whether the employee exemption covers the information you collect. If not, you will need to consider then whether the Privacy Act allows the collection. 

What Should I Do Based on the Finger Print Case?

In this case, the employee exemption would have applied if:

  • the requirement to use a fingerprint scanner had been in the employee’s contract; or
  • if his employment contract stated that he would automatically accept all future workplace policies as a condition of his employment.

This means that you should ensure your employment contracts are drafted to close off privacy loopholes. They should also state that, as a requirement of their employment, your employee must consent to:

  • any future policies and 
  • the collection of sensitive information.

Key Takeaways

It is important to understand how the Privacy Act applies to collecting sensitive information about your employees. Make sure that exemptions in your employment contracts include the personal information that you collect from employees. If you have any questions about employee privacy and collecting sensitive information, contact LegalVision’s privacy lawyers on 1300 544 755 or fill out the form on this page.

Webinars

Redundancies and Restructuring: Understanding Your Employer Obligations

Thursday 7 July | 11:00 - 11:45am

Online
If you plan on making a role redundant, it is crucial that you understand your employer obligations. Our free webinar will explain.
Register Now

How to Sponsor Foreign Workers For Your Tech Business

Wednesday 13 July | 11:00 - 11:45am

Online
Need web3 talent for your tech business? Consider sponsoring workers from overseas. Join our free webinar to learn more.
Register Now

Advertising 101: Social Media, Influencers and the Law

Thursday 21 July | 11:00 - 11:45am

Online
Learn how to promote your business on social media without breaking the law. Register for our free webinar today.
Register Now

Structuring for Certainty in Uncertain Times

Tuesday 26 July | 12:00 - 12:45pm

Online
Learn how to structure to weather storm and ensure you can take advantage of the “green shoots” opportunities arising on the other side of a recession.
Register Now

Playing for the Prize: How to Run Trade Promotions

Thursday 28 July | 11:00 - 11:45am

Online
Running a promotion with a prize? Your business has specific trade promotion obligations. Join our free webinar to learn more.
Register Now

Web3 Essentials: Understanding SAFT Agreements

Tuesday 2 August | 11:00 - 11:45am

Online
Learn how SAFT Agreements can help your Web3 business when raising capital. Register today for our free webinar.
Register Now

Understanding Your Annual Franchise Update Obligations

Wednesday 3 August | 11:00 - 11:45am

Online
Franchisors must meet annual reporting obligations each October. Understand your legal requirements by registering for our free webinar today.
Register Now

Legal Essentials for Product Manufacturers

Thursday 11 August | 11:00 - 11:45am

Online
As a product manufacturer, do you know your legal obligations if there is a product recall? Join our free webinar to learn more.
Register Now

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Jacqueline Gibson
Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards