Skip to content

What Are My Privacy Obligations Towards Employees?

In Short

  • Employers must handle employees’ personal information responsibly, adhering to the Privacy Act 1988 (Cth) if applicable.
  • Collect only necessary personal information and use it solely for legitimate employment purposes.
  • Inform employees about data collection practices and implement measures to protect their personal information from misuse or unauthorised access.

Tips for Businesses

Regularly review your data handling practices to ensure compliance with privacy laws. Develop clear policies outlining how employee information is collected, used and protected. Providing training to staff on privacy obligations can help maintain trust and prevent potential breaches.


Table of Contents

Ensuring employees’ privacy is a critical aspect of running a business. However, it is worth noting that certain businesses may not be bound by the obligations of the Privacy Act 1988 (Cth) (the ‘Act’). Only businesses that meet specific criteria are mandated to comply with the Act. Nevertheless, it is essential to understand the possible privacy obligations that your business may have, even if it is not required to comply with the Act. Such knowledge is necessary to ensure your business operates according to best practices. This article will outline a few principles that every business should know.

Are There Special Rules for APP Entities?

An APP (Australian Privacy Principles) entity can be a sole trader, partnership, trust, company or unincorporated association. As mentioned above, not all businesses need to comply with the Act; however, APP entities must comply. Usually, businesses with an upwards annual turnover of $3 million will be considered an APP Entity. However, some businesses that have an annual turnover of less than $3 million may still be an APP entity. Some of the exceptions include businesses that:

  • provide health services and hold health information;
  • businesses that disclose personal information about another individual for a benefit, service or advantage; 
  • provide a benefit, service or advantage to collect personal information from anyone without the consent of the individual; or
  • contract services provided for the Commonwealth.

Personal information refers to the pool of details that can identify a person. Sensitive information takes it a step further than personal information. Sensitive information includes details that may relate to your beliefs or worldview, such as information relating to your political opinion or religious beliefs.

APP entities must have a clearly expressed and up-to-date privacy policy. These policies include details like:

  • types of personal information that the business collects and holds; 
  • how the business holds this information; 
  • the purpose that they collect, hold, use and disclose this information;
  • how an individual can access the personal information and correct such information;
  • how an individual can complain about a breach of the APP;
  • whether the business will disclose information overseas; and 
  • if they disclose the information overseas, which countries will this information go to. 

What Happens With My Employee’s Information?

Employees should be able to ensure that their employer maintains their privacy, as the employer has access to extensive information about them. Even before a candidate is offered the job, employers typically have access to an employee’s:

  • name; 
  • bank account; 
  • tax file number; and 
  • educational background. 

The Act applies when the employer uses the collected information for a purpose unrelated to the employment relationship. To work according to best practices, you should inform employees about:

  • when personal information is collected; 
  • the purpose of collecting the information; 
  • how employees can access the information; and 
  • whether you plan to share the information with other entities.
Front page of publication
2024 Key Employment Law Changes

As an employer, it is essential to understand what employment laws have changed and their implications for your business — particularly the changes to the Fair Work Act 2009 through the new Closing the Loopholes legislation.

Download Now
Continue reading this article below the form
Loading form

Can I Disclose Employee’s Information?

In certain situations, it may be necessary to disclose an employee’s information to a third party. Third parties that may have access to the employer’s records and the reasons for doing so include:

  • Fair Work Inspector: Determining whether an employer meets their obligations; 
  • Government Agency: Enacting their duties, such as the Australian Tax Office collecting tax information; and
  • Employee Associations: Investigating an employer’s obligations. 

Key Takeaways

If you are an APP entity, you have additional privacy requirements, such as complying with the Privacy Act and having a privacy policy. However, most businesses must maintain their employee’s privacy; if they need to disclose, they must inform the employee. 

If you need help maintaining your privacy obligations while collecting employees’ information, our experienced employment lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 1300 544 755 or visit our membership page.

Frequently Asked Questions 

What is an APP entity?

The Privacy Act covers an APP entity. They can be sole traders, companies, unincorporated associations, partnerships and trusts. An APP entity typically has an annual turnover of $3 million or more. There are other exceptions for when a company is in this category that does not have an annual turnover of $3 million.

What happens if I need to disclose my employee’s information?

If you need to disclose your employees’ information, you must inform them. Tell your employees when you collect personal information, the purpose of collecting it, how they can access it, and whether you will share this information with separate entities like the Fair Work Ombudsman.

Register for our free webinars

Demystifying M&A: What Every Business Owner Should Know

Online
Understand the essentials of mergers and acquisitions and protect your business value. Register for our free webinar.
Register Now

Social Media Compliance: Safeguard Your Brand and Avoid Common Pitfalls

Online
Avoid legal pitfalls in social media marketing and safeguard your brand. Register for our free webinar.
Register Now

Building a Strong Startup: Ask a Lawyer and Founder Your Tough Questions

Stone & Chalk Tech Central, Level 1 - 477 Pitt St Haymarket 2000
Join LegalVision and Bluebird at the Spark Festival to ask a lawyer and founder your startup questions. Register now.
Register Now

Construction Industry Update: What To Expect in 2026

Online
Stay ahead of major construction regulatory changes. Register for our free webinar.
Register Now
See more webinars >
Azaria Khan

Azaria Khan

Read all articles by Azaria

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2025 Employer of Choice - Australasian Lawyer

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2022 Law Firm of the Year - Australasian Law Awards