Skip to content

What Are My Privacy Obligations Towards Employees?

In Short

  • Employers must handle employees’ personal information responsibly, adhering to the Privacy Act 1988 (Cth) if applicable.
  • Collect only necessary personal information and use it solely for legitimate employment purposes.
  • Inform employees about data collection practices and implement measures to protect their personal information from misuse or unauthorised access.

Tips for Businesses

Regularly review your data handling practices to ensure compliance with privacy laws. Develop clear policies outlining how employee information is collected, used and protected. Providing training to staff on privacy obligations can help maintain trust and prevent potential breaches.


Table of Contents

Ensuring employees’ privacy is a critical aspect of running a business. However, it is worth noting that certain businesses may not be bound by the obligations of the Privacy Act 1988 (Cth) (the ‘Act’). Only businesses that meet specific criteria are mandated to comply with the Act. Nevertheless, it is essential to understand the possible privacy obligations that your business may have, even if it is not required to comply with the Act. Such knowledge is necessary to ensure your business operates according to best practices. This article will outline a few principles that every business should know.

Are There Special Rules for APP Entities?

An APP (Australian Privacy Principles) entity can be a sole trader, partnership, trust, company or unincorporated association. As mentioned above, not all businesses need to comply with the Act; however, APP entities must comply. Usually, businesses with an upwards annual turnover of $3 million will be considered an APP Entity. However, some businesses that have an annual turnover of less than $3 million may still be an APP entity. Some of the exceptions include businesses that:

  • provide health services and hold health information;
  • businesses that disclose personal information about another individual for a benefit, service or advantage; 
  • provide a benefit, service or advantage to collect personal information from anyone without the consent of the individual; or
  • contract services provided for the Commonwealth.

Personal information refers to the pool of details that can identify a person. Sensitive information takes it a step further than personal information. Sensitive information includes details that may relate to your beliefs or worldview, such as information relating to your political opinion or religious beliefs.

APP entities must have a clearly expressed and up-to-date privacy policy. These policies include details like:

  • types of personal information that the business collects and holds; 
  • how the business holds this information; 
  • the purpose that they collect, hold, use and disclose this information;
  • how an individual can access the personal information and correct such information;
  • how an individual can complain about a breach of the APP;
  • whether the business will disclose information overseas; and 
  • if they disclose the information overseas, which countries will this information go to. 

What Happens With My Employee’s Information?

Employees should be able to ensure that their employer maintains their privacy, as the employer has access to extensive information about them. Even before a candidate is offered the job, employers typically have access to an employee’s:

  • name; 
  • bank account; 
  • tax file number; and 
  • educational background. 

The Act applies when the employer uses the collected information for a purpose unrelated to the employment relationship. To work according to best practices, you should inform employees about:

  • when personal information is collected; 
  • the purpose of collecting the information; 
  • how employees can access the information; and 
  • whether you plan to share the information with other entities.
Front page of publication
2024 Key Employment Law Changes

As an employer, it is essential to understand what employment laws have changed and their implications for your business — particularly the changes to the Fair Work Act 2009 through the new Closing the Loopholes legislation.

Download Now
Continue reading this article below the form
Loading form

Can I Disclose Employee’s Information?

In certain situations, it may be necessary to disclose an employee’s information to a third party. Third parties that may have access to the employer’s records and the reasons for doing so include:

  • Fair Work Inspector: Determining whether an employer meets their obligations; 
  • Government Agency: Enacting their duties, such as the Australian Tax Office collecting tax information; and
  • Employee Associations: Investigating an employer’s obligations. 

Key Takeaways

If you are an APP entity, you have additional privacy requirements, such as complying with the Privacy Act and having a privacy policy. However, most businesses must maintain their employee’s privacy; if they need to disclose, they must inform the employee. 

If you need help maintaining your privacy obligations while collecting employees’ information, our experienced employment lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 1300 544 755 or visit our membership page.

Frequently Asked Questions 

What is an APP entity?

The Privacy Act covers an APP entity. They can be sole traders, companies, unincorporated associations, partnerships and trusts. An APP entity typically has an annual turnover of $3 million or more. There are other exceptions for when a company is in this category that does not have an annual turnover of $3 million.

What happens if I need to disclose my employee’s information?

If you need to disclose your employees’ information, you must inform them. Tell your employees when you collect personal information, the purpose of collecting it, how they can access it, and whether you will share this information with separate entities like the Fair Work Ombudsman.

Register for our free webinars

ACCC Merger Reforms: Key Takeaways for Executives and Legal Counsel

Online
Understand how the ACCC’s merger reforms impact your legal strategy. Register for our free webinar.
Register Now

Ask an Employment Lawyer: Contracts, Performance and Navigating Dismissals

Online
Ask an employment lawyer your contract, performance and dismissal questions in our free webinar. Register today.
Register Now

Stop Chasing Unpaid Invoices: Payment Terms That Actually Work

Online
Stop chasing late payments with stronger terms and protections. Register for our free webinar.
Register Now

Managing Psychosocial Risks: Employer and Legal Counsel Responsibilities

Online
Protect your business by managing workplace psychosocial risks. Register for our free webinar.
Register Now
See more webinars >
Azaria Khan

Azaria Khan

Read all articles by Azaria

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2025 Employer of Choice - Australasian Lawyer

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2022 Law Firm of the Year - Australasian Law Awards