As an employer, it is important that you understand and consider how your privacy obligations apply in light of the coronavirus (COVID-19). In particular, if one your employee contracts COVID-19 and you want to inform staff, third parties and visitors to your work premises. 

You need to consider such things as:

  • whether Australian privacy laws apply to your business; and if so
  • how you need to comply with these laws in order to disclose the information; and
  • whether your business has any other obligations.

This article will provide insight into your obligations under federal privacy law. Other state and territory laws that may also apply to your business.

What Does Federal Privacy Law Cover?

Federal privacy law, known as the Privacy Act, was introduced to promote and protect the privacy of individuals such as your employees and your customers. It also regulates how organisations handle personal information. It can apply to your business if you are using or disclosing certain information types. 

Federal privacy law applies to all organisations and agencies that have a turnover of over $3 million per financial year. However, even if your turnover is $3 million or less, the privacy law may still apply.

For example, if it:

  • provides a health service and stores health information; 
  • discloses personal information to others for a benefit, service or advantage; 
  • collects personal information about individuals in order to provide a benefit, service or advantage; 
  • is a contracted service provider for a Commonwealth contract (even if you are not a party to the contract); or
  • is a credit reporting body.

Employee Exemptions Under Privacy Law

There are some exemptions that apply, such as the employee records exemption for private organisations. This would mean that if the exemption applies to your business, you would not need to comply with disclosure obligations under the Privacy Act. This exemption only applies if you are disclosing information that is directly related to:

  • a current or former employment relationship between the employer and the employee (for example, a current employee or one that left the business last week); and
  • an employee record held by the organisation and relating to the employee (for instance, a medical certificate that the employee had diabetes).

If your worker is a volunteer or contractor then this employee exemption would not apply.

If the disclosure is:

  • not directly related to your employment relationship with a current or former employee and an employee record you hold; and 
  • the Privacy Act applies to your business,

then you will be required to only disclose that personal information as permitted by the Privacy Act. 

For example, if you do not have a record of the employee testing positive for COVID-19, but you have heard that it is the case, the employee records exemption is unlikely to apply and you will be required to comply with your disclosure obligations under the Privacy Act

Obtaining Consent

If you want to protect the health and safety of your workforce by disclosing to them that an employee has contracted COVID-19, you would need to obtain the employee’s consent first.

You cannot disclose information without the employee’s permission unless an employee exemption applies. An employee exemption does not apply if:

  • the record does not apply to your employee (for example, it relates to a contractor or volunteer); or
  • if they are a volunteer or contractor; and 
  • if your business is covered by federal privacy law and you store personal information about an employee that was collected for a particular purpose, 

For example, if you have a record of an employee who has epilepsy for the purpose of knowing they have this disorder, then this is the primary reason you have collected this information.  Disclosing this information for any other purpose would be considered a ‘secondary purpose’ and requires the employee to consent to the information being disclosed. Another exception, other than consent, may apply, however, consent is often best practice. 

Other Employment Obligations

As an employer, you should also keep in mind your workplace health and safety obligations. 

Employers have a duty of care for the health and safety of their workers and others at the workplace. This includes providing and maintaining a work environment that is without risk to health and safety. 

To meet your duties, you must identify risks at the workplace, and where possible eliminate or minimise those risks. If one of your employees has contracted COVID-19 you need to consider what can be done to control the risk of other employees being exposed to the virus.

Key Takeaways 

As an employer, your business needs to comply with information privacy obligations when disclosing that an employee has contracted COVID-19. It is essential you obtain advice to make sure you are following the correct process to disclose the information. There are also other employment obligations you need to be aware of. If you need help in understanding your risks and protecting your business, our employment lawyers can help. Fill out the form on this page or call us on 1300 544 755.

COVID-19 Business Survey
LegalVision is conducting a survey on the impact of COVID-19 for businesses across Australia. The survey takes 2 minutes to complete and all responses are anonymous. We would appreciate your input. Take the survey now.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. For just $199 per month, membership unlocks unlimited lawyer consultations, faster turnaround times, free legal templates and members-only discounts.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.
Our Awards
  • 2019 Top 25 Startups - LinkedIn 2019 Top 25 Startups - LinkedIn
  • 2019 NewLaw Firm of the Year - Australian Law Awards 2019 NewLaw Firm of the Year - Australian Law Awards
  • 2020 Fastest Growing Law Firm - Financial Times APAC 500 2020 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review 2020 AFR Fast 100 List - Australian Financial Review
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards
  • Most Innovative Law Firm - 2019 Australasian Lawyer 2019 Most Innovative Firm - Australasian Lawyer
Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at

View Privacy Policy