Australia’s privacy laws were revamped with the introduction of the Australian Privacy Principles (APPs). As a result, many businesses are asking about whether they owe any privacy obligations to non-employees, including applicants and contractors.

Under what circumstances will the APPs apply to the personal information of non-employees?

Understanding your privacy obligations to non-employees is very important, as the personal information of such persons will not be covered by the exemption that applies to ‘employee records’. This exemption may, however, apply when you are managing the records of a current/former employee.

In regards to the personal information of non-employees, you are required by the APP to do certain things. The following areas ought to be examined:

  1. The terms of your business’ privacy policy;
  2. How you respond to job applications that are sent through; and
  3. How, and in what circumstances, you will send personal information overseas.

The terms of your business’ privacy policy

A privacy policy details your business’ protocol for dealing with the personal information it directly or indirectly collects. Under the APP 1, an organisation is required to:

  • Take reasonable steps to implement practices, procedures and systems to:
  • Make sure you are compliant with the APPs and any registered APP code, such as any principles that are pre-approved by the Privacy Commissioner for a particular organisation;
  • Handle injuries and complaints relating to breach of privacy;
  • Clearly communicate in the privacy policy how the personal information will be used, disclosed, and generally handled; and
  • Ensure that the privacy policy is freely accessible, can be found online (if appropriate) and is available on demand.

Make sure that your privacy policy is compliant with APP 1 by speaking with a small business lawyer. Your lawyer will help to make sure that your privacy policy contains the requisite content and is available and accessible to all non-employees.

Responding to job applications that are sent through

If your business receives any information from job applicants or other persons that is unsolicited, i.e. not invited, there are certain steps your business must take in proving that you did not actively ‘collect’ this information (APP 4).

For instance, someone may apply for a job that doesn’t exist, i.e. you never put an advertisement online for any available position at the business and received applications regardless. This is a common situation that Australian SMEs deal with all the time; we here at LegalVision encounter it almost daily! What should they do with these applications? Where should they be kept, if at all? If you believe that the information is reasonably important for the business’ functions and other activities, it may be permissible to retain the information.

If, however, the information is largely irrelevant and carries no real significance to your business’ functions or activities, you are required by law to do any of the following:

  • Destroy whatever materials that you have which carry the information (paper, text messages, email, etc.); or
  • Take steps to ensure that the identity of the person cannot possibly be ascertained.

If you find that the information is reasonably necessary to your business’ functions or activities and you are not required to destroy it, you must still safeguard the information and only use it for the purposes for which you are allowed under the APPs to use it.

Your privacy obligations when sending personal information overseas

There are certain conditions placed on the lawful disclosure of an individual’s personal information when it is sent to a related body corporate or other third party that is outside of Australia (APP 8.1).

Two conditions apply, including that the business must disclose the information for the same reason it was collected, unless some exception exists or the person has given permission. And secondly, you must be reasonably sure that the third party will not breach the APPs by misusing the person’s personal information.

For example, imagine you run recruitment service and provide an overseas organisation with the personal data of potential candidates so that they can then do all of the reference checks. In this instance, you would need to take steps to ensure that this external, overseas organisation is complaint with the APP.

Don’t forget to provide adequate training to HR and others in managerial positions about handling the personal information of potential employees, volunteers and contractors to avoid breaching the APPs.


If you need to update your Privacy Policy to be in accordance with the APPs, or wish to modify your employment contracts so that your employees are made liable for any personal breaches of the APPs, contact LegalVision on 1300 544 755.

COVID-19 Business Survey
LegalVision is conducting a survey on the impact of COVID-19 for businesses across Australia. The survey takes 2 minutes to complete and all responses are anonymous. We would appreciate your input. Take the survey now.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. For just $199 per month, membership unlocks unlimited lawyer consultations, faster turnaround times, free legal templates and members-only discounts.

Learn more about LVConnect

Emma Jervis
Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.
Our Awards
  • 2019 Top 25 Startups - LinkedIn 2019 Top 25 Startups - LinkedIn
  • 2019 NewLaw Firm of the Year - Australian Law Awards 2019 NewLaw Firm of the Year - Australian Law Awards
  • 2020 Fastest Growing Law Firm - Financial Times APAC 500 2020 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review 2020 AFR Fast 100 List - Australian Financial Review
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards
  • Most Innovative Law Firm - 2019 Australasian Lawyer 2019 Most Innovative Firm - Australasian Lawyer
Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at

View Privacy Policy