Submission to the Attorney-General’s Department and Department of Employment and Workplace Relations Review on Employee Records Privacy
(8 April 2004)
1. The Australian Law Reform Commission (ALRC) makes the following submission with regard to particular aspects of the Review that relate to the joint inquiry by the ALRC and Australian Health Ethics Committee (AHEC) of the National Health and Medical Research Committee into the Protection of Human Genetic Information.
2. The final report of the joint inquiry, Essentially Yours: Protection of Human Genetic Information in Australia (ALRC 96, 2003), includes extensive discussion of the use of genetic information in the employment context. As noted in the Review’s discussion paper, the ALRC and AHEC made the following recommendations:
-
Recommendation 34–1. The Commonwealth should amend the Privacy Act 1988 (Cth) to ensure that employee records are subject to the protections of the Act, to the extent that they contain genetic information.
-
Recommendation 34–2. The Commonwealth Attorney-General’s Department and the Department of Employment and Workplace Relations, in their pending inter-departmental review of the employee records exemption, should consider whether the Privacy Act should be amended to ensure that employee records are subject to the protections of the Act, to the extent that they contain health information other than genetic information.
3.This submission provides background to those recommendations. The ALRC would be happy to discuss further these recommendations with Review members if additional background information is required.
Genetic information, privacy and the employment context
4. One of the core purposes of the inquiry, as specified in the Terms of Reference, was to report on whether a regulatory framework is needed to protect the privacy of human genetic samples and information in a number of contexts, including employment. It was therefore necessary to look at the way in which the Privacy Act 1988 (Cth) operates in the employment context.
5. Previous inquiries have indicated concern over the ‘employee record’ exemption from the private sector provisions of the Privacy Act.[1] While the Australian Government’s expressed preference has been to deal with the privacy of an employee’s personal information in workplace relations legislation, the current provisions of the Workplace Relations Act 1996 (Cth) have limited scope to protect the privacy of employee records. The inquiry was operating in an environment in which there is very little protection of personal information, including health information, held in private sector employee records.
6. A number of submissions received by the inquiry dealt specifically with the issue of privacy of employee records, the majority of which expressed concern about the lack of privacy protection currently provided for sensitive information—particularly genetic information—held by private employers. The Australian Chamber of Commerce and Industry (ACCI), which has in the past strongly supported the existing employee records exemption, acknowledged in its submission that there is room for special provision to be made in respect of sensitive genetic information held by employers.
7. The ALRC and AHEC identified a number of general concerns about the use of genetic information, including that:
-
while each person’s genetic information is unique, it can also reveal information about, and therefore have implications for, that person’s blood relatives;
-
the predictive nature of genetic information makes it useful for future decision making by individuals and others, but can also be a source of poor or discriminatory decision making if it is misunderstood or misapplied; and
-
the pace at which genetic technologies are progressing places pressures on institutional and individual safeguards that are intended to protect privacy, prevent discrimination and uphold ethical best practice.
8. The inquiry examined the whole range of purposes for which genetic information is collected and used by employers, either in the form of information from particular genetic tests, family medical history, or genetic samples.[2] These include pre-employment screening for the purposes of excluding high-risk persons from the workplace. As noted in the Review’s discussion paper (at [3.12]), this kind of collection and use of genetic information does not fall within the ‘employee record’ exemption as it is not related to the current or former employment relationship. However, information collected from an employee as part of the recruitment process may be maintained as part of the employee record. While the collection of the information is subject to the Privacy Act, there are questions as to whether this information is subject to the exemption once the applicant is employed.
9. The Review’s discussion paper is also misleading in suggesting that all employment screening processes relate only to the pre-employment relationship—there are a number of employment screening processes used by employers in relation to current employees. These may be undertaken as part of ongoing monitoring programs (such as periodic testing of employees to evaluate the genetic damage cause by exposure to a workplace hazard), or may be the implementation of new tests as they become more widely available. Information collected as a part of these tests is not covered by the Privacy Act under the current ‘employee record’ exemption. Similarly, genetic samples of employees collected by employers, such as those collected and used by the Tasmanian Police Service,[3] are related to the current employment relationship. Genetic samples of employees held by a private sector employer for employment reasons are not covered by the Privacy Act.
10. While there was limited evidence that Australian employers are currently seeking access to genetic test information, there is little doubt that the pressures to use such information will increase as the reliability and availability of genetic tests increases, and as the cost of testing decreases. There are certainly incentives for employers to utilise genetic information when it becomes more cost-effective as an aid in reducing workers’ compensation and other insurance costs, minimising sick leave and engaging in OH&S risk management strategies. The link between economic incentives and the use of genetic information can be seen in the United States, where wide use is encouraged by a system where health insurance is obtained through employers.
11. Submissions to, and consultations held by, the inquiry highlighted a number of specific concerns about the privacy of genetic information in the employment context, including that:
-
many employers hold a great deal of sensitive information on their employees, including health information;
-
job applicants may feel under considerable pressure to provide genetic information or submit to a genetic test on request given the possible consequences of a refusal to their employment prospects;
-
there is a high potential for discrimination within the workplace arising from inappropriate handling and interpretation of genetic information;
-
given the inequality of bargaining power between employers and employees, it is unlikely that there would be a genuine capacity to negotiate workplace privacy issues in the absence of protections; and
-
while some contractual and equitable principles for maintaining confidentiality offer a degree of protection, these are costly to pursue and difficult to establish. [4]
12. The inquiry was of the view that there were some special features and issues attaching to genetic information making it particularly important that employee records, to the extent that they contain genetic information, should be subject to the same protections as other sensitive information under the Privacy Act. This would require legislative amendment of the Privacy Act. The option of narrowing the exemption, as identified in the review’s discussion paper at [4.26]–[4.28], would be the minimum amendment required to implement the joint inquiry’s recommendation.
Broader privacy protections for employee records
13. It was clear from the inquiry’s research, and the feedback received in submissions and in consultations, that many of the concerns about the privacy of genetic information also apply to other forms of personal health and medical information contained in employee records. However, the inquiry was restrained by its Terms of Reference and unable to consider the employee record exemption in a broader context. For this reason, Recommendation 34–2 urged broader consideration as a part of the current review by the Attorney-General’s Department and the Department of Employment and Workplace Relations.
14. With the exception of ensuring appropriate privacy protection of genetic information, the ALRC does not have a concluded view about whether the employee exemption should be completely deleted from the Privacy Act; whether it should be restricted to exemptions from certain National Privacy Principles; or whether it would be better to regulate privacy of employee records through the Workplace Relations Act. However, the ALRC can make the following comments based upon its experience from the joint inquiry into the Protection of Human Genetic Information.
15. It is difficult to quarantine genetic information from other health information. Genetic information can be thought of as part of a continuum of personal and health information, relevant to a person’s health status in many areas. As our understanding increases about the way in which genes and disease interact, it is likely that genetic information will become an integral part of each person’s individualised health status and healthcare program. With this in mind, it will be extremely difficult in practice to separate genetic information from other health information and apply a different set of rules and conditions for the handling of that information.
16. There appears to be no reasonable justification for the fact that the health information of public sector employees is protected but the health information of private sector employees is not. Health information held by private sector employees should be given a high level of privacy protection, as it is in other contexts such as where held by health service providers and insurance companies. Arguments related to increased administration costs for businesses are watered down by the fact that the businesses are already required to apply the National Privacy Principles to any records outside of the direct employment relationship, including records relating to potential employees and the handling of employee records in circumstances not directly related to the employment relationship (such as the provision of employee details for a commercial purpose, or disclosure for law enforcement purposes). If businesses are able to establish appropriate systems for the control and use of pre-employment records or employee records in non-employment circumstances, it should not be difficult to extend the same practices to employee records within the employment relationship.
17. Within the Australian Government there appears to be no objection in principle to the application of a privacy regime to employee records. At the time of introduction of the private sector privacy amendments to Parliament, the Attorney-General clearly indicated, in relation to employee records, that ‘[w]hile this type of information is deserving of privacy protection, it is the government’s view that such protection is more properly a matter for workplace relations legislation.’[5]
18. Businesses are concerned at the high level of complexity of the existing privacy regime, and want to ensure the complexity is not increased. The private sector provisions of the Privacy Act are complex, and a great deal of energy, education and work has gone into implementing the provisions. The existing exemption for employee records only increases the level of complexity of the Privacy Act, making it difficult to identify which provisions apply to which records. Introducing a further set of privacy practices in a different piece of legislation (ie the Workplace Relations Act) is unlikely to reduce these concerns and practical difficulties.
[1] Including the House of Representatives Standing Committee on Legal and Constitutional Affairs and the Senate Legal and Constitutional Legislation Committee in their respective considerations of the Privacy Amendment (Private Sector) Bill 2000.
[2] See ALRC 96, Essentially Yours: Protection of Human Genetic Information in Australia (2003), Ch 29.
[3] See ALRC 96, Essentially Yours: Protection of Human Genetic Information in Australia (2003), [29.27]–[29.30].
[4] See ALRC 96, Essentially Yours: Protection of Human Genetic Information in Australia (2003), [34.26]–[34.36].
[5] Commonwealth of Australia, Parliamentary Debates, House of Representatives, 12 April 2000, 1749 (D Williams).