34.37 The employee records exemption, in conjunction with the lack of comprehensive privacy protection under workplace relations legislation, has been the focus of sustained criticism since the introduction of the Privacy Amendment (Private Sector) Bill into Parliament in 2000. The criticism has highlighted that sensitive information, which is given a high level of privacy protection in other contexts, is without adequate protection in the context of private sector employment. This is a matter of concern because employees may be under considerable economic pressure to provide sensitive information to employers, including genetic information.
34.38 In his Second Reading Speech in Parliament, the Attorney-General acknowledged that the personal information of private sector employees requires privacy protection but the Government has not yet moved to ensure that adequate protection is provided by workplace relations legislation.
34.39 The importance of protecting health information was acknowledged in the development of the small business exemption in the Privacy Act, which is examined in Chapter 7. The exemption does not apply to small businesses that provide health services and hold health information except in an employee record.
34.40 There appears to be no reasonable justification for the fact that the health information of public sector employees is protected but the health information of private sector employees is not.
34.41 Against this background, the Inquiry is of the view that the employee records exemption in the Privacy Act is too broad and should be amended. Genetic information held by private sector employers about their employees should be given a high level of privacy protection, as it is in other contexts, for example, where such information is held by health service providers and insurance companies.
34.42 In this context there is a fine line between genetic information and health information. In light of the Inquiry’s Terms of Reference, the recommendations below are limited to the protection of human genetic information. However, in the Inquiry’s view, the Attorney-General’s Department and the Department of Employment and Workplace Relations should consider carefully the implications of the exemption in relation to health information other than genetic information when reviewing the employee records exemption for the purpose of the inter-departmental review.
Recommendation 34–1 The Commonwealth should amend the Privacy Act 1988 (Cth) (Privacy Act) to ensure that employee records are subject to the protections of the Act, to the extent that they contain genetic information.
Recommendation 34–2 The Commonwealth Attorney-General’s Depart-ment and the Department of Employment and Workplace Relations, in their pending inter-departmental review of the employee records exemption, should consider whether the Privacy Act should be amended to ensure that employee records are subject to the protections of the Act, to the extent that they contain health information other than genetic information.