28.07.2010
34.20 Both the House of Representatives Standing Committee on Legal and Constitutional Affairs and the Senate Legal and Constitutional Legislation Committee expressed concern about the employee records exemption in their reports on the Privacy Amendment (Private Sector) Bill 2000.[13] The House of Representatives Committee concluded that:
In the light of the evidence it has received, the Committee is not satisfied that existing workplace relations legislation provides enough protection for the privacy of private sector employee records and has grave concerns about the inclusion of the employee records exemption in the Bill. It has not been persuaded that there is any clear need for employees to be without privacy protection in relation to their workplace records.
The need for protection is particularly evident when the kind of information held by employers is considered. Employers frequently hold more information in relation to their employees than almost anyone else those employees will come into contact with. Further, this information can be extremely sensitive, even intimate. It may include sensitive health information ranging from genetic test results to medical records.[14]
34.21 The House of Representatives Committee drew a distinction between information relating to disciplinary matters or career progression, in which a future employer may have a legitimate interest, and other personal information such as health, family or financial information. The Committee was of the view that this latter information should not be provided to anyone without the employee’s consent. The Committee recommended that the definition of an employee record be amended to include only those matters covered by paragraphs (a), (b) and (e) of the definition, that is, information about the engagement, training, disciplining or resignation of the employee; information about the termination of the employment of the employee; and information about the employee’s performance or conduct.
34.22 The Senate Committee also expressed concern about the exemption and recommendeda sunset clause, which would allow the exemption to operate for two years while the relevant agencies examined whether existing workplace relations and state and territory legislation were adequate to protect the privacy of employee records.
34.23 The European Union Data Protection Working Party also commented adversely on the employee records exemption. The Working Party reports to the European Commission, under Article 30 of the European Union Directive on the Protection of Individuals with Regard to the Processing of Personal Data and the Free Movement of such Data, on a range of issues including the protection offered to personal information in third countries.[15] The Directive provides that Member States may transfer personal information to third countries only if those countries have adequate privacy protection in place. The Working Party noted in relation to Australia that
employee related data often contains sensitive data and [the Working Party] sees no reason to exclude it at least from the protection given by NPP 10 for sensitive information.[16]
34.24 In a joint press release of 29 November 2000, issued during passage of the Privacy Amendment (Private Sector) Bill 2000, the Attorney-General and the then Minister for Employment, Workplace Relations and Small Business announced that:
The Government will review existing Commonwealth, State and Territory laws to consider the extent of privacy protection for employee records and whether there is a need for further measures …
The review will be carried out by officers of the Attorney-General’s Department and the Department of Employment, Workplace Relations and Small Business and will involve consultation with State and Territory Governments, the Privacy Commissioner and other key stakeholders.
The Government will await the outcome of the review before considering what, if any, action should be taken in relation to privacy and employee records. The review will be completed in time to assist the Privacy Commissioner when he conducts the more general review of the legislation two years after it commences operation.[17]
34.25 The Attorney-General’s Department provided the following update on the review in its submission to the Inquiry:
The review of current privacy protection for employee records by this Department and the Department of Employment and Workplace Relations is under way and is due to be completed before the Privacy Commissioner’s review of the operation of the private sector amendments to the Privacy Act (ie, end of 2003).[18]
[13] Ibid; Senate Legal and Constitutional Legislation Committee, Inquiry into the Provisions of the Privacy Amendment (Private Sector) Bill 2000 (2000), The Parliament of Australia.
[14] Standing Committee on Legal and Constitutional Affairs, Advisory Report on the Privacy Amendment (Private Sector) Bill 2000 (2000), House of Representatives, Parliament of the Commonwealth of Australia, Canberra [3.29]–[3.30].
[15]Directive 95/46/EC of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and the Free Movement of such Data, (entered into force on 24 October 1995).
[16] Article 29 Data Protection Working Party, Opinion 3/2001 on the Level of Protection of the Australian Privacy Amendment (Private Sector) Act 2000, (2001), European Commission.
[17] The Hon Daryl Williams AM QC MP (Commonwealth Attorney-General) and The Hon Peter Reith (Commonwealth Minister for Employment Workplace Relations and Small Business), Joint News Release (29 November 2000).
[18] Commonwealth Attorney-General’s Department, Submission G158, 7 May 2002.