Privacy and confidentiality

14.42 A key challenge is to ensure that measures that are likely to lead to disclosure of family violence contain appropriate privacy safeguards regarding the handling of that personal information. This is particularly important given concerns about privacy appear to be a central barrier to disclosure of family violence in the context of employment law.

14.43 There are several key issues considered in this chapter—general obligations under the Privacy Act 1988 (Cth) and Fair Work Act, the employee records exemption under the Privacy Act, as well as the need for workplace policies regarding the protection of employees’ personal information.

14.44 The need to ensure appropriate privacy safeguards are introduced as part of any reforms is also discussed in Chapter 15 with respect to information-sharing arrangements in the pre-employment system and Chapter 17 in the context of family violence clauses in enterprise agreements and awards.

The Privacy Act and the Fair Work Act

14.45 Where employees experiencing family violence disclose family violence to Job Services Australia (JSA) providers, employers or others within the employment law system, issues of privacy arise.

14.46 The principal piece of federal legislation governing information privacy in Australia is the Privacy Act 1988 (Cth),which regulates the handling of personal information by the Australian Government and the ACT Government—to which 11 Information Privacy Principles apply—and the private sector—to which 10 National Privacy Principles apply.^[32]

14.47 There is limited privacy protection for private sector employees under either the Privacy Act or the Fair Work Act. That said the Fair Work Act does contain some provisions with respect to employer obligations in relation to employee records.^[33] For example, s 107 of the Fair Work Act notes that personal information disclosed to an employer for the purposes of accessing leave under the NES may be regulated by the Privacy Act.

14.48 Further, s 535 of the Fair Work Act requires employers to make, and keep for seven years, employee records of the kind prescribed in the Fair Work Regulations, which include: basic employment details; leave entitlements; and individual flexibility arrangements.^[34] Of particular relevance in light of discussion of these issues in Chapters 16 and 17, is the requirement that employers must make and keep records which, in relation to leave, set out any leave the employee takes,^[35] and in relation to individual flexibility arrangements, include a copy of the agreement.^[36] However, the Fair Work Regulations only require employers to maintain, provide access to, and correct records for inspection and auditing purposes, rather than to protect the privacy of those records.

Employee records exemption

14.49 Under the Privacy Act, the handling of an ‘employee record’ by a public sector employer is treated differently from the handling of such a record by a private sector employer. Section 6 of the Privacy Act defines ‘employee record’ as a record of personal information relating to the employment of the employee. Examples of such personal information include information about the employee, such as terms and conditions of employment, personal details, performance, conduct and hours of employment and leave.

14.50 To the extent that disclosure of family violence to employers is related to the employment of the employee—for example, for the purposes of obtaining leave or utilising provisions of a family violence clause in an enterprise agreement—it is personal information that constitutes an employee record.

14.51 Government agencies must handle employee records in compliance with the Privacy Act. Private organisations however, are exempt from the operation of the Act where an act or practice is related directly to: the employment relationship between the organisation and the individual; and an employee record held by the organisation.^[37] This exemption is usually referred to as the ‘employee records exemption’.

14.52 While this type of information was considered ‘deserving of privacy protection’ when the privacy legislation was extended to the private sector in 2000, the Government noted that ‘such protection is more properly a matter for workplace relations legislation’.^[38]

14.53 In For Your Information: Australian Privacy Law and Practice,ALRC Report 108 (2008) (For Your Information), the ALRC concluded that there is no sound policy justification for retaining the employee records exemption and recommended its removal.^[39] Specifically, the ALRC stated that there is a lack of adequate privacy protection for employee records in the private sector, despite the sensitivity of personal information held by employers and the potential for economic pressure to be exerted over employees to provide personal information to their employers.

14.54 The ALRC concluded that privacy protection of employee records should be located in the Privacy Act to ensure maximum coverage of agencies and organisations and to promote consistency, but commented that this protection should be in addition to that provided by other laws, such as the relevant provisions in the then Workplace Relations Regulations.^[40]

Submissions and consultations

14.55 In the Employment Law Issues Paper, the ALRC expressed the view that to the extent that the employee records exemption creates additional barriers to the disclosure of family violence by private sector employees, this provides further reason for the amendment of the Privacy Act to remove the employee records exemption.

14.56 However, as the ALRC did not directly ask a question about the employee records exemption, few stakeholders addressed the issue in the course of this Inquiry. However, both the Office of the Australian Information Commissioner (OAIC) and the Australian Chamber of Commerce and Industry (ACCI) expressed particularly strong, but opposing views.

14.57 OAIC expressed the view that:

As previously outlined, concern over the way in which those who receive disclosures of family violence handle that information may further contribute to individuals choosing not to disclose the information. Where employers receive such sensitive information they should be required to accord that information comparable protection to that provided under the Privacy Act. Despite the sensitivity of the personal information held, where the employee records exemption applies private sector organisations are not required to comply with obligations under the Privacy Act. The OAIC supports the removal of the employee records exemption provided in section 7B(3) of the Privacy Act to better protect and support those experiencing family violence.^[41]

14.58 In contrast, in response to the statement that the employee records exemption may create an additional barrier to disclosure of family violence, ACCI submitted that there is ‘no evidence that ACCI is aware of that justifies such a statement’ and that

this statement pre-supposes there is a common occurrence where employees have disclosed matters affecting them in their personal lives to their employer, such information is not treated and handled with standard of care and sensitivity. It is the experience of many thousands of employers that they treat these matters with the utmost confidentiality and would not seek to break that trust and confidence with their valued staff.^[42]

14.59 Ultimately, ACCI expressed the view that the employee records exemption should be retained and that

there is no evidence that employers have abused, mishandled or treated confidential personal information from employees other than on a proper and legitimate basis. Employee concerns that such information may be mishandled does not count. And where isolated events do occur, they should not provide a policy reason for the removal of a perfectly working and appropriate exemption, holus bolus.^[43]

14.60 ACCI also submitted that the Senate Committee ‘is currently examining exposure draft legislation and the issue is therefore being considered by other inquiries in more detail and the ALRC should make no findings in this inquiry as a result’.^[44]

14.61 With respect to privacy provisions under the Fair Work Act, the Australian Human Rights Commission (AHRC) submitted that:

The Commission notes the provisions in the Australian Services Union model enterprise agreement clausewhich include that information concerning domestic violence will be kept confidential, and that ‘no information will be kept on an employee’s personnel file without their express written permission’. The Commission supports the inclusion of this, or similar wording, in the FWA.^[45]

ALRC’s views

14.62 In For Your Information, the ALRC recommended that the employee records exemption under the Privacy Act be repealed on the basis that removing the exemption would ensure that the privacy of employee records held by private organisations is protected under the Privacy Act.

14.63 The ALRC notes that concerns by an employee about privacy may lead to reluctance to disclose family violence. However, the ALRC is unaware of evidence to suggest, either way, that employers have or do intentionally abuse or mishandle the personal information of employees. However, to the extent that the employee records exemption may create any additional concerns or barriers on behalf of employees, which may discourage disclosure of family violence, the ALRC considers that this (in addition to the policy reasons expressed in For Your Information) provides an additional consideration in support of amendment of the Privacy Act to remove the employee records exemption.

14.64 Where employees disclose family violence for the purposes of accessing new entitlements recommended in Chapters 16 and 17, such as family violence leave or flexible working arrangements under the NES, care must be taken to ensure that appropriate privacy protection is provided. As a result, while some privacy issues are discussed in more detail in other chapters, in light of the interactions between the employer obligations under the Fair Work Act, the ALRC welcomes stakeholder comment on what other changes, if any, are needed to protect the personal information of employees who disclose family violence in such circumstances.

Guidance material and workplace policies

14.65 In this Inquiry, the ALRC makes a number of proposals which, if adopted, are likely to increase disclosure of family violence by employees in an employment context to, for example, access family violence leave or flexible working arrangements.

14.66 Accordingly, in order to assist employers to comply with their obligations under the Privacy Act, or where they are exempted from such obligations to handle the personal information of employees experiencing family violence sensitively and appropriately, there may be a need for the provision of additional information and guidance in this area.

14.67 In For Your Information, the ALRC recommended that the then Office of the Privacy Commissioner, should develop and publish specific guidance on the application of the Privacy Act to employee records to assist employers in fulfilling their obligations.^[46]

14.68 The OAIC and the Fair Work Ombudsman (FWO) currently produce a range of material. For example, the OAIC produces a range of information sheets, case notes and other publications. FWO produces a Best Practice Guide on Workplace Privacy.^[47]

Submissions and consultations

14.69 In the Employment Law Issues Paper, the ALRC noted that a number of privacy issues may arise where family violence is disclosed in the context of employment. A number of submissions emphasised the need to maintain the confidentiality of any information about family violence disclosed to an employer, particularly where such disclosure is required to access workplace rights or entitlements.^[48] For example, the Australian Association of Social Workers (Queensland) (AASW) emphasised that where family violence is disclosed, there is a need to consider ‘how information is used, who has access to this, how is it shared and so on’.^[49]

14.70 Several stakeholders highlighted the role played by the FWO in publishing Best Practice Guides and similar material. For example, ACCI suggested that:

Whilst no one-size fits all clause is appropriate, ACCI would support additional information to be published by the FWO for the benefit of employers and employees when … formulating policies.^[50]

ALRC’s views

14.71 Disclosure of family violence in the employment law context will necessarily require the development or revision of existing workplace approaches and policies to ensure the information is handled sensitively and appropriately. While in many cases workplaces may already have adequate privacy policies in place, the ALRC considers that additional guidance that addresses safeguarding the personal information of employees who have disclosed family violence may be necessary.

14.72 As a result, the ALRC proposes that the OAIC and FWO should, in consultation with unions and employer organisations, develop a model privacy policy and develop or revise guidance for employers which, as well as ensuring compliance with obligations arising under the Privacy Act 1988 (Cth), specifically safeguards the personal information of employees who have disclosed family violence.