19.12.2011
Privacy and confidentiality
15.69 A key challenge is to ensure that measures likely to lead to disclosure of family violence contain appropriate privacy safeguards regarding the handling of that personal information. This is particularly important given that concerns about privacy appear to be a central barrier to disclosure of family violence in the context of employment.
15.70 There are several key issues with respect to privacy and confidentiality: general obligations under the Privacy Act 1988 (Cth) and the Fair Work Act; the employee records exemption under the Privacy Act; andthe need for guidance material and workplace policies regarding the protection of employees’ personal information. The ALRC ultimately recommends that the OAIC and the FWO should, in consultation with unions and employer organisations, develop or revise guidance material with respect to privacy obligations arising in relation to disclosure of family violence in an employment context.
The Privacy Act and the Fair Work Act
15.71 Where employees experiencing family violence disclose family violence to employers or others, issues of privacy arise.
15.72 The principal piece of federal legislation governing information privacy in Australia is the Privacy Act 1988,which regulates the handling of personal information by the Australian Government and the ACT Government—to which 11 Information Privacy Principles apply; and the private sector—to which 10 National Privacy Principles apply.[65]
15.73 There is limited privacy protection for private sector employees under either the Privacy Act or the Fair Work Act. However, the Fair Work Act does contain some provisions with respect to employer obligations in relation to employee records.[66] For example, s 107 of the Fair Work Act notes that personal information disclosed to an employer for the purposes of accessing leave under the NES may be regulated by the Privacy Act. Further, s 535 of the Fair Work Act requires employers to make, and keep for seven years, employee records of the kind prescribed in the Fair Work Regulations, which include: basic employment details; leave entitlements; and individual flexibility arrangements.[67] Of particular relevance in light of discussion of these issues in Chapters 16 and 17, is the requirement that employers must make and keep records which, in relation to leave, set out any leave the employee takes,[68] and in relation to individual flexibility arrangements, include a copy of the agreement.[69] The Fair Work Regulations only require employers to maintain, provide access to, and correct records for inspection and auditing purposes, rather than to protect the privacy of those records.
Employee records exemption
15.74 Under the Privacy Act, the handling of an ‘employee record’ by a public sector employer is treated differently from the handling of such a record by a private sector employer. Section 6 of the Privacy Act defines ‘employee record’ as a record of personal information relating to the employment of the employee.[70] To the extent that disclosure of family violence to employers is related to the employment of the employee—for example, for the purposes of obtaining leave or utilising provisions of a family violence clause in an enterprise agreement—it is personal information that constitutes an employee record.
15.75 Government agencies must handle employee records in compliance with the Privacy Act. Private organisations, however, are exempt from the operation of the Act where an act or practice is related directly to: the employment relationship between the organisation and the individual; and an employee record held by the organisation.[71] This exemption is usually referred to as the ‘employee records exemption’.
15.76 While this type of information was considered ‘deserving of privacy protection’ when the privacy legislation was extended to the private sector in 2000, the Government noted that ‘such protection is more properly a matter for workplace relations legislation’.[72]
15.77 In For Your Information: Australian Privacy Law and Practice,ALRC Report 108 (2008) (For Your Information), the ALRC concluded that there is no sound policy justification for retaining the employee records exemption and recommended its removal.[73] Specifically, the ALRC stated that there is a lack of adequate privacy protection for employee records in the private sector, despite the sensitivity of personal information held by employers and the potential for economic pressure to be exerted over employees to provide personal information to their employers. The ALRC concluded that privacy protection of employee records should be located in the Privacy Act to ensure maximum coverage of agencies and organisations and to promote consistency, but commented that this protection should be in addition to that provided by other laws, such as the relevant provisions in the then Workplace Relations Regulations.[74]
15.78 Stakeholders in this Inquiry expressed differing views with respect to the employee records exemption. As outlined in the Family Violence—Commonwealth Laws, ALRC Discussion Paper 76 (2011), stakeholders such as the Australian Chamber of Commerce and Industry opposed its removal,[75] however the OAIC and others supported the removal of the exemption to ‘better protect and support those experiencing family violence’.[76]
15.79 Concerns about privacy may result in employees being reluctant to disclose family violence. To the extent that the employee records exemption may create any additional concerns or barriers on behalf of employees, which may discourage disclosure of family violence, the ALRC considers that this (in addition to the policy reasons expressed in For Your Information) provides an additional consideration in support of amendment of the Privacy Act to remove the employee records exemption. In light of the ALRC’s previous exposition of this issue and the Australian Government’s commitment to considering whether the employee records exemption should be retained,[77] rather than making a recommendation in this Report, the ALRC simply reiterates the views expressed in For Your Information.
Guidance material and workplace policies
15.80 In this Report, the ALRC makes a number of recommendations likely to increase disclosure of family violence by employees in an employment context, for example to access leave or flexible working arrangements. A number of stakeholders emphasised the need to maintain the confidentiality of any information about family violence disclosed to an employer, particularly where such disclosure is required to access workplace rights or entitlements.[78]
15.81 As a result, the development or revision of existing workplace approaches and policies may be required to ensure that information about family violence is handled sensitively and appropriately. While, in many cases, workplaces may already have adequate privacy policies in place, the ALRC considers that additional guidance may be necessary.[79]
15.82 The OAIC and the FWO currently produce a variety of material. For example, the OAIC produces a range of information sheets, case notes and other publications. FWO produces a Best Practice Guide on Workplace Privacy.[80] The ALRC recommends that the OAIC and FWO, in consultation with unions and employer organisations, should develop or revise guidance for employers which, as well as ensuring compliance with obligations arising under the Privacy Act, specifically safeguards the personal information of employees who have disclosed family violence.[81]
15.83 While some stakeholders supported the development of a model policy or clause,[82] the ALRC considers that the development of comprehensive guidance material, rather than a model policy, would be more effective. As noted by the OAIC, the ‘availability of a model privacy policy may encourage organisations to adopt such a policy without consideration for the particular circumstances of that specific workplace’.[83]
15.84 The ALRC considers that any guidance material should contain information in relation to existing privacy obligations; roles and responsibilities; processes and procedures; and the potential effects of any applicable mandatory reporting or other requirements.[84]
15.85 In For Your Information, the ALRC recommended that the then Office of the Privacy Commissioner, should develop and publish specific guidance on the application of the Privacy Act to employee records to assist employers in fulfilling their obligations.[85] The OAIC supported the development and publication of guidance if the Australian Government removed the employee records exemption from the Privacy Act.[86]
Recommendation 15–2 There is a need to safeguard the personal information of employees who have disclosed family violence in the employment context. The Office of the Australian Information Commissioner and the Fair Work Ombudsman, in consultation with unions and employer organisations, should develop or revise guidance materials with respect to privacy obligations arising in relation to the disclosure of family violence in an employment context.
Verifying family violence
15.86 While ensuring that the needs of employees experiencing family violence are met, there is also a need to preserve the integrity of the system to ensure disclosure of family violence is not seen as an easy way to gain additional entitlements. The need to avoid ‘incentivising’ a claim of family violence is a theme of this Inquiry discussed in Chapter 2. To ensure the integrity of the employment system, it is necessary, in certain circumstances, to require verification of claims of family violence.[87]
15.87 Verification of family violence within the employment law system is discussed in Chapters 16 and 17, in particular, in relation to requirements under s 107 of the Fair Work Act for accessing leave under the NES and as a component of a family violence clause in an enterprise agreement or modern award. In Chapter 17, the ALRC recognises that, in order to preserve the integrity of the leave system, there is a need to ensure that employees accessing family violence leave are subject to the same requirements to demonstrate their entitlement to the leave as other forms of leave.
15.88 A key issue arises as to the type of verification of family violence that should be required. For example, in the context of access to family violence leave, stakeholders suggested that a wide range of documentary verification to support a claim of family violence may be appropriate, including a document issued by:
- a police officer;
- a court;
- a health professional, including doctor, nurse or psychiatrist/psychologist;
- a lawyer;
- a family violence service or refuge worker; and/or
- the employee, in the form of a signed statutory declaration.[88]
15.89 The OAIC emphasised the importance of individual choice with respect to verification or demonstration of an entitlement to a particular benefit:
Where there is more than one acceptable way of demonstrating an entitlement it is often better practice to offer alternatives and give individuals the choice as to the personal information they provide. Providing choice as to the source of information enables individuals to exercise a level of control over their personal information and may assist in minimising barriers to disclosure.[89]
15.90 Where relevant in Chapters 16 and 17, the ALRC has noted the need for verification of family violence. The ALRC considers that providing employees and employers with information about what might constitute appropriate verification could form part of the national education and awareness campaign or a workplace policy and be included in material about developing family violence clauses in enterprise agreements.
[65] In June 2010, the Government released an exposure draft of legislation intended to unify the Information Privacy Principles and the National Privacy Principles in a single set of 13 Australian Privacy Principles (APPs), as recommended in Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, Report 108 (2008). The Senate Standing Committee on Finance and Public Administration completed an inquiry into the exposure drafts in October 2011. The Government has indicated that it will consider the exemptions under the Privacy Act 1988: Australian Government, Enhancing National Privacy Protection—Australian Government First Stage Response to the Australian Law Reform Commission Report 108 For Your Information: Australian Privacy Law and Practice (2009).
[66] In addition to ss 107 and 535, the Fair Work Act 2009 (Cth) also imposes certain privacy obligations on permit holders (usually a union official) in relation to information obtained from the exercise of a right of entry.
[67] Ibid s 535; Fair Work Regulations 2009 (Cth) ch 3, pt 3–6, div 3.
[68]Fair Work Regulations 2009 (Cth) reg 3.36.
[69] Ibid reg 3.38.
[70] Examples of such personal information include information about the employee, such as terms and conditions of employment, personal details, performance, conduct, and hours of employment and leave.
[71]Privacy Act 1988 (Cth) ss 7(1)(ee), 7B(3).
[72]Debates, House of Representatives, 12 April 2000, 15752 (D Williams—Attorney-General). See also Revised Explanatory Memorandum, Privacy Amendment (Private Sector) Bill 2000 (Cth) 4, [109].
[73] Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, Report 108 (2008), Rec 40–1.
[74] Ibid, Ch 40.
[75] ACCI, Submission CFV 19. See also Ai Group, Submission CFV 141; CCIWA, Submission CFV 123; Business SA, Submission CFV 98.
[76] Office of the Australian Information Commissioner, Submission CFV 142. See also: ADFVC, Submission CFV 124; Redfern Legal Centre, Submission CFV 15.
[77] Australian Government, Enhancing National Privacy Protection—Australian Government First Stage Response to the Australian Law Reform Commission Report 108 For Your Information: Australian Privacy Law and Practice (2009).
[78] AASW (Qld), Submission CFV 17; Redfern Legal Centre, Submission CFV 15.
[79] Ai Group, Submission CFV 141; Business SA, Submission CFV 98. See also ADFVC, Submission
CFV 124; ASU (Victorian and Tasmanian Authorities and Services Branch), Submission CFV 113.
[80] Fair Work Ombudsman, Best Practice Guide: Workplace Privacy.
[81] ACCI, Submission CFV 128.
[82] ADFVC, Submission CFV 124; ACTU, Submission CFV 100.
[83] Office of the Australian Information Commissioner, Submission CFV 142.
[84] ACTU, Submission CFV 100.
[85] Specifically, the ALRC suggested guidance on application of Unified Privacy Principles to employee records to assist employers fulfil obligations under the Privacy Act: Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, Report 108 (2008).
[86] Office of the Australian Information Commissioner, Submission CFV 142.
[87] See, eg, Office of the Australian Information Commissioner, Submission CFV 18.
[88] Kingsford Legal Centre, Submission CFV 161; Australian Human Rights Commission, Submission
CFV 48; ADFVC, Submission CFV 26; Joint submission from Domestic Violence Victoria and others, Submission CFV 22; Queensland Law Society, Submission CFV 21; Office of the Australian Information Commissioner, Submission CFV 18; Redfern Legal Centre, Submission CFV 15; WEAVE, Submission CFV 14; Women’s Health Victoria, Submission CFV 11; ASU (Victorian and Tasmanian Authorities and Services Branch), Submission CFV 10.
[89] Office of the Australian Information Commissioner, Submission CFV 18.