40.1 The Privacy Act 1988 (Cth) defines an ‘employee record’ as a record of personal information relating to the employment of the employee.[1] Under the Act, the handling of an ‘employee record’ by a public sector employer is treated differently from the handling of such a record by a private sector employer. For Australian Government agencies, the Privacy Act does not distinguish between the handling of employee records and the handling of other ‘personal information’ as defined in the Act. Accordingly, an agency must handle employee records in compliance with the Act.

40.2 In contrast, a private sector organisation that is or was an employer of an individual is exempt from the operation of the Privacy Act where its act or practice is related directly to: the employment relationship between the organisation and the individual; and an employee record held by the organisation.[2] This exemption usually is referred to as the ‘employee records exemption’.

40.3 This chapter examines whether the employee records exemption should remain. The ALRC concludes that there is no sound policy justification for retaining the employee records exemption and recommends its removal. In light of the concerns raised about the application of the Privacy Act to employee records, the ALRC also recommends that the Office of the Privacy Commissioner (OPC) should develop and publish guidance to assist employers to comply with the Act.

40.4 This chapter also considers whether evaluative materials, such as employment references, should be excluded from the application of the Privacy Act, and concludes that they should not be excluded given that the model Unified Privacy Principles (UPPs) are sufficiently flexible to accommodate the competing interests.

40.5 Finally, the chapter discusses whether privacy protection of employee records should be located in the Privacy Act or in other legislation. The ALRC concludes that privacy protection of employee records should be located in the Privacy Act to ensure maximum coverage of agencies and organisations and to promote consistency.[3]

[1] Privacy Act 1988 (Cth) s 6(1).

[2] Ibid ss 7(1)(ee), 7B(3).

[3] The chapter does not deal with other workplace privacy issues, such as workplace surveillance (including email and internet monitoring), covert surveillance practices, surveillance and monitoring employees outside of work, and genetic testing in the workplace. As discussed in Ch 1, these issues have been considered in a report by the Victorian Law Reform Commission into workplace privacy: Victorian Law Reform Commission, Workplace Privacy: Final Report (2005). The VLRC report is under consideration by the Standing Committee of Attorneys-General.