Privacy Act Review Report. Chapter 7: employee records exemption. A disappointingly non committal proposal.
May 2, 2023
Chapter 7 of the Attorney Generals’ Report into the Privacy Act 1988 considers the employee records exemption in the Privacy Act 1988. The employee records exemptionwas considered at length by the Australian Law Reform Commission in its 2008 Report on the Privacy Act 1988 (Report 108, For your information). The Australian Law Reform Commission unequivocally recommended that the it be removed by the repeal of section 7B(3) of the Privacy Act. Unfortunately this Report has ummed and ahhed in face of vociferous and largely spurious objections by employer bodies who wish to retain the exemption come what may. As a result the Proposal is far from unequivocal and seeks to find a half way house of improving privacy protections of those records but not entirely removing the exemption. It also wants further consultation. Because years and years of consultation is not enough. It is a very disappointing chapter. Not as poorly analysed as the small business exemption but not good nevertheless.
The exemption applies to an act or practice of an organisation that is or was an employer as it directly related to its employment relationship with an individual. In that circumstance an employee record it holds relating to the individual is exempt. As the exemption applies to acts or practices of ‘organisations’ it covers non-public sector entities in their capacity as employers or former employers. It does not extend to ‘agencies’.
As with the small business exemption the basis for this exemption is based on flawed assumptions and poor public policy. Here the rationale was that the ‘handling of employee records is a matter better dealt with under workplace relations legislation.’
The exemption has led to anomolous outcomes. The exemption applies even in relation to the National Data Breach Notification scheme;. As such any data breach involving personal information of employees in an employee record is not subject to the scheme’s reporting requirements.
The Discussion Paper questioned Read the rest of this entry »