A Matter of Privacy22 February 2019
Are you doing enough to protect your employees’ personal information? ACA partner Cbus explores the issues, identifying resources to assist in the protection of your employees and your practice.
Protecting personal information is increasingly important in today’s world, where such information can be easily stolen or misused. As an employer who collects personal and potentially sensitive information about your employees, have you had a chance to think about what you can do to protect their personal information and privacy rights?
Many Australian organisations have obligations under the Privacy Act to treat personal information more carefully than other types of information. The Office of the Australian Information Commissioner (OAIC) has released guidance on what sorts of businesses are required to comply with the information protection obligations under the Privacy Act. If you’re unsure whether the Privacy Act applies to your organisation, we suggest you seek legal advice.
Personal information can be any details about an individual, such as a person’s name, birthday, bank account details, superannuation member number or even where they work. Some information may also be sensitive, such as membership of professional associations and/or trade unions, health records and religious beliefs. Guidance from the OAIC may assist in identifying whether information is personal information.
By sharing such information, intentionally or not, you are exposing your employees and your organisation to potentially serious consequences, such as:
- Identity theft and fraud
- Reputational and/or financial loss
- Lawsuits and/or penalties
Unauthorised access or disclosure of personal information may be a data breach requiring notification or other corrective steps; see the OAIC website for information about the Australian Notifiable Data Breaches scheme.
It’s important that you don’t expose your business to such risks. Here are some dos and don’ts when it comes to protecting your employees’ information and your business:
- Store personal information and confidential documents in locked file cabinets or on a secure IT system.
- Minimise personnel access to employees’ personal information and confidential files.
- Securely dispose of personal and confidential information when it is no longer required for any business or legal purpose.
- Don’t share employees’ personal information with third parties, unless necessary (e.g. when required by government agencies or when authorised by employees).
- Don’t publish employees’ personal information (e.g. personal mobile numbers, emails, etc.) unless authorised to do so.
- Don’t retain personal data when it is no longer required for any business or legal purpose.
This article is provided by ACA National Sponsor Cbus, the industry super fund for building, construction and allied industries. It offers guidance only and does not constitute as advice. Cbus encourages employers to seek their own independent legal advice in relation to privacy obligations. For more information about Cbus, visit www.cbussuper.com.au or call them on 1300 361 784.