Employee records of agencies, such as Australian government entities, are covered by the Privacy Act 1988 (Cth). However, private sector employee records are generally exempt from its application. The Federal Government is proposing significant changes to the employee records exemption. This will provide private sector employees with enhanced transparency on what their personal and sensitive information is being collected and used for.

Employee personal information will be protected from misuse, loss or unauthorised access, and will need to be destroyed when it is no longer required. An obligation will arise to notify affected employees and the Information Commissioner of any data breach involving employee personal information that is likely to result in serious harm.

At the same time, employers will still have adequate flexibility to collect, use and disclose employee information that is reasonably necessary to administer the employment relationship. This will include addressing the appropriate scope of any individual rights and the issue of whether consent should be required to collect employees’ sensitive personal information.

The changes being considered will allow privacy codes of practice to be developed to clarify obligations regarding collection, use and disclosure of personal information.

The Federal Government is continuing to consult relevant stakeholders in developing these changes to the legislation.