Spotless Group to pay $60,000 for breaching privacy of employees
Spotless Group has been ordered to pay $60,000 in damages to 14 former employees for breaching their privacy rights when it paid for them to join a union without their consent.
The employees only became aware about the unauthorised disclosure of their names to the Australian Workers’ Union (AWU) following the proceedings of the Royal Commission into Trade Union Governance and Corruption.
The employer, Spotless subsidiary Cleanevent, had an arrangement with the AWU where it negotiated an enterprise agreement that saved the company about $2 million per year in award penalty rates. The condition of the arrangement was that the union would receive an annual payment of $25,000 for employees’ union fees.
Australian Information Commissioner and Privacy Commissioner, Angelene Falk, found Spotless Group had “interfered” with the employees’ privacy in breach of the Privacy Act 1988 (Cth) by:
- Improperly disclosing the employees’ personal information to the AWU, contrary to National Privacy Principle (NPP) 2 (disclosure of personal information); and
- Failing to take reasonable steps to protect the employees’ personal information from misuse and unauthorised disclosure, contrary to NPP 4 (security of personal information).
“In substance, what occurred was that Cleanevent, at the time of payment, provided a list of employees to the AWU Vic without regard to whether they were already members of the AWU and without regard to whether they wished to become members,” Commissioner Falk said.
“The arrangement with Cleanevent resulted in a significant number of persons becoming recorded as members of the AWU when this did not make them members under the AWU Rules, and in circumstances in which some of the employees on the list were already paying members of the AWU, and others did not know that they had become members.”
Employees suffered ‘psychological damage’
While Spotless did not dispute that the unauthorised disclosures occurred, it claimed it was because two of its employees had “acted without authority and contrary to its privacy policy and processes”.
Commissioner Falk did not accept this.
However, she did not have the power to award “compensation for economic loss for differences in wages that might have been earned by the employees had the arrangement not been undertaken”.
Instead, she turned to the feelings of “anger and betrayal” the employees claimed the unauthorised disclosures had caused them, which they alleged resulted in “psychological damage”.
“I am of the view that the … disclosures offended the notion of freedom of association and [the employees] who were not already AWU members, suffered an additional level of hurt and/or humiliation arising from the disclosure(s), by the AWU being provided with their names by their employer and being unknowingly joined as nominal union members of the AWU,” Commissioner Falk said.
“This additional level of injury to feelings needs to be reflected in the different award of damages.
“For those [employees] already substantive AWU members at the time of the disclosures, I have determined that $1,500 is an appropriate amount to remedy [the employees’] injury to feelings and/or humiliation.
“For those [employees] who were not AWU members, but were nominally joined as members at the time of the disclosures, I have determined that $4,500 is an appropriate amount to remedy [the employees’] injury to feelings and/or humiliation.”
Spotless must also pay for its ‘indifference’
Spotless argued that it had “a long history of compliance” with the Privacy Act and that it had been “cooperative and conciliatory” in resolving the case, which Commissioner Falk accepted.
The company contended that the employees had “acted unreasonably in the circumstances, resulting in a protracted process and ongoing costs”.
But Commissioner Falk said that Spotless had failed to appreciate the implications of its privacy breaches.
“As an employer, Spotless was in a position of trust and confidence with respect to its employees and their information that it held. Its conduct damaged that relationship of confidence and trust,” she said.
“In consideration of this, I accept that the apparent indifference of Spotless towards its privacy obligations in respect of employee information, was a source of additional hurt for [the employees].
“I have decided that the circumstances justify an award of aggravated damages in the sum of $1,500 to each [employee].”
In addition to paying financial compensation, Spotless was ordered to conduct an independent review of the company’s current privacy compliance procedures, policies and processes and conduct a follow-up assessment in six months.
Commissioner Falk also ordered that the company issue a written apology to each affected employee “acknowledging its interference with their privacy and the distress it has caused”.
Get the latest employment law news, legal updates, case law and practical advice from our experts sent straight to your inbox every week.