Resources: Blogs

Just one look...

Blogs
|

Employees’ access to personal information

Just one look... or in the case for one former job centre employee, thirty five unauthorised “looks” at an ex-lover’s job seeker profile.

Just one look... or in the case for one former job centre employee, thirty five unauthorised “looks” at an ex-lover’s job seeker profile.

It was recently reported in the media that an employee who worked for a job services provider was convicted of criminal offences for accessing restricted data without authorisation.

The employee was involved in a personal relationship with a co-worker, which ended in 2014. When the co-worker eventually left the employment in 2015, the employee repeatedly called him and his new girlfriend.

Since the break-up, the former co-worker had changed his mobile number on multiple occasions and had only divulged his number to a limited number of people and organisations. One of those organisations was a job services provider that used the Department of Employment’s restricted access “Employment Services System.” The employee also had access to the “Employment Services System” in her employment.

When charging the employee with offences, the NSW Police alleged that the employee had used the restricted Employment Services System to obtain her former co-worker’s mobile numbers. The employee illegally accessed his profile on the Employment Services System a total of thirty five times.

Naturally, the employee required access to the Employment Services System to do her job, but in this case her access was misused to obtain personal information about her ex-lover.

Wherever personal information is collected and stored, there exists a risk of rogue employees doing the wrong thing with personal information. Businesses have special responsibilities to ensure that personal information is not misused and is safely stored – this includes access and use by their own employees.

The Australian Privacy Principles (APPs) set out under the Privacy Act 1988 (Cth) provide that personal information must only be used for the purpose it was collected for and must not be used or disclosed for another purpose without consent (subject to certain exceptions). Furthermore, the businesses must keep personal information secure and protect it from misuse, unauthorised access and disclosure.

Human resources professionals often have access to and handle more personal information than other positions and should be alert to and aware of their privacy obligations. For example, what can be disclosed about an employee as part of an employment check or loan application?

To ensure compliance with privacy obligations, businesses must adopt a privacy policy that, at a minimum, outlines:

  • What is “personal information”;
  • How personal information is collected and maintained;
  • How personal information will be secured, including determining or limiting who will have access to personal information;
  • That personal information must not be misused (including used for a personal reason or financial gain);
  • That personal information must not be disclosed to unauthorised persons or for a purpose other than which that information was collected for; and
  • Consequences for breaches of the privacy policy and/or privacy laws.

Access to personal information must be strictly on a “need to know” basis. Employers should monitor and restrict access to personal information to those who require the information for their normal duties and provide training to employees about accessing other people’s personal information and their obligations.

 

Similar articles

Employer’s “tick and flick” training on workplace policies rendered dismissal unfair

Not just the what, but also the why

When relying on a workplace policy as grounds for dismissal, employers must be able to clearly demonstrate that the employee is aware of the policy and has undergone meaningful training on the policy.

Read more...

The importance of making policies accessible and easy to understand

Tell me in layman’s terms

Drafting workplace policies and procedures can be a daunting exercise – it requires a careful balance of including (or omitting) information that is necessary from a legal standpoint, whilst still remaining easy to understand and follow for employees.

Read more...

What is the difference between confidential information and “know-how”?

No way, know how

During the course of the employment relationship, employees will inevitably gain knowledge or be exposed to information about the employer’s business that is considered confidential to its operations and which the employer does not want to be put out into the public domain.

Read more...

Commission finds no objective or rational connection between an employee’s age and his flexible working request to work from home

The age of flexibility

An employee will only be eligible to request a flexible working arrangement if they are able to demonstrate that there is a sufficient nexus between one of the prescribed circumstances under the Fair Work Act 2009 (Cth) and the request itself.

Read more...

Employer’s “tick and flick” training on workplace policies rendered dismissal unfair

Not just the what, but also the why

When relying on a workplace policy as grounds for dismissal, employers must be able to clearly demonstrate that the employee is aware of the policy and has undergone meaningful training on the policy.

Read more...

Commission finds employer’s unsubstantiated allegations rendered dismissal unfair

Not mushroom for error

Where there is a factual dispute about allegations made against an employee, employers must ensure that the allegations are properly tested before proceeding to a disciplinary process. This will ensure that the employee has been provided with procedural fairness and any reasons relied on by the employer as grounds for dismissal are valid.

Read more...

Let's talk

please contact our directors to discuss how ouR expertise can help your business.

We're here to help

Contact Us
Let Workplace Law become your partner in workplace law and sports law.

Sign up to receive the latest industry updates with commentary from the Workplace Law team direct to your inbox.