Some background information on the Employee Record exemption from the Privacy Act (which will continue to apply to private entities from March 2014) :
Employee Record – Privacy Act 1988 (Cth) Exemption
The Employee Record exemption from the Privacy Act is the one that most people find puzzling.
To provide more background - The following is taken from Fact Sheet 12, published by the Office of the Australian Information Commissioner: http://www.oaic.gov.au/privacy/privacy-resources/privacy-fact-sheets/other/information-sheet-private-sector-12-2001-coverage-of-and-exemptions-from-the-private-sector-provisions (current October 11, 2013):
Acts and practices not covered by the Privacy Act
Certain acts and practices of organisations are also exempt from the coverage of the Privacy Act (section 7B).
Acts and practices of employers in relation to employee records
In some circumstances, the handling of employee records in relation to current and former employment relationships by an employer is exempt from the National Privacy Principles (NPPs) (section 7B(3)).
Background to the exemption
At the time the private sector amendments passed through Parliament in December 2000, the Attorney-General stated that:
'While employee records deserve privacy protection, it is the Government's view that such protection is more properly a matter for Workplace Relations legislation.... The Government will review existing Commonwealth, State and Territory laws to consider the extent of privacy protection for employee records and whether there is a need for further regulation.'
In the meantime, the Commissioner encourages employers to consider the privacy of their employee records even if their acts and practices in relation to them are covered by this exemption.
Acts and practices directly related to the employment relationship
To be exempt, an act or practice relating to the employee record must be directly related to the employment relationship. This means that acts or practices of an employer that are outside the scope of the employment relationship are not exempt. For example, an employer could not sell a list of employees to another organisation for marketing purposes.
Current or former employment relationship
The act or practice must also be directly related to a current or former employment relationship. This does not cover future employment relationships. This means that personal information collected from prospective employees who are subsequently not employed by an organisation, such as unsuccessful job applicants, will not be covered by the employee records exemption.
However, once an employment relationship is formed with an individual, the records the employer holds relating to that individual's pre-employment checks become exempt.
An employee record means a record of personal information relating to the employment of the employee (section 6(1)). It includes health information about an employee and personal information relating to:
· the engagement, training, disciplining, resignation or termination of employment of an employee;
· the terms and conditions of employment of an employee;
· the employee's performance or conduct, hours of employment, salary or wages, personal and emergency contact details;
· the employee's membership of a professional or trade association or trade union membership;
· the employee's recreation, long service, sick, maternity, paternity or other leave; and
· the employee's taxation, banking or superannuation affairs.
Employers may not be able to assume that all the information they hold that relates to an individual employee would be an employee record. For example, emails that an employee has received from third parties outside the organisation may not necessarily be an employee record. Depending on the circumstances, the exemption may also not cover the content of many other employee emails.
Contractors of employers
This exemption does not cover contractors and subcontractors when they handle the personal information of the employees of another organisation, notwithstanding those contractual arrangements. In many circumstances, the employee records exemption may not apply to organisations that provide recruitment, human resource management services, medical, training or superannuation services under contract to an employer.
An organisation that collects employee records about a person from the organisation employing that person will have to comply with the notice requirements of NPP 1. This exemption does not cover workers' compensation insurers that are not the employer of an individual.