Resources: Blog

Employee access and use of personal information

Blog
|

Private eyes (are watching you)

For some positions, client information is at our fingertips and often just a keystroke or mouse click away. This was the position that a NSW Police Constable was in when he used the NSW Police database system to look up the police record of a woman he was flirting with earlier this year.

For some positions, client information is at our fingertips and often just a keystroke or mouse click away.

This was the position that a NSW Police Constable was in when he used the NSW Police database system to look up the police record of a woman he was flirting with earlier this year.

The Police Constable had met the woman on eHarmony and exchanged text messages with her, one of which jokingly stated that he would “check and make sure” that she was the “cleanskin” she had claimed to be. The Police Constable later texted the woman teasing about her speeding fines and noting that she had some domestic violence matters recorded.

An investigation by the NSW Police Professional Standards Command later discovered that the NSW Police Constable had accessed the records. He was charged and earlier this month pleaded guilty to accessing restricted data held in a computer.

It is not only in law enforcement where the risk of breaching a person’s privacy (by accessing confidential information) arises. The risk will arise wherever any personal information is collected: consider for example, a nurse or medical receptionist who has access to medical records (for example, checking medical history), or a bank teller who can access customer bank records (for example the assets / debts of a potential partner). There is also the potential for employees who have access to this information to use it for their own purpose / financial gain (e.g. fraudulent transactions and/or selling customer information).

 

What are the privacy obligations on businesses?

In Australia there are actually many legislative sources of confidentiality, the most obvious being the Privacy Act 1988 (Cth). That Act sets out Australian Privacy Principles (APPs) which apply to Australian government agencies, businesses and organisations with an annual turnover of more than $3 million and private health service providers. The 13 APPs cover the management, collection and use of personal information.

Under the Act, personal information must only be used for the purpose it was collected for and must not be used or disclosed for another purpose without consent (and subject to other exceptions). Obviously, information on a police database would not have been collected for the purpose of permitting background checking of a “Tinder match”.

Importantly, under the Act businesses also have an obligation that the personal information is kept secure and protected from misuse or unauthorised access and disclosure.

 

How can businesses keep client information confidential and prevent or limit unauthorised access by employees to this information?

In the scenario discussed above, the NSW Police Force database had a clear message upon logging in, that the information was confidential, was not to be disclosed to unauthorised persons and not to be accessed for personal reasons.

It is recommended that businesses have a privacy policy that clearly reminds the person accessing that information is personal in nature and must not be misused (i.e. for personal use) and only to be accessed with authorisation (i.e. looking up health records not as a course of normal duties).

Employees should also be trained that personal information is “private and confidential” and on their obligations when handling or using such information.

 

Information provided in this blog is not legal advice and should not be relied upon as such. Workplace Law does not accept liability for any loss or damage arising from reliance on the content of this blog, or from links on this website to any external website. Where applicable, liability is limited by a scheme approved under Professional Standards Legislation.

 

Similar articles

What is the difference between confidential information and “know-how”?

No way, know how

During the course of the employment relationship, employees will inevitably gain knowledge or be exposed to information about the employer’s business that is considered confidential to its operations and which the employer does not want to be put out into the public domain.

Read more...

Fair Work Commission finds out-of-hours drink driving offence was not a valid reason for dismissal

Off the clock

Generally, the way in which an employee conducts themselves out-of-hours does not fall within the realm of what the employer can supervise or control. However, there are times where an employee’s conduct after business hours and away from work can impact the employment relationship.

Read more...

Vaccinations and the workplace

Shots fired

One of the most topical questions for employers during the COVID-19 pandemic has been whether they need to introduce policies that mandate vaccinations and, if so, what can be done to enforce them in the workplace.

Read more...

Commission finds mask mandate to be a lawful and reasonable direction

Mask up

Employees have a duty to comply with lawful and reasonable directions from their employer. In the current COVID-19 context, a key concern for employers is whether it is lawful and reasonable to issue directions related to safety matters arising from the pandemic.

Read more...

Lack of consultation rendered mandatory vaccination requirement unreasonable

Talk before you walk

Consultation with employees always plays an important part when introducing changes in the workplace. Under work health and safety legislation, employers have a duty to consult with their workers as far as reasonably practicable in relation to health and safety matters.

Read more...

Offers of alternative employment in redundancy cases

An offer you can refuse

In most cases of redundancy, employers have an obligation to consult with affected employees about the proposed redundancy and consider whether or not anything can be done to mitigate or minimise the impact on the employee, such as redeployment or obtaining other acceptable employment for the employee.

Read more...

Let's talk

please contact our directors to discuss how ouR expertise can help your business.

We're here to help

Contact Us
Let Workplace Law become your partner in Workplace Relations.

Signup to receive the latest industry updates with commentary from the Workplace Law team direct to you inbox.