Resources: Blogs

Just one look...

Blogs
|

Employees’ access to personal information

Just one look... or in the case for one former job centre employee, thirty five unauthorised “looks” at an ex-lover’s job seeker profile.

Just one look... or in the case for one former job centre employee, thirty five unauthorised “looks” at an ex-lover’s job seeker profile.

It was recently reported in the media that an employee who worked for a job services provider was convicted of criminal offences for accessing restricted data without authorisation.

The employee was involved in a personal relationship with a co-worker, which ended in 2014. When the co-worker eventually left the employment in 2015, the employee repeatedly called him and his new girlfriend.

Since the break-up, the former co-worker had changed his mobile number on multiple occasions and had only divulged his number to a limited number of people and organisations. One of those organisations was a job services provider that used the Department of Employment’s restricted access “Employment Services System.” The employee also had access to the “Employment Services System” in her employment.

When charging the employee with offences, the NSW Police alleged that the employee had used the restricted Employment Services System to obtain her former co-worker’s mobile numbers. The employee illegally accessed his profile on the Employment Services System a total of thirty five times.

Naturally, the employee required access to the Employment Services System to do her job, but in this case her access was misused to obtain personal information about her ex-lover.

Wherever personal information is collected and stored, there exists a risk of rogue employees doing the wrong thing with personal information. Businesses have special responsibilities to ensure that personal information is not misused and is safely stored – this includes access and use by their own employees.

The Australian Privacy Principles (APPs) set out under the Privacy Act 1988 (Cth) provide that personal information must only be used for the purpose it was collected for and must not be used or disclosed for another purpose without consent (subject to certain exceptions). Furthermore, the businesses must keep personal information secure and protect it from misuse, unauthorised access and disclosure.

Human resources professionals often have access to and handle more personal information than other positions and should be alert to and aware of their privacy obligations. For example, what can be disclosed about an employee as part of an employment check or loan application?

To ensure compliance with privacy obligations, businesses must adopt a privacy policy that, at a minimum, outlines:

  • What is “personal information”;
  • How personal information is collected and maintained;
  • How personal information will be secured, including determining or limiting who will have access to personal information;
  • That personal information must not be misused (including used for a personal reason or financial gain);
  • That personal information must not be disclosed to unauthorised persons or for a purpose other than which that information was collected for; and
  • Consequences for breaches of the privacy policy and/or privacy laws.

Access to personal information must be strictly on a “need to know” basis. Employers should monitor and restrict access to personal information to those who require the information for their normal duties and provide training to employees about accessing other people’s personal information and their obligations.

 

Similar articles

The importance of making policies accessible and easy to understand

Tell me in layman’s terms

Drafting workplace policies and procedures can be a daunting exercise – it requires a careful balance of including (or omitting) information that is necessary from a legal standpoint, whilst still remaining easy to understand and follow for employees.

Read more...

What is the difference between confidential information and “know-how”?

No way, know how

During the course of the employment relationship, employees will inevitably gain knowledge or be exposed to information about the employer’s business that is considered confidential to its operations and which the employer does not want to be put out into the public domain.

Read more...

Fair Work Commission finds out-of-hours drink driving offence was not a valid reason for dismissal

Off the clock

Generally, the way in which an employee conducts themselves out-of-hours does not fall within the realm of what the employer can supervise or control. However, there are times where an employee’s conduct after business hours and away from work can impact the employment relationship.

Read more...

FWO secures penalties against bar operator and external accounting firm

Closing time

The Fair Work Act 2009 (Cth) requires employers to keep certain employee records for a period of 7 years. These records are necessary to ensure that employees have been paid their minimum entitlements should an underpayment claim be made.

Read more...

Employer found liable for workers compensation despite worker’s unreasonable perceptions

Fact or fiction

A recent decision of the New South Wales Personal Injury Commission serves as a reminder of the differing standards of proof when determining liability for claims of bullying and/or harassment under workers compensation laws and the Fair Work Act 2009 (Cth).

Read more...

Commission finds employee’s flexible working request to work entirely from home was not reasonable

The worst has now passed

One of the many changes to the Fair Work Act 2009 (Cth) introduced this year include the Fair Work Commission’s new powers to deal with disputes relating to requests for flexible working arrangements.

Read more...

Let's talk

please contact our directors to discuss how ouR expertise can help your business.

We're here to help

Contact Us
Let Workplace Law become your partner in Workplace Relations.

Sign up to receive the latest industry updates with commentary from the Workplace Law team direct to your inbox.