Application of Privacy Laws

1.

Privacy in the Workplace

Employers can gain access to medical/financial records when screening applicants o This is somewhat constrained by anti-discrimination laws o However, there are difficulties to establish discrimination Davis 1996 Pre-employment screening can create issues including the impact of possible direct and indirect discrimination. Bias can be implied in informal tests. Definition of Direct/Indirect Discrimination: defined by AntiDiscrimination Acts (State and Commonwealth Statutes): Racial Discrimination Act 1975 (Cth), Sex Discrimination Act 1984 (Cth), Disability Discrimination Act (Cth), EEO Act 1995 (Vic), AntiDiscrimination Act 1977 (NSW) o Direct: understood to be less favourable treatment of an individual. o Indirect: 4 elements A requirement or condition The complainant cannot comply (ie. Only the discriminated can sue) However, a substantially higher proportion of people do comply It also must not be reasonable (ie. There are exemptions where the criteria is necessary for employment) o The Complainant bears the onus to prove that the discrimination occurred. Test employees during employment for drug or alcohol use o It is unclear (ie unexplained by the courts) whether an employee has an implied duty in their contract to be required to submit for drug testing. Unless the contract explicitly states that they must. o The direction for an employer to require a drug test of an employee being lawful depends on the requirements of the job and whether it is a risk under the WHS Act (2012) that an employee has evidence of drug or alcohol use in their body. o If the contract contains express terms that require testing (this is ok), the employer is obliged to keep the results confidential under the Privacy Act 1988 (Cth). o s172(1)(a) of the Fair Work Act (Cth) doesnt allow for these matters to be dealt with by modern award, but these can be included in enterprise agreements if the employment relationship fits into a category which requires it and is not arbitrary. Maintain surveillance of workers in and around the workplace o VLRC 2004 Workplace Privacy: Options Paper New technologies and practices for surveillance, monitoring and testing of employees include video surveillance (the fear of Big Brother is now not only limited to CCTV) telephone monitoring (customer service improvement?), tracking devices (think couriers), biometric technologies (finger print scanning to sign in for work)

o o

Surveillance Devices Act 1999 (Vic) provides some protection if for surveillance of employees who have not agreed to the surveillance. Only covers optical and auditory devices and only applies to areas which would be expected to be private Workplace Surveillance Act 2005 (NSW) regulates surveillance by video cameras, computers and tracking devices. Employees must be notified of surveillance unless approved by a magistrate. Health Records Act 2001 (Vic) only protects created health records. Telecommunications (Interception) Act 1979 (Cth) unclear whether digital methods of communicating such as email/IM (VOIP) are covered by the act as the may not fit the definition of passing over a telecommunications system. A balance between legitimate interests of employer v employee right to privacy. Tealby 1999, states that employers may be breaching the Telecommunications (Interception) Act if they monitor or even just store emails without consent. He concludes that clear legislation is required for electronic communication so that the private sector and employees know where they stand. Public sector employee records are limited in protection due to Freedom of Information Act 1982 (Cth)

Employment Records and Confidentiality o Privacy Act 1988 Up until 2000 only covered public sector employees, now includes businesses with a turnover greater than $3M, exceptions to this include health information and distribution for personal gain. Where an employee can identify a breach of the Privacy Act 1988, a complaint can be made to the Privacy Commissioner who can order compensation or a restraining order. Alternatively, under s98 an application can be made to the Federal Court or the Federal Magistrates Court The Act covers issues relation to the collection, storage and use etc of personal information, anonymity and data flow through the National Privacy Principles (NPPs). They also have special exemptions for sensitive information (ie race, sexual preference, criminal record, union membership and health) s7B(3) makes a specific exemption for any act or practice which relates to an employee record o This section allows an employer to distribute information kept in an employee record so long as it is not directly related to the employment relationship. o s6(1) definition of an employee record a record of personal information relating to the employment of the employee, and includes information about the employees health, terms of employment, their training, and the termination of the their employment. State based legislation differs on this exception: o NSW s5(3)(n) Health Records and Information Privacy Act 2002 provides similar exemptions o VIC Health Records Act 2001 has no similar exemption, and in juxtaposition places a great obligation on employers with the health information of its employees.

o C v Commonwealth Agency [2005] PrivCmrA 3 Facts: The complainant and his wife were employees of the respondent and were engaged in proceedings against the respondent. During proceedings the complainant's wife submitted that she was not able to afford certain medical expenses. The respondent obtained information about the complainant's income from its payroll as evidence of the applicant's financial standing. Held: Whilst the personal information was an employee record, the act of disclosing it to legal counsel (in relation to proceedings involving the complainant's wife) was not an act which was directly related to the complainant's employment, and as such was subject to the NPPs and did not fall within the s7B(3) exemption. o B v Cleaning Company [2009] PrivCmrA 2 Facts: When contacted by a debt collection agency, the Cleaning Company disclosed the address, financial details and other details about the complainant, a former employee. Held: This disclosure was not related to their employment and was therefore an act or practice unrelated to the administration of the complainant's employment with the cleaning company. However, none of the exceptions listed at NPP 2.1 applied to the disclosure and it was found that the cleaning company had interfered with the complainant's privacy. Otlowski 2001 s7B has been justified on the basis that it is something that personal information of an employee needs to be protected by workplace relations legislation and not broad sweeping privacy legislation. There is a difference between health, family and financial information of an employee and information relating to disciplinary action or career progression. The former should not have been an exemption. But this was ignored. He argues that the legislative protections are unsatisfactory and the common law protections are also unsatisfactory (costly to obtain). Therefore he believes that new NPPs need to be established for the employment sector. Pyman 2008 In response to the s7B exemption, Work Choices excluded all references to employee records. This approach was inadequate. Consequently, it is appropriate to remove the employee records exemption, and replace it with a more robust form of wide protections. The European model should be followed which does not treat privacy as something separate to the broader privacy debate. The European Union Data Protection Working Party also commented adversely on the employee records exemption. The Working Party reports to the European Commission, under Article 30 of the European Union Directive on the Protection of Individuals with Regard to the Processing of Personal Data and the Free Movement of such Data, on a range of issues including the protection offered to personal information in third countries. The Directive provides that Member States may transfer personal information to third countries only if those countries have adequate privacy protection in place.

The Working Party noted in relation to Australia that employee related data often contains sensitive data and [the Working Party] sees no reason to exclude it at least from the protection given by NPP 10 for sensitive information. o The FW Act s535 employers must keep and retain for seven years, employee records of the kind prescribed by the regulations in relation to each of its employees Employers should develop policies with respect to the use of email and internet systems provided. This may help with documenting dismissal for abuse of these facilities.

Australian Municipal, Administrative, Clerical & Services Union v Australia Ltd (2000) 175 ALR 173 Facts: An employee used the employers email system to distribute a union bulletin. Held: the Court had to consider whether a union delegates use of Ansetts email system was unauthorised and, as such, constituted an act of misconduct which justified her dismissal. The judge found that the use of the email system was impliedly authorised as Ansetts email guidelines permitted authorised business users. o Harvey v Qantas Airways Ltd (2003) 121 IR 351 Facts: An employee used the employers email system to ask a fellow colleague for drugs Held: dismissal upheld. Qantas had a clear workplace surveillance policy in place. The court held that because the policy was clear, Qantas should be allowed to use the e-mail as evidence of misconduct. Implications? This demonstrates that unfair dismissal laws provide little protection for employees against surveillance.

2.

Further Legislation
Fair Work Act 2009 (Cth) o s27(2)(m) allows state and territory legislation laws on workplace surveillance to apply to national system employers. These override anything in a federal award or agreement As opposed to Work Choices which limited the entitlements of State or Territory legislation that were made under employer agreements. The ACT and Victoria have adopted an over aching Human Rights approach. Both expressly include privacy and reputation amongst rights that are respected in the legislation. However, these are not actionable Unions are beginning to accord a higher priority to surveillance and privacy issues in EBAs.

3.

Common Law
There have been suggestions of a tort of privacy o Australian Broadcasting Corporation v Lenah Game Meats Pty Lts (2001) 208 CLR 199. o The idea has been entertained by lower courts such as in Doe v AVC, but higher courts have generally rejected the idea as in Giler v Procopets.

An employer may breach its implied contractual obligations if it conducted secret video/telephone surveillance, accessed personal information in the form of private e- mails/browsing logs without consent, supplied contact details to a telemarketer etc. o For example: The duty to respect confidentiality that exists both in equity and under contract. This applies to any personal information about an employee that may come into the employers possession through medical assessments, screening of emails etc. Regardless of whether the information is voluntarily disclosed or improperly or surreptitiously acquired (Aust Broadcasting v Lenah) o There is an implied obligation not to damage the relationship of trust and confidence between the parties (Sempill 2011) o Unless such actions are warranted the employer would be liable to pay compensation for any harm suffered as a result of the breach. Fitzgerald v Smith T/A Escape Hair Design (2010) o Facts: sacked from her job with the owner citing her critical Facebook posts as one of the four reasons for dismissing her. o Held: Commissioner Michelle Bissett said that it was well accepted that behavior outside of working hours might have an impact on employment.