We analyse the key areas of privacy law reform which took effect on 12 March 2014 and provide some practical steps to help your organisation achieve compliance.
The Australian Privacy Commissioner (Privacy Commissioner) has made it clear he will not shy away from using his expanded enforcement powers, which include the ability to seek penalties of up to AU$1.7 million for corporations and AU$340,000 for individuals, for breaches of the amended Privacy Act 1988 (Cth) (the Act)
Why the Amendments?
The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Amendment Act) made substantial changes to the Act to bring it in line with modern expectations about privacy regulation.
In August 2008, after a 28-month inquiry, the Australian Law Reform Commission tabled a report on the extent to which the Act provided an effective framework for the protection of personal information (ALRC Report).
The ALRC Report made 295 recommendations for reform. These recommendations formed the basis for the first phase of reforms, which came into force on 12 March 2014.
What Has Changed?
APPs replace NPPs and IPPs
Under the original Act, the “National Privacy Principles” (NPPs) applied to private sector organisations and the “Information Privacy Principles” (IPPs) applied to federal and ACT government agencies. The amendments to the Act amalgamated the NPPs and IPPs into 13 “Australian Privacy Principles” (APPs) which apply to all entities which are covered by the Act, being private sector organisations, the commonwealth public sector, businesses that deal in personal information and organisations registered under the Fair Work (Registered Organisations) Act 2009 (Cth).
Small businesses with an annual turnover of less than AU$3 million are not covered, unless they are health service providers.
We briefly examine the most significant APPs:
Click here top view table.
What Should Employers Do?
- The employee records exemption still applies, meaning employee records are exempt from the operation of the Act. Employers should remember the exemption does not extend to information collected about job applicants who are not ultimately employed or to independent contractors.
- Consider how and when your organisation collects personal information and examine your practices and systems to ensure compliance with the Act to identify areas of “privacy risk”.
- Implement a process and nominate a person within your organisation to deal with complaints or inquiries about privacy. Remember the Privacy Commissioner can now investigate, audit and prosecute your business on his own accord – there is no need for a complaint to have been made to ‘trigger’ an investigation.
Most of you will be aware that employees are entitled under the Fair Work Act 2009 (FW Act) to have a support person present during investigation and disciplinary proceedings which may result in dismissal. What can often be unclear is what role the support person plays and whether an employer can object to someone being a support person. The Full Bench in the case of Victorian Association for the Teaching of English Inc v Debra de Laps  FWCFB 613 has recently clarified that the role of the support person is to simply provide emotional support and take notes on behalf of the employee, not to be an advocate. Unlike circumstances involving a union representative who may be permitted to speak on behalf of an employee, a support person cannot act as an advocate unless the employee is unable to effectively communicate due to disability issues.
What about where an employee nominates a colleague as their support person, but that colleague is also involved in the material event (i.e. a witness in relation to an allegation)? It would be reasonable in these circumstances to direct the employee to select someone else who is not involved in the event, to prevent collusion and any contamination of evidence.
Did You Know?
A failure to follow lawful and reasonable directions by an employer to attend a medical assessment may provide legitimate grounds for disciplinary action including termination.
In a recent case, the Fair Work Commission (FWC) found a boilermaker had not been unfairly dismissed, after his employer terminated his employment for refusing to follow lawful and reasonable directions to attend a medical assessment and to participate in a disciplinary investigation.
When the boilermaker stated he was fit to return to his pre-injury duties after a lengthy injury-related absence, the employer requested evidence of his medical clearance beyond a medical certificate declaring him “fit to return to normal duties”. The employer requested the employee attend a medical specialist of its choosing for an independent assessment. The boilermaker refused to attend the scheduled appointments, even when warned disciplinary action would follow if he continued to be uncooperative.
The FWC found that in the circumstances, the concerns of the employer were reasonable. Without medical advice or information provided regarding the specific nature of the boilermaker’s medical condition and given the inherently dangerous nature of the workplace (a coal mine), the employer acted in accordance with its duty of care and obligation to ensure a safe workplace.
Mr Darrin Grant v BHP Coal Pty Ltd  FWC 1712 (14 March 2014)
Click here to view table.