All questions

Data protection

Although persons who collect personal data have various statutory obligations relating to its use, collection and storage under the Privacy Act (Cth) 1988 and Australian Privacy Principles (the Privacy Act) and state legislation. Some obligations vary between states but the federal obligations do not apply to employee records of a current or former employee held by an employer (commonly referred to as the employee records exemption). However, the exemption does not apply to data collected or used by employers for prospective employees or contractors.

Despite this, is it common for employers in Australia to adopt an employee privacy policy and to include wording in their employment contracts authorising the collection and use of personal data.

As a result of the employee records exemption, an employer can transfer personal data to, among others, a related company overseas. However, the company receiving the data may have its own obligations under Australian or other local law.

Employers are permitted to perform background checks (including social media searches) on prospective employees, for example, covering educational qualifications, employment history, health checks, credit checks and criminal record. In most cases, the person's consent is required to carry out these checks and the organisation performing them must comply with the Privacy Act and other applicable legislation. The employer will also need to exercise caution in how it uses the results of any such checks, so as not to fall foul of anti-discrimination legislation, among others.