Professional Documents
Culture Documents
Workplace Privacy Best Practice Guide
Workplace Privacy Best Practice Guide
Workplace Privacy Best Practice Guide
Working at best practice There is also a checklist to assist with achieving best
practice on workplace privacy.
Employers should implement best practice when it comes
to maintaining privacy in the workplace. It is important This guide illustrates best practice when it comes
for employers, employees and their representatives to to workplace privacy. For more specific information
know what information may be collected and retained regarding your minimum legal obligations and
by employers and whether it can be passed on to others. entitlements, contact the organisations listed under the
Best practice creates certainty and security for both For more information section at the end of this guide.
employers and employees.
what is privacy
For specific information about APPs visit the website It is good privacy practice for employers to tell employees
of the Office of the Australian Information Commissioner when they collect their personal information. In doing
at www.oaic.gov.au. so, the employer could tell the employee why they are
collecting the information and who the employer might
pass that information on to.
What is personal information?
Best practice employers allow employees to access
Personal information is information that identifies a
personal information about themselves which is held by
person. There are some obvious examples of personal
their employer. Employees should also be able to have
information such as a persons name or address. Personal
that information corrected or verified if it is incorrect,
information can also include photos, credit history
out of date or incomplete.
information, bank account details and even information
about what a person likes, their opinions and where they
work - basically any information where the person is General privacy principles
reasonably identifiable.
The Office of the Australian Information Privacy
Personal information can be sensitive in nature such as Commissioners website contains further information on
information about a persons race, ethnicity, political good practice for organisations dealing with employees
opinions, membership of political associations, personal information. The guides deal with:
membership of professional associations and trade
unions, religious or philosophical beliefs, sexual iting the collection of information
preferences, health and genetic information or criminal
records. The APPs provide higher privacy standards viding notice to individuals about the potential
when organisations are handling an individuals sensitive ection, use and disclosure of personal information
information. Best practice employers apply the same
higher standards even where they are not covered by the closing personal information
Privacy Act 1988 (Cth) to ensure that sensitive personal
ping personal information accurate, complete
information is handled appropriately.
d up-to-date
Information for references The preparation of a best practice internet and email
usage policy can include:
Sometimes employers are approached to provide
employment references about former or current
consulting with employees about the policy
employees. Providing information that relates directly
during the policys development. This will help the
to the employment relationship between an employer
employer to understand the types of legitimate
and employee is not a breach of Commonwealth
activities for which staff are using email and web
privacy laws. Information that directly relates to the
browsing. A consultative process can also increase
employment relationship can include things such as the
employees awareness of the possible risks to
employees skills, performance, conduct, and their terms
the business associated with improper email and
of employment.
internet use
In general, best practice employers consider whether
to disclose personal information about an employee developing and communicating to the employees
without their consent. If an individual applying for a a policy which outlines the obligations and
job has asked a former employer to act as a referee, the responsibilities of employees and the employer
former employer can assume, when contacted for a in relation to use of electronic communication
reference, that they have the individuals implied consent mediums. A best practice policy will:
to disclose relevant information about them. However, if
explain clearly what is appropriate use of email
the former employer has not been asked by the individual
and internet at work
to be a referee and is contacted for a reference, generally
the former employer should seek the consent of the outline what personal use of email both within
individual before disclosing information about them. the organisation and externally, is appropriate
Best practice employers also consider what information outline types of use that are prohibited
is appropriate to provide in a reference. In some refer to any relevant legislation regarding use
circumstances, it may not be good practice to disclose and access
personal information about, for example, an employees
medical history. The Office of the Australian Information outline what information is logged and who
Commissioner can provide more information on this in the organisation has rights to access the
matter. logs and content of staff email and
browsing activities
set out in plain English how the business intends
What about email and the internet? to monitor or audit employee compliance with
Employee and employer use of internet and email can its rules relating to acceptable usage of email
raise issues about workplace privacy. Password access and and web browsing
login codes may give employees the impression that their outline potential consequences for misuse of
email and web browsing activities during work hours are email or web browsing.
private. Employees may not be aware that these activities
can be scrutinised by their employer. reviewing the policy with employees on a regular
basis. This will help the policy to keep up with
Clear workplace policies can help to ensure that both
the development of the internet and information
employees and employers understand the expectations
technology. The policy should be re-issued to all
and responsibilities that apply to email and internet use.
employees whenever significant change is made so
they are aware of any change and to reinforce the
organisational message.
4
Similar issues (and best practice responses) may arise
from the use of company-provided mobile phones and
other electronic devices when accessed for personal use.
Disclaimer
The Fair Work Ombudsman is committed to providing you with advice that you can rely on.
The information contained in this Best Practice Guide is general in nature. If you are unsure about how it applies to your situation you
can call our Infoline on 13 13 94 or speak with a union, industry association or a workplace relations professional.