We're celebrating 10 Days of Membership! Today's Gift: $20 off your professional membership with promo 10DAYS20OFF
Training, policies and tools to help HR prevent and respond to harassment claims.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Develop your HR competencies and knowledge in-person in 12 U.S. cities or virtually.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
A recent decision in the New South Wales (NSW) Civil and Administrative Tribunal in Australia highlights the importance of thinking carefully about whether information constitutes personal information that may be protected by the Privacy and Personal Information Protection Act 1998 (NSW).
In CRP v. Department of Family and Community Services it was found that, in the particular circumstances of the application before the tribunal, an individual's work address was personal information that was protected by the act.
Following an incident in which a departmental employee released the applicant's work address to an estranged family member, the tribunal has definitively stated that, in these circumstances at least, doing so amounted to a breach of privacy. (The applicant's name was not provided in the decision.)
Given how easy it can be to reveal seemingly harmless information, this case demonstrates how important it is to be careful with any information that might be considered to be personal information.
The applicant was employed with the Department of Family and Community Services. He was estranged from his father, with whom he had a long-running personal dispute. The applicant's father phoned the office without identifying himself. He requested, and received, the address of the applicant's workplace: previously, he had only known the name of the organization for which his son worked.
Following this, the applicant's father went to the son's place of work, where he confronted him and handed him some documents.
The son—the applicant in the proceedings—argued that through the department's actions, his personal information had been shared in breach of the act.
The tribunal considered whether the applicant's work address was information 'about an individual' for the purposes of s4 of the act. If so, by providing the information, the employee had breached ss 17 and 18 of the act. The respondent argued that it was not, as this was information that had been shared within the normal course of business, as part of the applicant's work. The tribunal, however, found that this was not the case.
In coming to its decision, the tribunal considered the findings of several previous tribunal decisions saying that the definition of 'personal information' was to be interpreted broadly and that the tribunal should not adopt an overly technical approach. Instead, the tribunal said that it was important to consider the information that was provided in context.
Ultimately the tribunal decided that the information had been provided in a context that solely related to the applicant. At the time, there had been no indication that the phone call was made in connection with the applicant's work, or as part of his role as a caseworker. No other information was requested. By giving out the applicant's work address, the department's employee provided personal information about him, and as a result breached his privacy.
As a result of this breach, the department was ordered both to apologize to the applicant, and to review its current Privacy Management Plan. However, this case could evidently have significant general consequences. While providing a work address for a co-worker may seem harmless, as we have seen here, the results can be serious.
Alan Bradbury is an attorney with BAL Lawyers in Canberra, Australia. © BAL Lawyers. All rights reserved. Reposted with permission of Lexology.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Become a SHRM Member
SHRM’s HR Vendor Directory contains over 3,200 companies