New to HR? Templates, tools and development to make you a seasoned pro in no time.
Shawn Premer shows how doing the right thing for employees leads to positive business results.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
A recent decision in the New South Wales (NSW) Civil and Administrative Tribunal in Australia highlights the importance of thinking carefully about whether information constitutes personal information that may be protected by the Privacy and Personal Information Protection Act 1998 (NSW).
In CRP v. Department of Family and Community Services it was found that, in the particular circumstances of the application before the tribunal, an individual's work address was personal information that was protected by the act.
Following an incident in which a departmental employee released the applicant's work address to an estranged family member, the tribunal has definitively stated that, in these circumstances at least, doing so amounted to a breach of privacy. (The applicant's name was not provided in the decision.)
Given how easy it can be to reveal seemingly harmless information, this case demonstrates how important it is to be careful with any information that might be considered to be personal information.
The applicant was employed with the Department of Family and Community Services. He was estranged from his father, with whom he had a long-running personal dispute. The applicant's father phoned the office without identifying himself. He requested, and received, the address of the applicant's workplace: previously, he had only known the name of the organization for which his son worked.
Following this, the applicant's father went to the son's place of work, where he confronted him and handed him some documents.
The son—the applicant in the proceedings—argued that through the department's actions, his personal information had been shared in breach of the act.
The tribunal considered whether the applicant's work address was information 'about an individual' for the purposes of s4 of the act. If so, by providing the information, the employee had breached ss 17 and 18 of the act. The respondent argued that it was not, as this was information that had been shared within the normal course of business, as part of the applicant's work. The tribunal, however, found that this was not the case.
In coming to its decision, the tribunal considered the findings of several previous tribunal decisions saying that the definition of 'personal information' was to be interpreted broadly and that the tribunal should not adopt an overly technical approach. Instead, the tribunal said that it was important to consider the information that was provided in context.
Ultimately the tribunal decided that the information had been provided in a context that solely related to the applicant. At the time, there had been no indication that the phone call was made in connection with the applicant's work, or as part of his role as a caseworker. No other information was requested. By giving out the applicant's work address, the department's employee provided personal information about him, and as a result breached his privacy.
As a result of this breach, the department was ordered both to apologize to the applicant, and to review its current Privacy Management Plan. However, this case could evidently have significant general consequences. While providing a work address for a co-worker may seem harmless, as we have seen here, the results can be serious.
Alan Bradbury is an attorney with BAL Lawyers in Canberra, Australia. © BAL Lawyers. All rights reserved. Reposted with permission of Lexology.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Talent Attraction Study: What Matters to the Modern Candidate
Choose from dozens of free webcasts on the most timely HR topics.
SHRM’s HR Vendor Directory contains over 3,200 companies