As an individual, it’s understandable to be concerned about your privacy, especially in the digital age where cyber-attacks and data breaches seem to be occurring more frequently.
As a result, it is proposed to strengthen the Privacy Act.
In February of this year, the Attorney-General’s Department released a 320-page Report on the Privacy Act Review that outlines proposals for stronger privacy protections. These proposals were developed in response to calls for more effective enforcement, better remedies for individuals, and alignment with international standards.
If you’re an employer, you’ll want to pay attention to the report’s discussion of the employee records exemption. The report suggests that private sector employees should have enhanced privacy protections, but it didn’t specify what those protections should look like. Instead, the report recommends further consultation with both employees and employers to determine the best approach.
What do employers need to know about the Privacy Act report?
The review of the Privacy Act has potential implications for employers. One area of focus is the employee records exemption (ER Exemption), which currently exempts employers from certain privacy obligations in relation to employee records.
The report suggests three options for reforming the ER Exemption, but stakeholders are divided along employer/employee lines regarding whether and how to reform it. Employers are concerned about increased regulation, while employees want their personal information to be protected.
Three options for reforming the ER Exemption are being considered:
- Remove the ER Exemption completely
- Modify the ER Exemption to better protect employee records but retain the flexibility that employers need to administer the employment relationship.
- Retain the ER Exemption in its current form and use workplace relations legislation to enhance employee privacy protections.
If the ER Exemption is reformed, employers may be required to provide greater transparency to employees about the collection and use of their personal information, protect their personal information from misuse, loss, or unauthorised access, and notify employees and the Office of the Australian Information Commissioner of any data breaches that are likely to result in serious harm.
What does HR need to be aware of?
If you’re in HR, you should be paying close attention to the Privacy Act review because any changes t will directly impact how you manage employee data.
Legal sources indicate that the removal or restriction of the employer exemption to the Privacy Act will require HR teams to take on more responsibility for data governance and risk mitigation. This means you’ll need to review all employee data currently held by the organisation and make plans to manage that data more effectively.
You’ll also need to redesign existing systems to address compliance issues. These changes will require immediate action from HR departments, including a comprehensive review of employee data.
In the past, you may have relied on employment lawyers to provide advice on how to handle privacy law and data breaches. But with the potential changes to the Privacy Act, it’s important for HR to take a more proactive approach to data management and ensure they are compliant with any new regulations. Stay informed and engaged in the consultation process to ensure any reforms are implemented in a way that is reasonable and workable for your business.
How does this impact HR departments?
As the resident “people” people, HR teams has responsibility for educating managers and supervisors on the changes to legislation to mitigate the risk of unintentional breaches. HR teams would need to review of all employee data, while mapping the use and purpose of this data to understand the flow-on effects of changes to data collection and storage procedures. These questions HR need to be asking include:
- What data do we hold?
- What data do we hold that is non-compliant with the new legislation?
- What have we used this data for? Could copies exist elsewhere in our network?
- Why did we begin collecting this data in the first place?
- What reporting mechanisms will change or no longer be possible once we achieve compliance?
- What downstream effects will this have on our employee management and support initiatives?
Employers need to understand the potential impact of changes to employee data collection and retention beyond just compliance. These changes can impact various business practices, including reporting, diversity and inclusion, and workforce planning.
HR teams need to be actively involved in the discussion and have a seat at the table to help the business adjust to its new responsibilities.
It’s crucial to stay informed and up to date on any changes that may affect your employees’ privacy rights, as the extent and implementation of any reforms are yet to be determined. We’re here to support you through these changes and ensure your HR practices align with the evolving privacy laws.
Akyra’s Key Takeaways
- If the employee records exemption is reformed, employers may need to provide greater transparency to employees about the collection and use of their personal information, protect their personal information from misuse, loss, or unauthorised access, and notify employees and the Office of the Australian Information Commissioner of any data breaches that are likely to cause harm.
- Be aware of the potential changes to privacy laws and take a more proactive approach to data management, including reviewing all employee data currently held by the organisation and making plans to manage that data more effectively.
- Educate managers and supervisors on the changes to legislation and measure the impacts of changes to employee data collection and retention.
NEED MORE INFORMATION?
Akyra is here to help address all your questions and concerns related to understand these changes to privacy legislation, implementing effective HR strategies, and ensuring your organisation stays ahead of any potential violation of changing legislation. Please contact Akyra on 07 3204 8830 or book a free 30-minute consultation for an obligation-free conversation.
Disclaimer – Reliance on Content
The material distributed is general information only. The information supplied is not intended to be legal or other professional advice, nor should it be relied upon as such. You should seek legal or professional advice in relation to your specific situation.