New Australian Privacy Laws and What They Mean for Your Business

The review of the Privacy Act has potential implications for employers. One area of focus is the employee records exemption (ER Exemption), which currently exempts employers from certain privacy obligations in relation to employee records.

The report suggests three options for reforming the ER Exemption, but stakeholders are divided along employer/employee lines regarding whether and how to reform it. Employers are concerned about increased regulation, while employees want their personal information to be protected.

Three options for reforming the ER Exemption are being considered:

1. Remove the ER Exemption completely
2. Modify the ER Exemption to better protect employee records but retain the flexibility that employers need to administer the employment relationship.
3. Retain the ER Exemption in its current form and use workplace relations legislation to enhance employee privacy protections.

If the ER Exemption is reformed, employers may be required to provide greater transparency to employees about the collection and use of their personal information, protect their personal information from misuse, loss, or unauthorised access, and notify employees and the Office of the Australian Information Commissioner of any data breaches that are likely to result in serious harm.

If you’re in HR, you should be paying close attention to the Privacy Act review because any changes t will directly impact how you manage employee data.

Legal sources indicate that the removal or restriction of the employer exemption to the Privacy Act will require HR teams to take on more responsibility for data governance and risk mitigation. This means you’ll need to review all employee data currently held by the organisation and make plans to manage that data more effectively.

You’ll also need to redesign existing systems to address compliance issues. These changes will require immediate action from HR departments, including a comprehensive review of employee data.

In the past, you may have relied on employment lawyers to provide advice on how to handle privacy law and data breaches. But with the potential changes to the Privacy Act, it’s important for HR to take a more proactive approach to data management and ensure they are compliant with any new regulations. Stay informed and engaged in the consultation process to ensure any reforms are implemented in a way that is reasonable and workable for your business.

As the resident “people” people, HR teams has responsibility for educating managers and supervisors on the changes to legislation to mitigate the risk of unintentional breaches. HR teams would need to review of all employee data, while mapping the use and purpose of this data to understand the flow-on effects of changes to data collection and storage procedures. These questions HR need to be asking include:

1. What data do we hold?
2. What data do we hold that is non-compliant with the new legislation?
3. What have we used this data for? Could copies exist elsewhere in our network?
4. Why did we begin collecting this data in the first place?
5. What reporting mechanisms will change or no longer be possible once we achieve compliance?
6. What downstream effects will this have on our employee management and support initiatives?

Employers need to understand the potential impact of changes to employee data collection and retention beyond just compliance. These changes can impact various business practices, including reporting, diversity and inclusion, and workforce planning. 

HR teams need to be actively involved in the discussion and have a seat at the table to help the business adjust to its new responsibilities. 

It’s crucial to stay informed and up to date on any changes that may affect your employees’ privacy rights, as the extent and implementation of any reforms are yet to be determined. We’re here to support you through these changes and ensure your HR practices align with the evolving privacy laws.