Are you doing enough to protect your employees’ personal information?

Charlotte BeveridgeBusiness & Management, EmployersLeave a Comment

Cbus Super: An industry super fund

Find out more in this guest blog from Cbus.

Protecting personal information is increasingly important in today’s world where such information can be easily stolen or misused. As an employer who collects personal and potentially sensitive information about your employees, have you taken a minute to think about what you can do to protect their personal information and privacy rights?

Many Australian organisations have obligations under the Privacy Act to treat personal information more carefully than other types of information1. If you’re unsure whether the Privacy Act applies to your organisation, we suggest you seek legal advice.

Personal information can be any information about an individual2 including a person’s name, birthday, bank account details, superannuation member number or even where they work. Some information may also be sensitive, such as membership of professional associations and/or trade unions, health records, religious beliefs, and more.

By sharing such information, intentionally or not, you are exposing your employees and your organisation to potentially serious consequences, such as:

  • Identity theft and fraud
  • Harassment
  • Lawsuits and/or penalties3
  • Reputational and/or financial loss

Don’t expose your business to such risks. Here are some dos and don’ts when it comes to protecting your employees’ information and your business:

DOs

DON’Ts

Store personal information and confidential documents in locked file cabinets or on a secure IT system.

Don’t share employees’ personal information with third parties, unless necessary (e.g. when required by government agencies or when authorised by employees).

Minimise personnel access to employees’ personal information and confidential files.

Don’t publish employees’ personal information (e.g. personal mobile numbers, emails, etc.) unless authorised to do so.

Securely dispose of personal and confidential information when it is no longer required for any business or legal purpose.

Don’t retain personal data when it is no longer required for any business or legal purpose.

This article was brought to you by Cbus, the industry super fund for building, construction and allied industries as guidance only. Cbus encourage employers to seek their own independent legal advice in relation to privacy obligations.

1 The Office of the Australian Information Commissioner (OAIC) has released guidance on what sorts of businesses are required to comply with the information protection obligations under the Privacy Act, see https://www.oaic.gov.au/agencies-and-organisations/business-resources/privacy-business-resource-13.

2 Guidance from the OAIC may assist in identifying whether information is personal information: https://www.oaic.gov.au/agencies-and-organisations/guides/what-is-personal-information.

3 Unauthorised access or disclosure of personal information may be a data breach requiring notification or other corrective steps, see https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme for information about the Australian Notifiable Data Breaches scheme.

Cbus’ Trustee: United Super Pty Ltd ABN 46 006 261 623 AFSL 233792 Cbus ABN 75 493 363 262.

2 Shares

Leave a Reply

Your email address will not be published. Required fields are marked *