Privacy Rules

An employer has been hit with $60,000 in damages for giving employees names to a union without the employees’ consent.

The trouble started for the company during the Royal Commission into Union Corruption when it was discovered that the company had furnished employees’ names, and a cheque, to the union, during enterprise bargaining negotiations.

But the problem for the employer was that the employees knew nothing about this, and their names were given to the union so that their ‘union membership’ could be properly recorded. When the employees found out, they sued the employer for breaching their privacy.

The matter came before the Australian Information Commissioner and Privacy Commissioner (AIC) who found that the employer improperly disclosed personal information contrary to the National Privacy Principles (NPP) and secondly, of failing to protect the employees’ personal information.

The AIC did not act against the employer because of the enterprise agreement deal – making it clear it was not within its jurisdiction. Rather, it focussed solely on the privacy aspect.

This means that even an ostensibly beneficial relationship between employee and union is not something to be taken for granted when dealing with the issue of privacy and employer obligations. Employers must acquaint themselves with the NPP and ensure employees’ personal information is properly managed and protected.

This company was hit with damages for giving a union names (and names only). For an employer who causes, either by commission or omission, personal information to leak to third parties for commercial or other purposes, the bill could be a lot higher.

‘QF’ & Others and Spotless Group Limited (Privacy) [2019] AICmr 20 (28 May 2019)