Employee Privacy Breach | Employer Fined $60,000 | What Can We Learn?
An employer is supposed to provide a workplace that is free from workplace bullying and workplace sexual harassment. There are also many other aspects of workplace compliance that need to be put in place to create a safe place for everyone.
An employer also has a responsibility to ensure the online privacy of employees. The personal and identifiable information of employees, like phone numbers, email ids etc, are protected under the Privacy Act.
Online privacy training is a tried and tested method to ensure the privacy protection of employees. Online privacy training is not only a legal requirement but also a moral obligation of employers.
In this blog, we will investigate a case study of non-compliance regarding employee privacy and see the risk of non-compliance, how it can affect business, and what could have been done to prevent it.
Case Study
An organisation shared the names of several employees to a third party. None of the employees whose details were shared knew about this.
Once the employees became aware of this breach, they complained to the relevant authorities. They were awarded damages for non-economic loss and aggravated damages. The employer was fined $60,000 in damages.
The employer was also required to:
- Undertake an independent review of their online employee privacy policies and procedures.
- Repeat this process after six months to see the effectiveness of the initial review and report.
- Provide a written apology to all the complainants regarding the interference caused to their privacy and the harm that was caused.
- Compensate every complainant employee financially.
What could the employer have done differently?
1. Effective training to educate and increase awareness of employee privacy
The company could have trained their employees on the privacy of personal information. Companies cannot claim that they are not responsible for non-professional conduct or breaches of privacy of its employees.
This case study showcases the absence of compliance training in the workplace. Compliance training is effective, legally required, and morally right.
The most effective way to increase awareness and educate employees on employee privacy is through workplace compliance courses.
Understand what an employee record is.
An employee record is a record of personal information relating to the employment of the employee. It includes health information about an employee and personal information relating to:
- the engagement, training, disciplining, resignation or termination of employment of an employee
- the terms and conditions of employment of an employee
- the employee’s performance or conduct, hours of employment, salary or wages, personal and emergency contact details
- the employee’s membership of a professional or trade association or trade union membership
- the employee’s recreation, long service, sick, maternity, paternity or other leave
- the employee’s taxation, banking or superannuation affairs.
Not everything can be stored in an employee record. Consider this example, although bank details form part of an employee record, details from financial institutions that an employee receives on a work device are not part of an employee record. This is generally because they do not relate to the employment of the employee.
An employer also has a responsibility to ensure the online privacy of employees. The personal and identifiable information of employees, like phone numbers, email IDs etc are protected under the Privacy Act.
3. Creating a policy is the first step, and making sure it is implemented is the second, thirdly you should review it
You may have a privacy policy, but do your employees know about it? Do your employees understand it?
To create a good policy is only the first step. The second is to ensure that the policy is read and understood by everyone, and the third step is to see that the policies are effective over time.
An online workplace policy builder and records management system can not only help you build effective policies but also make sure they are stored in a location where anyone can locate them when they need to.
Employees can also be notified when new changes are made in the policies, saving any future compliance disasters and also the risk of non-compliance.
Sentrient is an online workplace compliance management system, that has been designed to provide online privacy training for Australian businesses in an easy and effective manner.
Our online workplace compliance course on employee online privacy provides training in a comprehensive, easy-to-understand and interactive manner.
Our workplace compliance policies help organisations build and implement policies throughout the organisation.
Call us at 1300 040 589 or email us at info@sentrient.com.au to learn more.