Workplace Privacy

Employers collect a range of information about staff members, including residential addresses, tax file numbers, contact details, educational histories and in some cases, more sensitive information such as medical records, criminal records, information about a person’s trade union activities, marital status, or sexuality. This page outlines laws and best practices related to workplace privacy in Australia.

Best Practice Guide

The Fair Work Ombudsman has published a Workplace Privacy Best Practice Guide to assist employers and managers to understand their privacy obligations and the work place.

Privacy Act 1988

The Privacy Act 1988, which imposes obligations for dealing with personal information, only applies to certain entities. The act applies to businesses with an annual turnover of more than $3,000,000, private health service providers, government agencies, and some small businesses.

Employers that are covered by the Privacy Act 1988 are required to have a privacy policy. It is best practice for an employer to abide by the obligations imposed under the Privacy Act 1988 even if it is not an entity that is bound by the Act.

Australian Privacy Principles

The Australian Privacy Principles are a set of 13 principles to which entities that are governed by the Privacy Act 1988 must adhere. They include the principle of openness and transparency in the management of personal information, and the principle of anonymity and pseudonymity. Employers that are bound by the Privacy Act 1988 have the freedom to develop their own privacy policies; however: these policies must comply with the Australian Privacy Principles.

Fair Work Act 2009

Under the Fair Work Act 2009, employers are required to keep certain information confidential. This includes information about an employee’s wages or salary, their emergency contact details, their own contact details, their tax and banking details, and information about their performance and conduct at work.

Under the Fair Work Act 2009, employees have the right to choose either to disclose or not to disclose information about the rate of pay and the terms and conditions of employment. Employees are permitted to ask their colleagues about their rate of pay and the terms and conditions of their employment. An employer cannot take adverse action against an employee for disclosing this information.

Employers are permitted to disclose personal information about employees to third parties under some circumstances. For example, where this information is requested by a Fair Work inspector or by the Australian taxation office. Permit holders, such as union officials, are also permitted to enter workplaces and inspect documents under some circumstances. Information may also need to be disclosed under a court order or a search warrant.

Employers must disclose personal information if it is requested by the employee or former employee.

Giving references

An employer is not breaching an employee’s confidentiality by providing a reference when a reference is requested. However, the information provided should be limited to what is directly relevant to the person’s employment – such as the person’s skills, conduct, performance, type of employment, and the length of their employment.

Information that should be disclosed to workers

An employer should inform its employees about how their personal information is stored, the circumstances in which it may be disclosed, how they can access their information, and how they can correct information that is recorded incorrectly.

It is also best practice for an employer to let its staff know that:

  • email correspondence conducted from the work email account is not private
  • they should not disclose personal information about clients or colleagues to third parties
  • compliance with privacy obligations is monitored
  • the consequences of non-compliance privacy obligations
  • areas of the workplace are under surveillance (if applicable) and who may access that information
  • technology is being used to monitor employees’ attendance or use of the property (if applicable).

Staff training

Managers and team members should be provided with training about workplace privacy. This helps them to understand how personal information is managed and encourages them to discuss any issues that arise with managers.

If you require legal advice or representation in any legal matter, please contact Go To Court Lawyers.


Fernanda Dahlstrom

Fernanda Dahlstrom has a Bachelor of Laws from Latrobe University, a Graduate Diploma in Legal Practice from the College of Law, a Bachelor of Arts from the University of Melbourne and a Master of Arts (Writing and Literature) from Deakin University. Fernanda practised law for eight years, working in criminal defence, child protection and domestic violence law in the Northern Territory. She also practised in family law after moving to Brisbane in 2016.
7am to midnight, 7 days
Call our Legal Hotline now