This article was first published in the April 2022 edition of the LexisNexis Privacy Law Bulletin
The interplay between the employee records exemption and the decisions in Lee v Superior Wood Pty Ltd1 (Lee) and Knight v One Key Resources (Mining) Pty Ltd t/as One Key Resources2 (Knight) has been the subject of much difficulty for employment and privacy lawyers. In brief, the law now appears to be relatively well-settled that information relating to an employee, to the extent that it is personal information within the meaning of the Privacy Act 1988 (Cth), is protected pursuant to the Australian Privacy Principles (APPs) until it is “held” by the employer.
Once it is held by the employer, it falls in the employee records exemption in s 7B(3) of the Privacy Act to the extent that the act or practice of the employer is “directly related” to a current or former employment relationship between the employer and the individual and it is directly related to an employee record held by the organisation in relation to the individual.
The protection is not watertight, and there are some matters that are not “directly related” to those relevant matters,3 such as an employee’s daily routine outside work, banking details which are not the employee’s nominated account, the sex of the person’s domestic partner, hobbies or usual holiday destinations.4
Nevertheless, the regulatory regime appears relatively clear. The devil is in the practice and the detail.
The issue has become quite stark in respect of sensitive information relating to employees’ health, particularly in the context of contagious diseases, but also generally in the context of the emerging biosecurity surveillance state.
How does Lee (and Knight) fit with the BHP decision?
In Construction, Forestry, Maritime, Mining and Energy Union v BHP Coal Pty Ltd t/as BHP Billiton Mitsubishi Alliance/BMA5 (BHP), the Fair Work Commission concluded the following in its recommendations and reasoning:
Lee is good law and should be followed.
If an employer wishes to collect sensitive information, it must comply with the APPs. Consent must be freely and voluntarily given, but if an employee does not provide the sensitive information, an employee cannot use economic pressure (as opposed to economic duress) to argue the consent was not freely given.6
When evaluating privacy measures to collect information, the practicality of alternatives to collection should be considered.
Reasonableness of the direction will shift according to the size and nature of the workplace.
If the employer’s direction satisfies both limbs of APP 3.3 (ie consent and reasonable necessity), it will likely be a lawful and reasonable direction and an employer can take appropriate steps against an employee who refuses to divulge sensitive information.
It is submitted that as a matter of principle, Lee is correct — it was cited without disapproval by the Fair Work Commission in BHP, and on the matter of first principles and on the basis of the reasoning of the tribunal, and the legislative background, it remains correct.
Knight is a more problematic decision — as a matter of privacy law and interpretation of the APPs, we do not think it can be relied upon as good law. Knight remains problematic law, but the Fair Work Commission in Knight could have likely reached the same situation as the BHP case had it applied Lee’s reasoning, without the need to consider and apply the permitted general situation provisions.
The question is solved by considering the interplay between privacy and employment law. An employer must obtain freely and voluntarily given consent pursuant to APP 3 before the employer can collect the relevant personal or sensitive information.
APP 3.3 sets out two necessary limbs for an APPs entity:
(a) the individual must consent and
(b) the information must be reasonably necessary for one or more of the entity’s functions or activities
The Office of Australian Information Commissioner (OAIC) notes:
The main criteria for establishing consent are:
• the individual is adequately informed before giving consent
• the individual gives consent voluntarily
• the consent is current and specific, and
• the individual has the capacity to understand and communicate their consent7
In BHP, Asbury DP noted the following regarding consent:
To the extent that the SAR is a form of economic pressure, it does not in my view amount to economic duress of the kind that could vitiate consent. While the cases in relation to economic duress deal with contractual matters, the principles are instructive. While I accept that employees faced with a direction that requires them to consent to providing sensitive information on the basis that if they do not do so their employment will be terminated, have a difficult decision to make, I do not accept that this constitutes coercion or duress of the kind that vitiates consent or results in consent not being legally effective.8
“Reasonable” necessity is a much harder issue — Knight is one case where a pandemic was used to justify intrusive questioning of an employee’s private activities (and, if Knight had been decided in accordance with the reasoning in Lee, probably would have resulted in a finding that the information requested was reasonably necessary to the employer’s functions or activities). However, in Lee, the sensitive biometric information was clearly overreaching and not reasonably necessary. The final question is whether an employer whose employee refuses to provide information that passes the second limb of APP 3.3 can take any disciplinary/contractual action against the employee.
Implied into the contract of employment is the fundamental term that employees obey the lawful and reasonable directions of their employer. This concept is derived from the master-servant relationship. Not only can a failure to comply with a lawful and reasonable direction constitute a valid reason for dismissal,9 it is also capable of constituting serious misconduct.10
The seminal authority on lawful and reasonable directions is R v Darling Island Stevedoring & Lighterage Co; Ex parte Halliday and Sullivan.11 A direction will be lawful and reasonable where it:12
As suggested by the final limb, whether a direction is “reasonable” is a factual inquiry. It involves a global examination of all relevant circumstances to the employment relationship which will include the nature of the employment, the established usages affecting it, the common practices which exist and the provisions of any applicable instrument governing the employment relationship.13
The operation of applicable instruments was a relevant factor in Construction, Forestry, Maritime, Mining and Energy Union, Mr Matthew Howard v Mt Arthur Coal Pty Ltd t/a Mt Arthur Coal, where a failure to consult under the Work Health and Safety Act 2011 (NSW) was a determinative consideration for the Full Bench in finding that a site access requirement was not reasonable.14
Some examples of what may constitute a lawful and reasonable direction include:
in certain circumstances, requiring an employee to attend a medical examination to determine fitness for duties15
a direction to maintain confidentiality of information obtained during a disciplinary process16 and
a direction to an employee to refrain from making public remarks about the business decisions of the employer17
The intersection between employment law and privacy law has been an emerging area of controversy and difficulty in employment law. Despite some confusion, recent case law has assisted in knitting these two areas of law together.
It is clear that if an employer wishes to collect personal information, it will need to comply with the APPs. Mere economic pressure is unlikely to vitiate or invalidate consent under APP 3.3.
If the employee record exemption is removed, then employers will face further complexity as employees exercise privacy rights in a heightened privacy environment.
Appendix: a note on permitted general situation 1
APP 6.1 provides that an APP entity may use personal information about an individual that was collected for a particular purpose for a secondary purpose if subcl 6.2 applies. Subclause 6.2(c) permits such use if a permitted general situation exists.
There has been some discussion as to whether permitted general situations (which are listed in s 16A of the Privacy Act) apply.
The critical permitted general situation is (1), in respect of employee and general health issues.
Permitted general situation 1 (PGS1) permits processing or disclosure of the data where:
(a) it is unreasonable or impracticable to obtain the individual’s consent to the collection, use or disclosure and
(b) the entity reasonably believes that the collection, use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health and safety
The Information Commissioner says the following in respect of PGS1:
This permitted general situation applies to a serious threat to the life, health or safety of any individual, or to public health or safety. The permitted general situation would not apply after the threat has passed. A ‘serious’ threat is one that poses a significant danger to an individual or individuals. The likelihood of a threat occurring as well as the consequences if the threat materialises are both relevant. A threat that may have dire consequences but is highly unlikely to occur would not normally constitute a serious threat. On the other hand, a potentially harmful threat that is likely to occur, but at an uncertain time, may be a serious threat, such as a threatened outbreak of infectious disease. This allows an APP entity to take preventative action to stop a serious threat from escalating before it materialises.18
The critical issue here is the meaning of the word “collection”.
As noted,19 collection can have two nuances:
that of “picking up off the ground”, ie by observation (for example where entry into a premise is governed by the checking of temperatures, anyone who has entered can be presumed to have passed the temperature test), or
collection by extraction from records
Collection does not mean forced extraction from a person. The reason for this is two-fold.
Firstly, there is no obligation in the Privacy Act on the person whose information is to be collected to provide that information. As a matter of general common law and statutory interpretation, for “collection” to have the wider meaning of forced divulging, there would need to be a police/enforcement mechanism in the Act. There is no such thing.
Secondly, the critical point is (a). It must be unreasonable or impractical to obtain the individual’s consent to the collection. Where an employee in the sense of Lee objects to production, it is not unreasonable or impracticable to obtain the individual’s consent, it is merely that the employer is not able to obtain the individual’s consent. It cannot be unreasonable or impractical to obtain the consent where the person is conscious and merely relying upon the general privacy protection in the Privacy Act and the specific privacy protections provided by APP 3.3 (all health-related information must fall within the definition of sensitive information). It may be impracticable or unreasonable for the employer to continue to function without that information, but that does not fit the PGS.
It is submitted that it is clear that the PGS is intended to apply where (excluding the employment relationship), for example, a police or ambulance officer reviews the emergency health information on a smartphone where a person is unconscious, and the smartphone discloses to the police officer or ambulance officer the person is diabetic. It is clear that in such a case it was unreasonable or impractical to obtain the individual’s consent (because the individual was unconscious) and the entity reasonably believed that the collection was necessary to lessen or prevent a serious threat to the life, health or safety of the individual.
It is clear that PGS1 does not authorise the forced collection by an employer of the material and cannot in any way justify termination or disciplinary conduct.
1. Lee v Superior Wood Pty Ltd (2019) 286 IR 368;  FWCFB 2946.
2. Knight v One Key Resources (Mining) Pty Ltd t/as One Key Resources  FWC 3324; BC202015439.
3. Note the differing historical and cultural views of privacy referred to in Australian Law Reform Commission For Your Information: Australian privacy Law and Practice Report 108 (2008) 1.31 to 1.52 and specifically at 1.46.
4. Putting aside the unique factual situation in above n 2.
5. Construction, Forestry, Maritime, Mining and Energy Union v BHP Coal Pty Ltd t/a BHP Billiton Mitsubishi  FWC 81; BC202202968.
6. Above, at .
7. Office of the Australian Information Commissioner (OAIC), Australian Privacy Principles Guidelines, ch C.5.
8. Above n 5, at .
9. Fair Work Act 2009 (Cth), s 387.
10. Fair Work Regulations 2009 (Cth,) reg 1.07.
11. R v Darling Island Stevedoring & Lighterage Co; Ex parte Halliday & Sullivan (1938) 60 CLR 601; (1938) 12 ALJR 172; BC3890103.
12. Above, at 621–22.
14. At that particular point in time.
15. Blackadder v Ramsey Butchering (2002) 118 FCR 395; 113 IR 461;  FCA 603; BC200202318.
16. James Cook University v Ridd (2020) 278 FCR 566; 382 ALR 8;  FCAFC 123; BC202006807.
17. Lane v Fasciale  VicSC 311.
18. Above n 7, at ch C, C9.
19. T Blyth “Just how private are employee records?” (2021) 17(10) PRIVLB.