The Privacy Act is not a ‘workplace law’: this was the conclusion of the Federal Circuit Court when it threw out an adverse action claim made by a prospective employee who refused to provide a copy of her passport as part of a pre-employment screening process.
In Austin v Honeywell Ltd  FCCA 662 (28 June 2013) the applicant had been doing some contract work for the employer who subsequently offered her a permanent position. The offer was contingent on the applicant undergoing a number of screening processes which included, among other things, supplying her passport and a urine sample. The employer used an external company based in the US to conduct these checks and this company was bound by US privacy laws and not the (Australian) Privacy Act. The applicant supplied the urine sample but insisted that certain privacy requirements were followed, and refused permission for a copy of her passport to be stored in a database. The employer withdrew the offer of employment. The applicant later went on to do some further work for the employer but this contractor arrangement was also later terminated.
The applicant brought a case against Honeywell claiming that she suffered adverse action both as a prospective employee and when her contract was later terminated, because she had exercised a workplace right under the Privacy Act. She claimed reinstatement and over $2 million in compensation.
The judge held that neither the Privacy Act generally, nor the specific provisions relied on by the applicant, meet the definition of a workplace law under the Fair Work Act. Specifically, the judge held that this particular piece of legislation does not aim to regulate the relationship between employee and employer. On the facts she also found that the applicant’s later termination was based on her conduct and was not as a result of any adverse action. The applicant’s case was dismissed.
Lesson for employers
The effect of this case is to confirm that an adverse action claim cannot be brought by someone claiming that the adverse action was taken against them because they were exercising their rights under the Privacy Act.
It is important to note, however, that although the Privacy Act cannot be relied upon to bring an adverse action claim, it still has relevance to a number of employment-related situations. Employers should be aware of any privacy obligations they may have under the Privacy Act. The Privacy Act does not govern the relationship between employers and employees but it does set out a number of obligations, around how certain information is kept and handled, that may impact on employers and business owners.
Most small businesses do not need to comply with the Privacy Act, although there are exceptions including health care providers and businesses trading in personal information.
The Office of the Australian Information Commissioner has more detailed information and a checklist for businesses to find out if they need to comply with the Privacy Act.
Please contact us if you would like further information on your specific situation.
Sarah Waterhouse, Solicitor, BlandsLaw