A leading employment lawyer has warned HR professionals about the risk of workplace privacy breaches, saying many departments don’t realise that the potential repercussions are steadily increasing.
“I’m telling all of my clients that they need to ensure they have people in the organisation who are really sound on privacy because a lot of employers are underestimating the risk,” says Hamish Kynaston, a partner with Buddle Findlay.
“A lot of employers aren’t aware of the increased risk or the technical requirements that apply and I think people are getting into difficulty as a result.”
According to Kynaston, there’s a growing trend of employees pursuing privacy issues through the Privacy Commission and the Human Rights Review tribunal because both organisations have shown a commitment to providing meaningful remedies for employees.
“The damages and compensation awards are on the increase and are tending to be higher than the employee might otherwise secure through the traditional employment dispute resolution processes,” says Kynaston.
It’s for this reason that Kynaston says HR professionals must ensure they’re meeting traditional employer obligations to protect employee privacy but also the statutory obligations under the Privacy Act, which apply to the collection, storage, use, and disclosure of and access to information.
“Having good technology in place is the minimum, then really it’s about having a good culture around privacy in the workplace, providing regular training and having good policies and systems in place to ensure that sensitive information that employers hold about employees is protected and handled appropriately.”
If an employer had breached employee privacy – whether that means attaching information to the wrong email or even granting public access to private information – Kynaston says employers should always react with honesty.
“Employers, if there has been a breach, will usually ask what they need to do in these circumstances and the answer is to be up front with the employee and to apologise early,” Kynaston tells HRD. “Then, of course, it’s about taking steps to prevent any further breach.”
Related stories:
Ask a Lawyer: What can HR do if an employee commits a crime?
Ask a lawyer: Are e-signatures legally binding?