COVID-19: Vaccinations and my privacy rights as an employee

Source: https://www.oaic.gov.au/privacy/covid-19/covid-19-vaccinations-and-my-privacy-rights-as-an-employee


The information in this FAQ is intended to help employees understand how the Privacy Act 1988 (Privacy Act) will apply to protect their personal information relating to COVID-19 vaccinations in the workplace.


The Privacy Act does not apply to all organisations and government agencies. Individuals employed by state or territory government agencies should consult the privacy regulator in their relevant jurisdictions for information.


1. Can my employer require me to disclose information about my vaccination status?


Your employer can only require you to provide evidence of your vaccination status in particular circumstances.


If your employer intends to collect your vaccination status into a record, they must be satisfied that this collection is permitted under Australian Privacy Principle (APP) 3.


Information about your vaccination status is sensitive information and is afforded a higher degree of protection under the Privacy Act. Generally, your employer must seek your consent in order to collect your vaccination status information and the collection of this information must be reasonably necessary for one or more of your employer’s functions or activities, unless an exception applies.


If there is a term in your enterprise agreement, other registered agreement or employment contract that requires COVID-19 vaccination, it is likely to be reasonably necessary for your employer to collect information about your vaccination status. However, your employer will still need to obtain your consent to the collection.


Required or authorised by law


Your employer may be able to require you to disclose information about your vaccination status without consent if the collection of this information is required or authorised by an Australian law. This includes any Act of the Commonwealth, of a state or territory, or regulations or any other instrument made under such an Act, including public health orders or directions.


State and territory public health orders are continually being updated to respond to the COVID-19 pandemic. You should monitor these developments and review the specific requirements of any relevant orders or directions issued by your state and territory health authority to determine if you may need to disclose information about your COVID-19 vaccination status to your employer. Consult your relevant Department of Health to find out about any relevant requirements to provide proof of vaccination.


2. If I choose not to have the COVID-19 vaccine, can my employer require me to provide my reasons or other medical evidence?


If there is an Australian law – such as a public health order or direction – that requires your employer to collect your vaccination status information and reasons for non-vaccination, you may be required to provide your employer with your reasons or medical evidence exempting you from vaccination. The information collected should be limited to what is specified in the relevant law, or to what is reasonably necessary in circumstances where it is collected by consent.


3. Is my employer required to tell me why they are requesting my vaccination status information and what they are going to do with my information?


If your employer requests your consent to collect vaccination status information, they are required to be transparent about why the information is being collected, and how it will be used, in line with APP 1.

Your employer must also take reasonable steps to notify you of the matters set out in APP 5. These include:

  • the purpose of collection

  • the consequences if you refuse to consent to the collection

  • if the collection is required or authorised by law

  • how your employer may use or disclose information about your vaccination status, and

  • that their APP privacy policy contains information about how you may access your personal information, seek correction of your personal information, make a complaint about a breach of the APPs and how your employer will deal with such a complaint.

Your employer should provide you with this information before they collect information about your vaccination status or, if this is not practicable, as soon as practicable after collection occurs.


4. If I disclose information about my vaccination status to my employer, will my information be protected by the Privacy Act?


Private sector employees


If your employer is a private sector organisation and information about your vaccination status has been collected by them lawfully, the employee records exemption in the Privacy Act will apply in many instances.

.

Your employer must also handle your information in accordance with any applicable requirements or privacy protections set out in a relevant public health order.


Public sector employees


If your employer is a Commonwealth or Norfolk Island Government agency, the privacy protections in the Privacy Act and the APPs will continue to apply to your vaccination status information once it has been collected and included in your employee record.

Your employer must also handle your information in accordance with any applicable requirements or privacy protections set out in a relevant public health order.


5. What if I’m a contractor, volunteer or applying for a job?


If you are a contractor, subcontractor or volunteer then the employee records exemption will not apply. This is also the case if you are applying for a job as a prospective employee. The information you provide about your vaccination status to a private sector organisation as a contractor, subcontractor, volunteer, or prospective employee will continue to be covered by the Privacy Act and the APPs.


6. If my information is protected by the Privacy Act what are my employers’ obligations in respect of my information?


If the employee records exemption does not apply to you, and where your employer is legally permitted to collect your vaccination status, they must accurately record your vaccination status information and ensure that it is complete and kept up-to-date. You must be provided with an opportunity to access your information and request correction if the information is inaccurate. Your employer must have appropriate security systems to protect your vaccination status information from misuse, interference, loss, unauthorised access, modification or disclosure. Your employer should also limit the use and disclosure of your vaccination status information to the purpose for which they advised you it has been collected. Finally, your employer should destroy this information when it is no longer required.


7. Can I make a complaint if I think my employer is misusing my vaccination status information?


If you think your employer is misusing your vaccination status information, you should contact your employer in the first instance to try to resolve the issue with them.

If you are not satisfied with your employer’s response, you can lodge a complaint with the OAIC if your employer is a Commonwealth or Norfolk Island Government agency or an organisation covered by the Privacy Act.


If the employee records exemption applies, you may be able to make a complaint about the collection practices of your employer.

18 views0 comments

Related Posts

See All

Worry