Employee Privacy Across the Tasman

Privacy law in Australia and New Zealand both aim to protect individuals’ rights over their personal information, but the way each country defines and regulates that information reveals some important differences, especially when it comes to how employee personal information is treated.

In Australia, personal information is defined under the Privacy Act 1988 as any information or opinion about an identified individual, or an individual who is reasonably identifiable. The key idea is that if someone can be identified from the information, either on its own or when combined with other available information, it qualifies as personal information.

However, Australia’s Privacy Act includes a significant exception known as the employee records exemption. This provision means that when an employer handles personal information about a current or former employee in connection with the employment relationship, the Australian Privacy Principles do not apply. For example, details such as pay slips, performance reviews, leave balances, or disciplinary actions are considered employee records. As long as the handling of this information is directly related to managing the employment relationship, the employer is exempt from the Act’s privacy obligations. This exception does not extend to job applicants, contractors, or other individuals outside the employment relationship, whose personal information remains protected by the Privacy Act. The exemption has been controversial, as it effectively removes a layer of privacy protection for employees and has prompted ongoing discussions about reforming the law to close this gap.

In contrast, New Zealand’s Privacy Act 2020 takes a simpler and more consistent approach. It defines personal information as any information about an identifiable individual, without carving out special categories or exemptions for certain relationships. This means that employee information in New Zealand is treated the same way as any other personal information.

In New Zealand, employees can request to see their personnel files and expect that their employer handles their data in line with the privacy principles, providing a sense of transparency and accountability. In Australia, employees have far fewer privacy rights against their employers in this context, relying instead on workplace laws or contractual protections rather than privacy legislation.

For organisations that operate across both countries, this divergence requires careful planning especially where shared systems and processes are involved. An employer might have more freedom to manage staff data in Australia, but the same practices could breach privacy obligations in New Zealand. The approach a lot of organisations take is to provide Australian employees with the same protections as New Zealand even though it is not legally required as this creates standardisation.

As Australia continues to review its Privacy Act, the scope of the employee exemption remains a key area of debate and potential reform, signalling a growing recognition that workplace privacy deserves stronger and more consistent protection.