Do I have to obtain employees' consent in order to collect their personal data?
The processing of any personal data may impose obligations to the individuals the data is related to, the data subjects. Some jurisdictions only recognize processing personal data as lawful if the data subject has provided express consent. Other jurisdictions require a legal obligation to process the data, and may not require consent. The processing of HR personal data has raised questions and court decisions in a few countries, and interpretations may vary based on data privacy and labor law requirements.
In Australia, you do not have to obtain consent in advance of collecting personal data unless it pertains to ‘health information’ or other types of ‘sensitive information,’ such as race, political opinions, religious beliefs, sexual orientation or practices of criminal record.
Consent may be express or implied, but (according to the non-binding APP Guidelines issued by the Office of the Australian Information Commissioner), to be lawful:
- individuals must be adequately informed;
- consent must be given voluntarily;
- consent must be current and specific; and
- individuals must have the capacity to understand and communicate their consent.
Consent is not required in certain specific circumstances where collection is required or authorized by law.
For example, employers do not need consent to collect employee tax file numbers (TFNs) as long as it’s collected to comply with taxation, personal assistance or superannuation law. This includes third party 'approved recipients' who are engaged by an employer to provide services where it is reasonably necessary to have access to TFN information (e.g., payroll providers or administrators who manage the employer's incentive plans).
HR Best Practices: In cases where employee data collection is voluntary and consent is used, make sure to follow the Guidelines as laid out by the Office of the Australian Information Commissioner.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.