An enterprise agreement is a legally-binding agreement between an employer and its employees that sets out terms and conditions of employment. The Office of the Australian Information Commissioner (OAIC) oversees the privacy aspects of enterprise agreements.
Enterprise agreements must comply with the Australian Privacy Principles (APPs), which outline how organizations must handle personal information in accordance with the Privacy Act 1988. The APPs apply to all private sector and not-for-profit organizations with an annual turnover of $3 million or more.
Under the APPs, organizations must take reasonable steps to protect personal information from misuse, interference, and unauthorized access. They must also ensure that personal information is accurate, up-to-date, and relevant to the purposes for which it is collected.
When drafting an enterprise agreement, organizations must specify how they will collect, use, and disclose personal information about their employees. They must also specify how they will store and secure this information.
The OAIC provides guidance on the privacy implications of enterprise agreements in its Privacy Management Framework. This framework outlines the steps that organizations should take to manage privacy risks and ensure compliance with the APPs.
Some key considerations for organizations when drafting an enterprise agreement include:
– Specifying the purposes for which personal information will be collected, used, and disclosed, and ensuring that these purposes are reasonable and necessary for the organization`s business operations.
– Providing employees with clear information about how their personal information will be handled, and obtaining their consent for any collection, use, or disclosure that goes beyond what is necessary for employment purposes.
– Ensuring that employees have the right to access and correct their personal information, and that there are appropriate safeguards in place to prevent unauthorized access or disclosure of this information.
– Taking steps to protect personal information from loss, theft, or misuse, such as by implementing secure storage and disposal measures, and by training employees on the importance of protecting personal information.
In conclusion, when drafting an enterprise agreement, organizations must ensure that they comply with the APPs and take appropriate steps to protect personal information. The OAIC provides guidance on these issues, and organizations should seek to incorporate this guidance into their privacy management frameworks. By doing so, organizations can minimize privacy risks and foster a culture of respect for privacy among their employees.