Employee Data Privacy A Regional Overview
|
|
- Gary Gilbert
- 8 years ago
- Views:
Transcription
1 Employee Data Privacy A Regional Overview
2 Introduction All employers collect, handle and use employee personal data. Most jurisdictions have laws regulating such collection, handling and use of employee personal data. With increasing globalization and mobility of employees and the relative ease with which data can be transferred between legal entities and across borders complying with all requirement relating to personal data has become an increasingly difficult exercise. This publication attempts to ease such burden. This publication covers 16 different jurisdictions in Asia. For each of the jurisdictions covered we asked the following questions: A. Is there a law/code or other similar document regulating the collection, use and/or handling of an employee s personal data in your jurisdiction? B. Is there a legal requirement to have a document (e.g. privacy policy, personal information collection statement, agreement) to deal with the employee s personal data? C. For how long must an employer retain an employee s personal data? What is best practice? D. What are the legal restrictions on transferring employees personal data outside your country? E. What are the legal restrictions on transferring employees personal data to a third party? F. What are the consequences of breaching privacy laws in your jurisdiction? G. What are the main pitfalls or areas to watch out for in your jurisdiction regarding the collection, use and/or handling of an employee s personal data?
3 We have set out the answers to each of these questions in two different formats. Section 1 contains an Executive Summary of each jurisdiction responses. This is intended to be a short - at a glance - overview of the position. Section 2 contains the more substantive answers to the questions. We do hope that you find this publication useful. It has been made possible with the input from lawyers in leading law firms in each jurisdictions. Should you wish to contact the lawyers in any of the jurisdictions, their contact details are set out at the last Section of this publication. Phillipa Muir Partner Simpson Grierson
4 Asia Asia Section 1 Executive Summary 1 Section 2 The Expanded Answer to the Questions by Jurisdiction Australia 33 Hong Kong 47 India 55 Indonesia 59 Japan 63 Mainland China 67 Malaysia 69 New Zealand 73 Pakistan 81 Philippines 83 Singapore 91 South Korea 97 Sri Lanka 99 Taiwan 101 Thailand 111 Vietnam 117
5 Executive Summary AUSTRALIA A. Is there a law regulating employee personal data? A range of State and federal legislation regulates the handling of personal data. The principal piece of legislation for incorporated entities can be applied to employee data; however, it is substantially limited in such respect. B. Do I need to have a privacy statement or agreement? There is no legal requirement for such a statement or agreement; however, it is prudent to have a privacy code, policy or procedure in place. C. How long must I retain employee data? What is best practice? Various state and federal legislations require certain employee records (which could include personal data) to be retained for specified periods. Specific legislation requires that certain employee records be kept for at least 7 years D. Can I transfer employee data overseas? Yes, subject to certain requirements. E. Can I transfer employee data to a third party? Yes, subject to certain requirements. F. What are the consequences of breach? A determination may be made by the Privacy Commissioner, including a declaration that a reasonable act should be performed to redress any loss or damage suffered by a complainant, or that a complainant is entitled to a specified amount of compensation for any loss or damage suffered (including injury to feelings or humiliation). Determinations may be enforced by proceedings commenced in the Federal Court or Federal Magistrates Court. The Court may make such orders as it thinks fit. 1
6 AUSTRALIA G. What are the main pitfalls? Pitfalls include: Assuming privacy regulation is the same across all jurisdictions. Failure to ensure that any records held containing the personal information of employees are only dealt with in a manner that directly relates to the employment relationship; that is, any employee records should only be collected, used and disclosed for the purpose of the employment relationship. Collection of unnecessary personal information and consequent exposure to legal risk. Failure to develop, implement and enforce comprehensive policies and procedures around the handling of personal information. Contributed by Corrs Chambers Westgarth 2 Employee Data Privacy in Asia
7 Executive Summary HONG KONG A. Is there a law regulating employee personal data? Yes. The Personal Data (Privacy) Ordinance. B. Do I need to have a privacy statement or agreement? No particular form of document is needed. Certain information required to be provided by legislation is typically provided in a Personal Information Collection Statement (PICS). C. How long must I retain employee data? What is best practice? The Employment Ordinance requires certain employee data be retained for at least 12 months. Best practice suggestion: 2 years for recruitment data and 7 years for employment data unless employer has a legitimate reason for retaining data longer (e.g. litigation). D. Can I transfer employee data overseas? Yes, subject to certain requirements. E. Can I transfer employee data to a third party? Yes, subject to certain requirements. F. What are the consequences of breach? Investigation by Commissioner. Commissioner may issue Enforcement notice. Criminal liability if failure to comply with an enforcement notice; on conviction, a fine at level 5 (currently HK$50,000), imprisonment for 2 years and, if continuing offence, a daily penalty of HK$10,000. Civil liability: data subject may claim compensation 3
8 HONG KONG G. What are the main pitfalls? Employers should issue PICS and ensure purpose of use of data specified in PICS covers employer s requirements. Employees can access and obtain their personal data by downloading a Data Access Request (DAR). An employer must provide all personal data of the employee in response to a DAR unless exception applies e.g. employees using DAR to fish for claims against employer. Contributed by Mayer Brown JSM 4 Employee Data Privacy in Asia
9 Executive Summary INDIA A. Is there a law regulating employee personal data? There is no specific law on the subject. However, action may be initiated for claim under the Information Technology Act, 2000, tort or for breach of fundamental right of life and liberty (including right to privacy) as guaranteed by the Constitution of India. B. Do I need to have a privacy statement or agreement? There is no legal requirement. However, it is advisable to have a privacy statement/agreement. C. How long must I retain employee data? What is best practice? Employees personal data may be retained for 3 years, and financial data for 8 years. D. Can I transfer employee data overseas? There is no law restricting transfer of employees personal data. However, the courts may impose reasonable restrictions if it considers the information to be of a sensitive nature. E. Can I transfer employee data to a third party? There is no law restricting transfer of employees personal data. However, the courts may impose reasonable restrictions if it considers the information to be of a sensitive nature. F. What are the consequences of breach? There is no specific law pertaining to transfer of employees personal data. However, action may be initiated by employee under tort or for breach of right to privacy or, in certain cases, under The Information Technology Act,
10 INDIA G. What are the main pitfalls? Though there is no specific law relating to data protection in India, there is some protection available under the Constitution of India Article 21 Right to Life and Liberty. The courts in India have interpreted Right to Privacy as part of the broad spectrum of Right to Life. Further, the Information Technology Act, 2000 extends protection to data in electronic form which is sensitive in nature (as may be notified by the Central Government). Further, the courts may impose restrictions on transfer of data in case it considers the data to be sensitive enough to cause irreparable harm to the employee if the data were so transferred. Therefore, it is advisable to seek the consent of the employee prior to any intended transfer of his/her personal data. Contributed by Trilegal 6 Employee Data Privacy in Asia
11 Executive Summary INDONESIA A. Is there a law regulating employee personal data? There is no specific law regulating employee personal data. Human Rights law provides right to privacy. B. Do I need to have a privacy statement or agreement? Yes, it is recommended to include statement in Company Regulation (work rules) clarifying employer s right to use personal data, albeit there is no legal requirement to do so. C. How long must I retain employee data? What is best practice? At discretion of Board of Directors. Best Practice: at least two (2) years after termination of employment. D. Can I transfer employee data overseas? There is no specific restriction but it is prudent to include such right in personal statement in Company Regulation. E. Can I transfer employee data to a third party? There is no specific restriction but it is prudent to include such right in personal statement in Company Regulation. F. What are the consequences of breach? In theory, causes of action may include civil tort, civil or criminal defamation, or criminal unpleasant act. G. What are the main pitfalls? Personal data should be handled responsibly to avoid employee suffering embarrassment or other damages. Contributed by Soewito Suhardiman Eddymurthy Kardono 7
12 8 Employee Data Privacy in Asia
13 Executive Summary JAPAN A. Is there a law regulating employee personal data? Yes. There is the Personal Information Protection Act ( PIPA ) and various governmental guidelines. B. Do I need to have a privacy statement or agreement? Generally no. However, it is advisable to establish a privacy policy as this is the most convenient way to satisfy an employer s obligation upon receiving personal data, i.e. inform the employee of (or publicly announce) the purpose for use of such personal data. C. How long must I retain employee data? What is best practice? Certain important documents must be retained for 3 years. D. Can I transfer employee data overseas? Yes, so long as the transfer occurs within the same legal entity, no restrictions exist in transferring personal data overseas. However, transfer to a third party (including an overseas parent or related company) requires the prior consent of the employee. E. Can I transfer employee data to a third party? The prior consent of the employee is needed to transfer the employee s personal data to a third party. 9
14 JAPAN F. What are the consequences of breach? The government may issue a recommendation and/or order to rectify the breach. Failure to comply with the order may lead to imprisonment of up to 6 months or a fine of up to JPY 300,000. If a breach of the PIPA causes any damage, a person responsible for such breach may be liable for the damages as a result thereof. G. What are the main pitfalls? Special regulations exist for health-related information and other sensitive information. When conducting background check separately, it is advisable to obtain the job applicant s consent for the acquisition of personal data from a third-party service provider. Contributed by Anderson Mori & Tomotsune 10 Employee Data Privacy in Asia
15 Executive Summary MAINLAND CHINA A. Is there a law regulating employee personal data? Yes. Employment Services and Management Regulations. B. Do I need to have a privacy statement or agreement? There is no legal requirement. However, ideally an employer should have a written agreement with its employee regulating the collection, use and handling of personal data. C. How long must I retain employee data? What is best practice? The law is unclear. We suggest 2 years as best practice D. Can I transfer employee data overseas? Yes, but if the transfer involves publicizing the employee s personal data, then written consent from the employee is required. E. Can I transfer employee data to a third party? Yes, but if the transfer involves publicizing the employee s personal data, then written consent from the employee is required. F. What are the consequences of breach? The consequences are unclear as there are no clear provisions setting out the consequences of breach. G. What are the main pitfalls? An employer is obliged to keep confidential the employee s personal data, and has to obtain the employee s written consent if it will publicize any such personal data. Contributed by JSM Shanghai Representative Office 11
16 12 Employee Data Privacy in Asia
17 Executive Summary MALAYSIA A. Is there a law regulating employee personal data? The Employment Act The Personal Data Protection Bill 2009 has been passed but not yet gazetted to commence. B. Do I need to have a privacy statement or agreement? No. C. How long must I retain employee data? What is best practice? 6 Years. D. Can I transfer employee data overseas? Yes. E. Can I transfer employee data to a third party? Yes. F. What are the consequences of breach? None. G. What are the main pitfalls? Ensuring up-to-date information on personnel. Be aware of the gazetting of the Personal Data Protection Bill 2009 to commence. Contributed by Shearn Delamore 13
18 14 Employee Data Privacy in Asia
19 Executive Summary NEW ZEALAND A. Is there a law regulating employee personal data? Yes, the Privacy Act B. Do I need to have a privacy statement or agreement? This is not required by the Privacy Act but is recommended as a matter of best practice. C. How long must I retain employee data? What is best practice? The Privacy Act does not require information to be held for any fixed period. The emphasis in the Act is on not holding information for longer than is necessary. However, there are various other statutes governing the minimum periods for which certain information must be held (for example, tax records must be held for 7 years, and wage records must be held for 6 years). D. Can I transfer employee data overseas? The Privacy Act does not contain specific restrictions on the transfer of personal information overseas. Individuals must be made aware of all intended recipients of their personal information at the time it is collected. If such notice is not provided, then the consent of employees must generally be obtained before transferring information to any other jurisdiction. E. Can I transfer employee data to a third party? The Privacy Act does not contain specific restrictions on the transfer of personal information to third parties. Individuals must be made aware of all intended recipients of their personal information at the time it is collected. If such notice is not provided, then the consent of employees must generally be obtained before transferring information to any other entity/third party. 15
20 New Zealand F. What are the consequences of breach? (1) Investigation by Privacy Commissioner (who can issue non-binding recommendations). (2) Human Rights Review Tribunal (potential remedies include damages up to NZ$200,000, although damage awards greater than NZ$10,000 are rare). (3) Administrative Penalties (may be liable on summary conviction for a fine not exceeding NZ$2,000). G. What are the main pitfalls? Common pitfalls include: The failure to properly notify an individual about the collection of personal information (in accordance with IPP 3). The use of personal information for a purpose other than that for which it was obtained (prohibited by IPP 10). Improper disclosure of personal information (prohibited by IPP 11). Contributed by Simpson Grierson 16
21 Executive Summary PAKISTAN A. Is there a law regulating employee personal data? Presently there is no statutory law, regulation or code which deals with collection, use and/or handling of an employee s personal data in Pakistan. However, normally all employers require personal data of their employees for security and crossreference reasons. Moreover, the employee s name, Computer National Identification Card and address is also used for filing of annual returns. The general principles of Law of Torts will apply but they do not require any strict compliance and lack of malice on the part of employer in collecting, storing and disclosing personal data of an employee will be sufficient defence against any potential action against the employer. Such an action, though a possibility, is seldom used. B. Do I need to have a privacy statement or agreement? There is no legal requirement to have a document to deal with the employee s personal data. C. How long must I retain employee data? What is best practice? There is no legal requirement for withholding of employee s personal data. The employers generally hold the employee s data for couple of years as a cross-reference and for their own personal record. D. Can I transfer employee data overseas? There are no legal restrictions on transferring employee s personal data outside Pakistan. 17
22 PAKISTAN E. Can I transfer employee data to a third party? As stated earlier, presently there is no statutory law which controls and regulates the collection and use of handling employee s personal data in Pakistan; therefore, there are no legal restrictions on transferring employee s personal data to a third party. However there is one exception and that is if employee and employer have entered into a confidentiality agreement, then both the parties would be governed by the terms of the confidentiality agreement. F. What are the consequences of breach? There are no privacy laws in Pakistan, therefore the occasion of their breach cannot arise; however, if privacy agreements are breached, then suit (civil action) for damages can be filed under the Law of Contracts. G. What are the main pitfalls? Presently, absence of laws regarding employee s personal data is the main drawback in Pakistan. However, if the personal data disclosed to a third party proves to be incorrect, the suit for damages under the Law of Torts can be filed demanding damages. This is a case of rare occurrence but still a possibility. Note: The above information is in reference to jurisdiction in Pakistan. Contributed by Meer & Hasan 18 Employee Data Privacy in Asia
23 Executive Summary PHILIPPINES A. Is there a law regulating employee personal data? Yes. However, these are general laws that regulate the use of personal data (including employee data) for the protection of the individual s constitutionally protected right to privacy and not a specific law that regulates the collection, use and/or handling of employee personal data per se. B. Do I need to have a privacy statement or agreement? None of the data privacy protection laws specifically require that a written privacy statement or agreement be in place before an employer may use employee personal data. The transfer of employee personal data to a third party is, however, subject to restrictions. (See Response to Question E.) C. How long must I retain employee data? What is best practice? There is no fixed period within which an employer is required to retain employee personal data. D. Can I transfer employee data overseas? Yes, as long as there is consent or a legitimate purpose for the transfer. E. Can I transfer employee data to a third party? Yes, as long as there is consent or a legitimate purpose for the transfer and as long as there is a written contract between the data processor (third party) and data controller (employer). F. What are the consequences of breach? The party divulging the information may be liable for the payment of damages. With respect to certain information, the party divulging such information may also open himself to a possible criminal liability. 19
24 PHILIPPINES G. What are the main pitfalls? There is no specific law that deals with the management of an employee s personal data. Contributed by SyCip Salazar Hernandez & Gatmaitan 20 Employee Data Privacy in Asia
25 Executive Summary SINGAPORE A. Is there a law regulating employee personal data? There is no single overarching legislation on employee data privacy in Singapore. However, the Computer Misuse Act ( CMA ) prohibits the unauthorised access to data and/or unauthorised interception of computer communications. The Model Data Protection Code for the private sector, which is not mandatory, has 10 principles that organisations should follow when collecting, processing and storing personal data. B. Do I need to have a privacy statement or agreement? An agreement with the person whose information is being collected is required for compliance with the CMA. No agreement is required for collection of employee data under other statutes. However, having one in place is nevertheless recommended. C. How long must I retain employee data? What is best practice? The time period for which employee data shall be retained depends on the individual statutes and generally varies from five to seven years. Where the retention period is not provided, the best practice is to retain the information for 7 years. D. Can I transfer employee data overseas? There are no restrictions on transferring employee data overseas. However, please note that the Banking Act restricts the transfer of customer information to third parties and such disclosure is permitted only under the specific circumstances prescribed therein. 21
26 SINGAPORE E. Can I transfer employee data to a third party? There are no restrictions on transferring employee data to third parties. However, please note that the Banking Act restricts the transfer of customer information to third parties and such disclosure is permitted only under the specific circumstances prescribed therein. F. What are the consequences of breach? Violation of the CMA provisions can lead to a maximum fine of S$5,000 or imprisonment for no more than 2 years or both for the first offence and a maximum fine of S$10,000 or imprisonment for no more than 3 years or both for subsequent offences. G. What are the main pitfalls? There is no single overarching legislation, although several legislations regulate this area. Contributed by Rajah & Tann 22 Employee Data Privacy in Asia
27 Executive Summary SOUTH KOREA A. Is there a law regulating employee personal data? No. B. Do I need to have a privacy statement or agreement? Advisable. C. How long must I retain employee data? What is best practice? 3 years. D. Can I transfer employee data overseas? Advisable to obtain employee consent. E. Can I transfer employee data to a third party? Advisable to obtain employee consent. F. What are the consequences of breach? Depending on the characterization of the breach, consequences may include civil and/or criminal liability. G. What are the main pitfalls? Depending on the circumstances, the Protection of Credit Information Act containing criminal punishment may apply. Contributed by Kim & Chang 23
28 24 Employee Data Privacy in Asia
29 Executive Summary SRI LANKA A. Is there a law regulating employee personal data? No. B. Do I need to have a privacy statement or agreement? No. C. How long must I retain employee data? What is best practice? Depends on the category of employee. D. Can I transfer employee data overseas? Yes. E. Can I transfer employee data to a third party? Yes. F. What are the consequences of breach? Not applicable. G. What are the main pitfalls? No statutory provision. Contributed by John Wilson Partners 25
30 26 Employee Data Privacy in Asia
31 Executive Summary TAIWAN A. Is there a law regulating employee personal data? Yes, the CPDPA, which will be substituted by the PDPA passed on April 27, 2010 with the effective date to be published by the Executive Yuan, the Republic of China. B. Do I need to have a privacy statement or agreement? CPDPA No, but the CPDPA requires an employer to prepare a book with certain information listed for employee s inspection or review. PDPA No, but the PDPA requires that: 1) a private sector employer makes the collected personal data of an employee available to such employee for inspection and review or provides a duplicate of such personal data upon such employee s request subject to certain exceptions, such as national security concerns, etc.; and 2) a notification with certain information shall be presented to the employee when the employee s personal data is collected, used, or handled. C. How long must I retain employee data? What is best practice? CPDPA Under the CPDPA, an employer shall comply with the length of retention approved by the competent authority. PDPA Under the PDPA, in general, an employer may retain an employee s personal data where a specific purpose exists or prior to the expiration of the retention period. D. Can I transfer employee data overseas? CPDPA Yes, if international transfer of personal data is registered with and approved by the competent authority under the CPDPA. 27
32 TAIWAN CPDPA & PDPA Under both the CPDPA and PDPA, in certain circumstances, the central competent authority may nevertheless restrict lawful international transfers. E. Can I transfer employee data to a third party? CPDPA Yes, under the CPDPA, subject to certain exceptions, the transfer shall be limited to the scope of the specific purposes. PDPA Under the PDPA, in general, sensitive data may not be transferred, while non-sensitive data shall be limited to the scope of the specific purposes for collecting such data. F. What are the consequences of breach? CPDPA & PDPA An employer in violation of either the CPDPA or PDPA may be subject to civil, criminal and/or administrative liabilities. PDPA The PDPA increases the civil, criminal and administrative liabilities to provide more protection for individual s right of privacy. G. What are the main pitfalls? An employer should pay close attention to the effective date of the PDPA as well as the upcoming passages of or amendments to the enforcement rules and supplemental laws and regulations in relation to the PDPA. Contributed by Lee, Tsai & Partners 28 Employee Data Privacy in Asia
33 Executive Summary THAILAND A. Is there a law regulating employee personal data? Currently, there is no law that regulates employees personal data although the Personal Data Protection Bill (the Bill ) has long been expected to be put in place. B. Do I need to have a privacy statement or agreement? Not currently, but if the Bill comes into force, an employer will need consent from its employee to handle the employee s personal data. C. How long must I retain employee data? What is best practice? Under the Thai Labour Protection Act, an employer must keep an employee s register for not less than two years after termination of employment. If the Bill becomes law, the employee s personal data processed for any purpose may not be kept longer than necessary for such purpose. D. Can I transfer employee data overseas? Currently, there is no law that prohibits transfer of an employee s personal data overseas, but if the Bill comes into effect, written consent from the employee will be required. E. Can I transfer employee data to a third party? Currently, there is no law that prevents an employer from transferring its employee s personal data to a third party, but if the Bill takes effect, written consent from the employee will be needed. F. What are the consequences of breach? If an employer s use or disclosure of personal data causes damage to an employee, the employer may be subject to civil and/or criminal punishment. If the Bill becomes law, any breach may be subject to administrative and/or criminal penalties. 29
34 THAILAND G. What are the main pitfalls? If the Bill is issued, any collection, utilization and disclosure of an employee s personal data will require such employee s express consent. The employer will also need a secured personal data collection system to prevent exploitation or disclosure of the personal data. Contributed by Mayer Brown JSM (Thailand) Limited 30 Employee Data Privacy in Asia
35 Executive Summary VIETNAM A. Is there a law regulating employee personal data? Yes. B. Do I need to have a privacy statement or agreement? Yes. C. How long must I retain employee data? What is best practice? There is no statutory requirement regarding how long employee data can be retained. In practice, the employer should agree with the employee on the time limit for retaining his/her data. It would be preferable that written consent from the employee is obtained. D. Can I transfer employee data overseas? Yes, subject to the employee s consent. E. Can I transfer employee data to a third party? Yes, subject to the employee s consent. F. What are the consequences of breach? The employee would sue the breaching party in a court of law. G. What are the main pitfalls? The breaching party, depending on the seriousness of the breach, would be subject to an administrative penalty. If the breach causes damages to the employee s health, honour, dignity or reputation, compensation must be paid. Contributed by Mayer Brown JSM (Vietnam) 31
36 32 Employee Data Privacy in Asia
37 The Expanded Answer to the Questions by Jurisdiction AUSTRALIA Australia A. Is there a law/code or other similar document regulating the collection, use and/or handling of an employee s personal data in your jurisdiction? Privacy in the employment context usually concerns the use by an employer of personal information 1 about an employee, including information about the employee s health and fitness. In Australia, legal obligations in respect of privacy of personal information are largely derived from statute. There is no constitutional protection of privacy rights similar to that which exists in other jurisdictions such as the United States. Privacy in Australia is regulated at both the federal and State level. Therefore, privacy obligations differ across the various jurisdictions, as well as between the public and private sectors. In each Australian jurisdiction, privacy of personal information may be regulated by specific privacy legislation and also by legislation in respect of health records, freedom of information and electronic surveillance. A summary of some of the key legislation that regulates privacy in Australia is set out below. Privacy Act 1988 (Cth) The Privacy Act 1988 (Cth) ( Privacy Act ) regulates the use, storage, handling, access, disclosure and security of personal information by Australian and Australian Capital Territory government agencies and Australian private sector organisations with an annual turnover greater than AUD 3 million. 1 It has been assumed for the purposes of this Australian section that the reference to personal data has the same or a similar meaning as the term personal information under the Privacy Act 1988 (Cth). Privacy issues also arise from the undertaking of workplace surveillance and monitoring. The issue of workplace surveillance and monitoring has not been covered in this report. 33
38 Australia AUSTRALIA There are some small businesses which may have an annual turnover of less than AUD 3 million whose activities are regulated by the Privacy Act. This includes health service providers or businesses that trade in personal information. The Privacy Act is intended to protect personal information about individuals who can reasonably be identified from the information. Personal information is generally defined as [i]nformation or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or an opinion. The Privacy Act establishes 12 National Privacy Principles which (together) operate to regulate the use, storage, handling, access and security of personal information by organisations in respect of which the Privacy Act applies. Organisations may discharge their obligations by creating and complying with a code of practice tailored to the organisation, and approved for use by the Privacy Commissioner. The Privacy Act expressly excludes acts done, or practices engaged in, by an employer (who is regulated by the Privacy Act) of an individual, if the act or practice is directly related to a current or former employment relationship between the employer and the individual and an employee record held by the organisation and relating to the individual. Employee records are broadly defined as a record of personal information relating to the employment of the employee. Examples of personal information relating to the employment of the employee are health information about the employee and personal information about, amongst other things, the engagement, training, disciplining or resignation of the employee; the termination of the employment of the employee; the terms and conditions of employment of the employee; the employee s personal and emergency 34 Employee Data Privacy in Asia
39 Australia contact details; the employee s performance or conduct; the employee s hours of employment; the employee s salary or wages; the employee s membership of a professional or trade association and the employee s taxation, banking or superannuation affairs. Practically, this means an employer does not need to comply with the National Privacy Principles (for example, in relation to storage, access, use, disclosure and handling of the information) in relation to records about its employees which fall within the above definition. The existence of the employee records exemption does not mean that all activities of an employer that relate to employment are excluded. For example, a prospective employee does not have an employment relationship with the potential employer. Therefore, potential employers and/or recruitment agencies must comply with the obligations of the Privacy Act in respect of candidates for employment. Another limitation to the exemption is that it will no longer apply once an employer discloses the employee records to a third party which is not involved in the employment relationship. On 14 October 2009, the Federal Government announced that it would commence a reform of the Federal privacy laws. Part of the second stage of those reforms may include consideration of whether the employee records exemption should be removed. Fair Work Act 2009 (Cth) The Fair Work Act 2009 (Cth) regulates the employment relationship between employees and national system employers. A national system employer is broadly defined in the Fair Work Act and relevantly includes all incorporated employers and, subject to the location in which the employment is based, various other employers in Australia. 35
40 Australia AUSTRALIA Privacy rights under the Fair Work Act arise insofar as unions have certain rights to access employment records in respect of their members. In some cases a non-member record can be accessed, particularly in circumstances where the nonmember consents or Fair Work Australia makes an order granting access. It is important to note that unions that access employee records must then comply with the obligations set out in the Privacy Act in respect of those records. Further, the employee records exemption will not apply in respect of the union s management of those records. Accordingly, unions accessing employee records pursuant to their rights under the Fair Work Act will still be required to comply with the privacy obligations under the Privacy Act in respect of those records. State and Territory privacy legislation In most States and Territories, privacy regulation is limited to the public sector. Employers should be mindful of the following legislation: Victoria Information Privacy Act 2000 (Vic) and the Charter of Human Rights and Responsibilities Act 2006 (Vic); New South Wales Privacy and Personal Information Protection Act 1998 (NSW); Queensland Information Privacy Act 2009 (Qld); Western Australia Freedom of Information Act 1992 (WA); and South Australia Information Privacy Principles (IPPs) reissued by the State Government of South Australia in Employee Data Privacy in Asia
41 Australia There is also limited State legislation regulating privacy in respect of health records. In most States, access to health records retained by a public hospital or public health service is regulated by freedom of information legislation. Freedom of information legislation The Freedom of Information Act 1982 (Cth) provides that every person has a right to access documents held by federal government agencies or Ministers, other than exempt documents. Relevantly, one of the classes of exempt documents is where the disclosure of the document would involve the unreasonable disclosure of personal information of any person other than the applicant who has made the request. A number of factors will be taken into account in determining whether the disclosure would be unreasonable. Each State and Territory also has legislation dealing with freedom of information. B. Is there a legal requirement to have a document (e.g. privacy policy, personal information collection statement, agreement) to deal with the employee s personal data? There is no general legal requirement to have a document to deal with employees personal data. However, as indicated in our response in section A above, organisations may discharge their privacy obligations by creating and complying with a code of practice tailored to the organisation and approved for use by the Privacy Commissioner. Employers may also be assisted in their compliance with privacy obligations by implementing privacy policies and procedures, setting out the kinds of information that are protected, relevant obligations and best practice. 37
42 Australia AUSTRALIA Accordingly, as a matter of risk management and regulatory compliance, it is prudent for an organisation to develop, implement and comply with a privacy policy or code of practice. This will be particularly important in circumstances where it is not clear whether employee records are being collected, used or disclosed for the purpose of the employment relationship. For example, employers should obtain a written consent from prospective employees in relation to the collection, use and disclosure of personal and sensitive information which is obtained during the recruitment process. C. For how long must an employer retain an employee s personal data? What is best practice? Provided that the personal data falls within the employee records exemption under the Privacy Act, there are no obligations with respect to the retention of personal data under the Privacy Act. However, various Federal and State legislation requires that employers retain certain records relating to employees (which could include personal data). The Fair Work Regulations 2009 (Cth) requires that specific employee records be retained for all employees (with certain limited exceptions) for a period of seven years. For the purposes of the Fair Work Regulations, record means any record about the employee (or former employee) containing information about the nature of their employment and their entitlements (e.g. applicable industrial instruments, classification, pay rates, hours, shift work, overtime, leave, superannuation etc.), and also information about the employee s termination (if a former employee). However, the Fair Work Regulations do not require that employers keep records relating to an employee s performance. 38 Employee Data Privacy in Asia
43 Australia The Fair Work Regulations stipulate that records must be kept in a legible form in the English language and in a form that is readily accessible to a Fair Work Inspector. Importantly, the Fair Work Regulations do not stipulate that the record must be an original copy, or kept in hard-copy. The Superannuation Guarantee (Administration) Act 1992 (Cth) requires corporations to retain specific superannuation documents for a period of five years. Further, the Income Tax Assessment Act 1997 (Cth) requires that specific taxation records must be retained for five years. Obligations in relation to employee records also arise under workers compensation legislation in each of the States and Territories. For example, in NSW employers are required under the Workers Compensation Act 1987 (NSW) to retain wages records (which may include personal data). Finally, it is important to note that where litigation is anticipated or has been commenced, an employer must not destroy or dispose of any documents that may be required for the purposes of the litigation (which may include employee records). D. What are the legal restrictions on transferring employees personal data outside your jurisdiction? Transborder data flows are the subject of a specific National Privacy Principle referring to the movement of personal data across national borders. The Privacy Act originally dealt only with personal information collected and handled within Australia. However, it has since been amended to apply to acts done, or practices engaged in, by an organisation outside Australia and the external Territories. The purpose of these amendments to the Privacy Act was to prevent organisations from avoiding their privacy obligations by transferring the handling of personal information to countries with lower privacy protection standards. 39
44 Australia AUSTRALIA An organisation in Australia can only transfer personal information outside Australia if: the organisation reasonably believes a law, binding scheme or contract applies at the destination which effectively delivers privacy standards substantially similar to the National Privacy Principles; the individual consents to the transfer; the transfer is for the benefit of the individual and it is impracticable to obtain consent, but it is likely consent would have been given; the transfer is required by a contract between the individual and the organisation, or a contract between the organisation and a third party in the interests of the individual; or the organisation has taken reasonable steps to ensure the information will not be held, used or disclosed by its recipient inconsistently with the National Privacy Principles. The Privacy Commissioner has powers to oversee complaints that arise in respect of a breach which occurs outside of Australia and which fall within the scope of the Privacy Act. E. What are the legal restrictions on transferring employees personal data to a third party? As set out in our response in section A above, the obligations set out in the Privacy Act do not apply to the collection, use, disclosure and storage of personal information contained within an employee record, provided that the act or practice directly relates to the employment relationship. Unfortunately directly related is not defined in the Privacy Act and there is presently no case law which has considered the meaning of directly related to the employment 40 Employee Data Privacy in Asia
45 Australia relationship in a privacy context. However, an act which may not directly relate to the employment relationship may include sending a list of employee details to another organisation for marketing purposes. If an employer that is an organisation covered by the Privacy Act seeks to collect, use or disclose employee records in a way not directly related to the employment relationship, it must comply with the National Privacy Principles. Relevantly, we set out the key aspects of National Privacy Principles 1 and 2 below. National Privacy Principle 1 Collection An organisation must only collect personal information that is necessary for one or more of its legitimate functions or activities (the primary purpose). An organisation must only collect personal information by lawful and fair means and not in an unreasonably intrusive way. At the time of collection (or as soon as practicable afterwards) an organisation must take reasonable steps to ensure that the individual is told: the identity of the organisation and how to contact it; that they can access the information; why the information is collected; the disclosure practices of the organisation; and any law that requires the particular information to be collected and the consequences (if any) for the individual if the information is not provided. Where practicable, an organisation should collect personal information directly from the individual. 41
46 Australia AUSTRALIA National Privacy Principle 2 Use and disclosure As a general rule, an organisation should only use or disclose personal information for the purpose for which it was collected (the primary purpose). But an organisation can use or disclose personal information about an individual for another purpose (the secondary purpose) if: the individual has consented; or the secondary purpose is related to the primary purpose and might reasonably be expected to be used or disclosed for the secondary purpose. Special additional provisions apply for direct marketing and sensitive information (including health information). Legislation in the Australian Capital Territory, New South Wales and Victoria regulates organisations which collect, hold and use health information. Such legislation contains health record privacy principles which are broadly similar to the National Privacy Principles. In certain circumstances, if the employer collects health information, the employer will be required to comply with the health records legislation in the relevant State or Territory. F. What are the consequences of breaching privacy laws in your jurisdiction? General If an organisation breaches a National Privacy Principle, the organisation will have contravened section 16A(2) of the Privacy Act and interfered with the privacy of an individual contrary to section 13A(1)(b) of the Privacy Act. Individuals must make any complaints regarding an interference with privacy to the relevant organisation. If the complaint is not resolved it can be referred to the Office 42 Employee Data Privacy in Asia
47 Australia of the Privacy Commissioner for conciliation, and if this is not successful, for formal determination (enforceable by the Federal Court of Australia). Privacy Commissioner functions (a) Powers without complaint Under section 27(1)(ab) of the Privacy Act, the Privacy Commissioner has the power to investigate an act or practice of an organisation that may be an interference with the privacy of an individual because of section 13A and, if the Commissioner considers it appropriate to do so, to attempt, by conciliation, to effect a settlement of the matters that gave rise to the investigation. Where the Commissioner has investigated an act or practice (without a complaint having been made under section 36 of the Privacy Act), the Commissioner must report to the Minister about the act or practice, if the Commissioner thinks the act or practice is an interference with the privacy of an individual. The Minister must table the report before each house of the Federal Parliament. In this way, the report acts to name and shame contraveners of Privacy Act obligations. (b) Powers following complaint Pursuant to section 40 of the Privacy Act, the Commissioner must investigate an act or practice if: the act or practice may be an interference with the privacy of an individual; and a complaint about the act or practice has been made under section 36 of the Privacy Act. Pursuant to section 44 of the Privacy Act, if the Commissioner has reason to believe that a person has information or a document relevant to an investigation, the Commissioner may give to the person a written 43
48 Australia AUSTRALIA notice requiring the person to give the information to the Commissioner and/or to produce the document to the Commissioner. The Commissioner is also empowered to examine witnesses and direct persons to attend compulsory conferences for the purpose of the investigation. After investigating a complaint, the Commissioner may, under section 52 of the Privacy Act, find the complaint substantiated and make a determination, including a declaration that: the respondent has engaged in conduct constituting an interference with the privacy of an individual and should not repeat or continue such conduct; the respondent should perform any reasonable act or course of conduct to redress any loss or damage suffered by the complainant; and/or the complainant is entitled to a specified amount by way of compensation for any loss or damage suffered by reason of the act or practice the subject of the complaint. A determination by the Commissioner is not binding or conclusive between any of the parties to the determination. An organisation that is the respondent to a determination made under section 52: must not repeat or continue conduct that is covered by a declaration that determined the respondent has engaged in conduct constituting an interference with the privacy of an individual and should not repeat or continue such conduct; and must perform the act or course of conduct that is covered by a declaration that determined the 44 Employee Data Privacy in Asia
49 Australia respondent should perform any reasonable act or course of conduct to redress any loss or damage suffered by the complainant. The complainant or the Commissioner (if a determination was made under section 52) may commence proceedings in the Federal Court or the Federal Magistrates Court for an order to enforce a determination. If the court is satisfied that the respondent has engaged in conduct that constitutes an interference with the privacy of the complainant, the court may make such orders (including a declaration of right) as it thinks fit. The court may, if it thinks fit, grant an interim injunction pending the determination of the proceedings. G. What are the main pitfalls or areas to watch out for in your jurisdiction regarding the collection, use and/or handling of an employee s personal data? Employers should be mindful to ensure that any records held which contain the personal information of employees are only dealt with in a manner that directly relates to the employment relationship. That is, any employee records should only be collected, used and disclosed for the purpose of the employment relationship. Employers should obtain a written consent from prospective employees in relation to the collection, use and disclosure of personal and sensitive information which is obtained during the recruitment process. Employers should consider including such consents in their contracts of employment. Such consents will reduce the likelihood of an employer inadvertently breaching the Privacy Act in relation to information that does not directly relate to the employment relationship. 45
The Use of Social Media in the Workplace
The Use of Social Media in the Workplace Introduction There has been an explosion in the popularity of social media sites such as Facebook, MySpace, Twitter, Bebo and LinkedIn in recent years. Their popularity
More informationOBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
More informationAUSTRALIA S NEW PRIVACY LAWS - WHAT LAWYERS NEED TO KNOW ABOUT THEIR OWN PRACTICES
AUSTRALIA S NEW PRIVACY LAWS - WHAT LAWYERS NEED TO KNOW ABOUT THEIR OWN PRACTICES http://www.lawcouncil.asn.au The Privacy Commissioner has welcomed the Law Council s initiative in producing this overview.
More informationCYBER SECURITY - CYBER RISK MANAGEMENT AND MITIGATION. Scott Thiel, Partner June 2015
CYBER SECURITY - CYBER RISK MANAGEMENT AND MITIGATIN Scott Thiel, Partner June 2015 Agenda 1. Current threat environment 2. Regulatory frameworks of countries in the Asia Pacific region 3. Key challenges
More informationGetting Serious about Privacy and Cyber Security in Asia Pacific
SESSION ID: CDS-F04 Getting Serious about Privacy and Cyber Security in Asia Pacific Scott Thiel Partner DLA Piper @DLA_Piper Peter Jones Partner DLA Piper @DLA_Piper Agenda Current threat environment
More informationCOMPUTER MISUSE AND CYBERSECURITY ACT (CHAPTER 50A)
COMPUTER MISUSE AND CYBERSECURITY ACT (CHAPTER 50A) (Original Enactment: Act 19 of 1993) REVISED EDITION 2007 (31st July 2007) An Act to make provision for securing computer material against unauthorised
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationBest Practice Guide Workplace privacy
Best Practice Guide Workplace privacy 01 Work & family 02 Consultation & cooperation in the workplace 03 Use of individual flexibility arrangements 04 A guide for young workers 05 An employer s guide to
More informationQueensland WHISTLEBLOWERS PROTECTION ACT 1994
Queensland WHISTLEBLOWERS PROTECTION ACT 1994 Act No. 68 of 1994 Queensland WHISTLEBLOWERS PROTECTION ACT 1994 Section PART 1 PRELIMINARY TABLE OF PROVISIONS Division 1 Title and commencement Page 1 Short
More informationAlign Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
More informationCasino, Liquor and Gaming Control Authority Act 2007 No 91
New South Wales Casino, Liquor and Gaming Control Authority Act 2007 No 91 Contents Part 1 Part 2 Preliminary Page 1 Name of Act 2 2 Commencement 2 3 Definitions 2 4 Meaning of gaming and liquor legislation
More informationOverview of the Impact of the Privacy Reforms on Credit Reporting
Overview of the Impact of the Privacy Reforms on Credit Reporting June 2012 Andrew Galvin, Partner 1 OVERVIEW 1.1 Credit Reporting Reform - Background When initially passed, the Privacy Act 1988 essentially
More informationSURVEILLANCE AND PRIVACY
info sheet 03.12 SURVEILLANCE AND PRIVACY Info Sheet 03.12 March 2012 This Information Sheet applies to Victorian state and local government organisations that are bound by the Information Privacy Act
More information2015 No. 0000 FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Businesses (Credit Information) Regulations 2015
Draft Regulations to illustrate the Treasury s current intention as to the exercise of powers under clause 4 of the the Small Business, Enterprise and Employment Bill. D R A F T S T A T U T O R Y I N S
More information2015 No. 1945 FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Business (Credit Information) Regulations 2015
S T A T U T O R Y I N S T R U M E N T S 2015 No. 1945 FINANCIAL SERVICES AND MARKETS The Small and Medium Sized Business (Credit Information) Regulations 2015 Made - - - - 26th November 2015 Coming into
More informationSouth East Asia: Data Protection Update
Data Privacy and Security Team To: Our Clients and Friends September 2013 South East Asia: Data Protection Update Europe has had data protection laws in place for over a decade. Such laws regulate how
More informationInformation Handling Policy
Information Handling Policy 10 December 2015 Information Handling Policy 1. Who We Are 1.1 In this Information Handling Policy, references to we, our, us and ClearView are to ClearView Wealth Limited and
More informationWitness Protection Act 1995 No 87
New South Wales Witness Protection Act 1995 No 87 Status information Currency of version Current version for 5 October 2012 to date (generated 10 October 2012 at 19:15). Legislation on the NSW legislation
More informationIt is hereby notified that the President has assented to the following Act which is hereby published for general information:-
PRESIDENT'S OFFICE No. 967. 14 June 1996 NO. 29 OF 1996: MINE HEALTH AND SAFETY ACT, 1996. It is hereby notified that the President has assented to the following Act which is hereby published for general
More informationCommunity Housing Providers (Adoption of National Law) Bill 2012
Passed by both Houses [] New South Wales Community Housing Providers (Adoption of National Law) Bill 2012 Contents Part 1 Part 2 Preliminary Page 1 Name of Act 2 2 Commencement 2 3 Objects of Act 2 4 Definitions
More informationPersonal Data Act (1998:204);
Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their
More informationPrivacy and Cloud Computing for Australian Government Agencies
Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy
More informationJB Hi-Fi Limited Securities Trading Policy
JB Hi-Fi Limited Securities Trading Policy 1. Introduction and scope of this Policy Purpose and objectives 1.1 This document sets out the securities trading policy (Policy) of JB Hi-Fi Limited (JB Hi-
More informationIdentity Cards Act 2006
Identity Cards Act 2006 CHAPTER 15 Explanatory Notes have been produced to assist in the understanding of this Act and are available separately 6 50 Identity Cards Act 2006 CHAPTER 15 CONTENTS Registration
More informationCrossing Borders New Guidance on the Transfer of Personal Data outside Hong Kong
Legal Update Privacy & Security Hong Kong 20 January 2015 Crossing Borders New Guidance on the Transfer of Personal Data outside Hong Kong Section 33 of the Hong Kong Personal Data (Privacy) Ordinance
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationCrimes (Computer Hacking)
2009-44 CRIMES (COMPUTER HACKING) ACT 2009 by Act 2011-23 as from 23.11.2012 Principal Act Act. No. 2009-44 Commencement except ss. 15-24 14.1.2010 (LN. 2010/003) Assent 3.12.2009 Amending enactments Relevant
More informationPRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;
PRIVACY POLICY Our Privacy Commitment Glo Light Pty Ltd A.C.N. 099 730 177 trading as "Lighting Partners Australia of 16 Palmer Parade, Cremorne, Victoria 3121, ( LPA ) is committed to managing your personal
More informationA GUIDE TO THE OCCUPATIONAL RETIREMENT SCHEMES ORDINANCE
A GUIDE TO THE OCCUPATIONAL RETIREMENT SCHEMES ORDINANCE Issued by THE REGISTRAR OF OCCUPATIONAL RETIREMENT SCHEMES Level 16, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong. ORS/C/5
More informationNew South Wales. 1 Name of Act 2 Commencement 3 Definitions 4 Who is a witness?
New South Wales Page 1 Name of Act 2 Commencement 3 Definitions 4 Who is a witness? 5 Witness protection program 5 6 Inclusion in the witness protection program 5 7 Assessing witness for inclusion in witness
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationASPEN AUSTRALIA BRANCH PRIVACY POLICY
ASPEN AUSTRALIA BRANCH PRIVACY POLICY INTRODUCTION This policy applies to the operations of Aspen s Australia branch. Aspen is committed to complying with the principles of the Privacy Act 1988 and accordingly
More informationCarriers Insurance Brokers Pty. Limited
Our Privacy Policy At Carriers Insurance Brokers Pty. Limited, ABN 66 001 609 936, we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian
More informationCOMMENTARY. Hong Kong Strengthens Its Personal Data. on Direct Marketing JONES DAY
May 2013 JONES DAY COMMENTARY Hong Kong Strengthens Its Personal Data Privacy Laws and Imposes Criminal Penalties on Direct Marketing In 2012 Hong Kong introduced the Personal Data (Privacy) (Amendment)
More informationwww.corrs.com.au OFFSHORING Data the new privacy laws
www.corrs.com.au OFFSHORING Data the new privacy laws OFFSHORING DATA THE NEW PRIVACY LAWS Transfer of data by Australian organisations to other jurisdictions is increasingly common. This is a result of
More informationGUIDANCE FOR EMPLOYED BARRISTERS. Part 1. General
GUIDANCE FOR EMPLOYED BARRISTERS Part 1. General 1.1 This guidance has been issued by the Professional Standards Committee, the Professional Conduct and Complaints Committee and the Employed Barristers
More informationPrivacy, the Cloud and Data Breaches
Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global
More information12 May 2014. Professor Barbara McDonald Commissioner Australian Law Reform Commission GPO Box 3708 Sydney NSW 2001. By Email to: info@alrc.gov.
12 May 2014 Geoff Bowyer T 03 9607 9497 F 03 9607 5270 president@liv.asn.au Professor Barbara McDonald Commissioner Australian Law Reform Commission GPO Box 3708 Sydney NSW 2001 By Email to: info@alrc.gov.au
More informationQueensland building work enforcement guidelines
Queensland building work enforcement guidelines Achieving compliance of building work with the provisions of the Building Act 1975 and the Integrated Planning Act 1997 Effective 1 September 2002 Contents
More informationISSUES PAPER LEGAL REPRESENTATION AND JURISDICTIONAL LIMIT IN SMALL CLAIMS
DEPARTMENT OF THE ATTORNEY-GENERAL AND JUSTICE ISSUES PAPER LEGAL REPRESENTATION AND JURISDICTIONAL LIMIT IN SMALL CLAIMS June 2013 Legal Policy Division Department of the Attorney-General and Justice
More informationUnfair Dismissal Overview Definitions What is a dismissal? Constructive Dismissal not What is unfair dismissal? unfairly dismissed
Unfair Dismissal Overview This module contains information on the new unfair dismissal laws and covers off the following matters: Definitions surrounding unfair dismissal The Small Business Fair Dismissal
More informationSmall Business Grants (Employment Incentive) Act 2015 No 14
New South Wales Small Business Grants (Employment Incentive) Act 2015 No 14 Contents Page Part 1 Part 2 Preliminary 1 Name of Act 2 2 Commencement 2 3 Object of Act 2 4 Definitions 2 Grant scheme 5 Grant
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationFOREIGN LAWYERS AND THE PRACTISE OF FOREIGN LAW IN AUSTRALIA
FOREIGN LAWYERS AND THE PRACTISE OF FOREIGN LAW IN AUSTRALIA AN INFORMATION PAPER LAW COUNCIL OF AUSTRALIA Disclaimer This information paper has been prepared by the Law Council of Australia with the aim
More informationThis form must be accompanied by an Attending Physicians Statement, which can be obtained by telephoning any of our offices listed.
This form must be accompanied by an Attending Physicians Statement, which can be obtained by telephoning any of our offices listed. Full ne of Policyholder UNIVERSITY OF WESTERN AUSTRALIA Policy Number
More information2015 No. 0000 FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Business (Finance Platforms) Regulations 2015
Draft Regulations to illustrate the Treasury s current intention as to the exercise of powers under clause 5 of the Small Business, Enterprise and Employment Bill. D R A F T S T A T U T O R Y I N S T R
More informationBanking & Finance Terms of Reference
Banking & Finance Terms of Reference These Terms of Reference apply to those members of the Financial Ombudsman Service Limited who have been designated as having the Banking & Finance Terms of Reference
More informationNo. of 2006. Freedom of Saint Christopher Information Bill and Nevis. ARRANGEMENT OF SECTIONS
No. of 2006. Freedom of Saint Christopher Information Bill and Nevis. ARRANGEMENT OF SECTIONS SECTION PART 1 PRELIMINARY 1. Short title and commencement 2. Interpretation 3. Application PART 2 THE RIGHT
More informationAsia Pacific Legislative Analysis: Current and Pending Online Safety and Cybercrime Laws. A Study by Microsoft.
Asia Pacific Legislative Analysis: Current and Pending Online Safety and Cybercrime Laws. A Study by Microsoft. Table of Contents Legislative Gap Analysis Internet on Safety, Security and Privacy SECTION
More informationThe kinds of personal information we collect and hold vary depending on the services we are providing, but generally can include:
ABN 47 001 768 190 AFSL 244526 Our Privacy Policy At Capital Insurance Brokers, we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian
More informationROYAL AUSTRALASIAN COLLEGE OF SURGEONS
1. SCOPE This policy details the College s privacy policy and related information handling practices and gives guidelines for access to any personal information retained by the College. This includes personal
More information005ASubmission to the Serious Data Breach Notification Consultation
005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation
More informationPersonal Data Protection LAWS OF MALAYSIA. Act 709 PERSONAL DATA PROTECTION ACT 2010
1 LAWS OF MALAYSIA Act 709 PERSONAL DATA PROTECTION ACT 2010 2 Laws of Malaysia ACT 709 Date of Royal Assent...... 2 June 2010 Date of publication in the Gazette......... 10 June 2010 Publisher s Copyright
More informationPrivacy Policy. 30 January 2015
Privacy Policy 30 January 2015 Table of Contents 1 Overview 3 Purpose 3 Scope 3 2 Collection 3 What information do we collect? 3 What if you do not give us the information we request? 4 3 Use of information
More informationQueensland DRUG REHABILITATION (COURT DIVERSION) ACT 2000
Queensland DRUG REHABILITATION (COURT DIVERSION) ACT 2000 Act No. 3 of 2000 Queensland DRUG REHABILITATION (COURT DIVERSION) ACT 2000 Section TABLE OF PROVISIONS PART 1 PRELIMINARY Page 1 Short title.....................................................
More informationPrivacy fact sheet 17
Privacy fact sheet 17 Australian Privacy Principles January 2014 From 12 March 2014, the Australian Privacy Principles (APPs) will replace the National Privacy Principles Information Privacy Principles
More informationPrivacy business resource 3
Privacy business resource 3 June 2013 Credit reporting what has changed As part of the reforms to the Privacy Act 1988 (Privacy Act), credit reporting in Australia is regulated by a new Part IIIA. 1 The
More informationCompliance and enforcement. How regulators enforce the Australian Consumer Law
Compliance and enforcement How regulators enforce the Australian Consumer Law This publication was developed by: Australian Capital Territory Office of Regulatory Services Australian Competition and Consumer
More informationShare Trading Policy GWA007
GWA007 Created By Executive Director Date February 2005 Rev. No. 4 Updated By Executive Director Date December 2011 File Name Share Trading Policy GWA007 Approved By GWA Group Limited Board of Directors
More informationData Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
More informationTerms and Conditions of Offer and Contract (Works & Services) Conditions of Offer
Conditions of Offer A1 The offer documents comprise the offer form, letter of invitation to offer (if any), these Conditions of Offer and Conditions of Contract (Works & Services), the Working with Queensland
More informationTable of Contents. Introduction 3 What is Title Insurance? What are mortgage processing and loan servicing services? 3 This Privacy Policy 3
Privacy Policy First American Title Insurance Company of Australia Pty Ltd First Mortgage Services Pty Ltd First Mortgage Services Australia Pty Ltd 1 P a g e Table of Contents Page Introduction 3 What
More informationAnti-bullying jurisdiction
Anti-bullying jurisdiction Summary of the case management model For implementation from 1 January 2014 1 Overview 1.1 Purpose 1. This paper summarises the procedures and associated functions to be adopted
More informationProcessor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
More informationChapter one: Definitions. Chapter Two: Conditions for Employment
FOREIIGN WORKERS ((Prrohiibiittiion off unllawffull emplloymentt and assurrance off ffaiirr condiittiions)) LAW,, 5751--1991 Chapter one: Definitions 1. In this law - Foreign worker - worker who is not
More informationGUIDELINES ISSUED UNDER PART 5A OF THE EDUCATION ACT 1990 FOR THE MANAGEMENT OF HEALTH AND SAFETY RISKS POSED TO SCHOOLS BY A STUDENT S VIOLENT
GUIDELINES ISSUED UNDER PART 5A OF THE EDUCATION ACT 1990 FOR THE MANAGEMENT OF HEALTH AND SAFETY RISKS POSED TO SCHOOLS BY A STUDENT S VIOLENT BEHAVIOUR CONTENTS PAGE PART A INTRODUCTION AND STATEMENT
More informationWA Food Regulation: Temporary and Mobile Food Businesses
WA Food Regulation: Temporary and Mobile Food Businesses This document contains information on the application of the Food Act 2008 (the Act) in relation to temporary and mobile food businesses. It is
More informationOffice of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
More information1 L.R.O. 2001 Electronic Transactions CAP. 308B ELECTRONIC TRANSACTIONS
1 L.R.O. 2001 Electronic Transactions CAP. 308B CHAPTER 308B ELECTRONIC TRANSACTIONS ARRANGEMENT OF SECTIONS SECTION PART I Preliminary 1. Short title. 2. Interpretation. 3. Non-application of Parts II
More informationInternational. and when. technology. responsibly. and provide handled. including, in. Australia, in may rely on. (b) steps to notify collected.
Transportation Group International Privacy Policy 1 Introduction This Privacy Policy has been published to provide a clear outline of how and when personal information is collected, disclosed, used, stored
More informationSHARE TRADING POLICY
SHARE TRADING POLICY 1. Background 1.1 Murchison Holdings Limited ( MCH ) has adopted a corporate governance policy taking into account: 1.1.1 the Corporations Act 2001 (Cth); 1.1.2 the guidelines set
More informationTax Agent Services Act 2009
Tax Agent Services Act 2009 No. 13, 2009 An Act to establish the Tax Practitioners Board and to provide for the registration of tax agents and BAS agents, and for related purposes Note: An electronic version
More informationNATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH
NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH Council of Australian Governments An agreement between the Commonwealth of Australia and the States and Territories, being: The State of New South Wales The State
More informationPLEASE NOTE. For more information concerning the history of this Act, please see the Table of Public Acts.
PLEASE NOTE This document, prepared by the Legislative Counsel Office, is an office consolidation of this Act, current to May 30, 2012. It is intended for information and reference purposes only. This
More informationHealth Administration Act 1982 No 135
New South Wales Health Administration Act 1982 No 135 Status information Currency of version Historical version for 1 July 2011 to 13 May 2013 (generated 21 May 2013 at 13:52). Legislation on the NSW legislation
More informationQueensland PERSONAL INJURIES PROCEEDINGS ACT 2002
Queensland PERSONAL INJURIES PROCEEDINGS ACT 2002 Act No. 24 of 2002 Queensland PERSONAL INJURIES PROCEEDINGS ACT 2002 TABLE OF PROVISIONS Section Page CHAPTER 1 PRELIMINARY PART 1 INTRODUCTION 1 Short
More informationGuidance Note AGN 520.1
Guidance Note AGN 520.1 Fit and Proper Requirements Definition of a responsible person 1. The definitions of responsible persons cover those persons whose conduct is most likely to have significant implications
More informationCREDIT GUIDE. We are not required to provide you a copy of our assessment if we do not enter into a contract with you.
Harmoney Australia Limited ABN 12 604 342 823 Unit 389, 4 Young Street Neutral Bay, NSW 2089 CREDIT GUIDE Welcome! Your credit provider is Harmoney Australia Limited (ABN 12 604 342 823) Australian Credit
More informationDefinitions. Broker means Veda Advantage Information Systems and Solutions Limited;
Definitions Authorised Purposes means: (a) dealings with interests in land authorised by Law; or (b) a purpose directly related to such dealing provided that the purpose is not contrary to any Law; or
More informationProposal Form. BusinessGuard Accountants Professional Liability Insurance
BusinessGuard Accountants Professional Liability Insurance Important Notice Claims-Made and Notified Insurance This policy is issued by AIG Australia Limited on a claims-made and notified basis. This means
More informationEU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.
EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in
More informationData Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana
Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act
More informationWORKCOVER QUEENSLAND AMENDMENT BILL 2002
1 WORKCOVER QUEENSLAND AMENDMENT BILL 2002 EXPLANATORY NOTES GENERAL OUTLINE Objectives of the legislation To provide for miscellaneous amendments to the WorkCover Queensland Act 1996. Reason for the Bill
More informationLawlink NSW: Guide to the Workplace Video Surveillance Act
Guide to the Workplace Video Surveillance Act A Guide to the Workplace Video Surveillance Act 1998 (NSW) Privacy NSW February 2002 CONTENTS The Workplace Video Surveillance Act 1998 Coverage of the Act
More informationDaltrak Building Services Pty Ltd ABN: 44 069 781 933. Privacy Policy Manual
Daltrak Building Services Pty Ltd ABN: 44 069 781 933 Privacy Policy Manual Table Of Contents 1. Introduction Page 2 2. Australian Privacy Principles (APP s) Page 3 3. Kinds Of Personal Information That
More informationNavigate the risks. Data privacy regulation in Asia. Freshfields Bruckhaus Deringer llp
Navigate the risks Data privacy regulation in Asia Contents Introduction 2 Data privacy laws: the region at a glance 3 People s Republic of China 3 Hong Kong 8 Japan 12 Singapore 14 Vietnam 15 Other Asian
More information2010THE LEGISLATIVE ASSEMBLY FOR THEAUSTRALIAN CAPITAL TERRITORY. WORKPLACE PRIVACY BILL 2010EXPLANATORY STATEMENT Circulated by Amanda Bresnan MLA
2010THE LEGISLATIVE ASSEMBLY FOR THEAUSTRALIAN CAPITAL TERRITORY WORKPLACE PRIVACY BILL 2010EXPLANATORY STATEMENT Circulated by Amanda Bresnan MLA OVERVIEW The objects of this Bill are to ensure that employers
More information1.4 For information about our management of your other personal information, please see our Privacy Policy available at www.iba.gov.au.
Indigenous Business Australia Credit Information Policy 1 Purpose and application of this policy 1.1 This credit reporting policy (Credit Information Policy) describes and establishes how Indigenous Business
More informationNATIONAL INSURANCE BROKERS ASSOCIATION OF AUSTRALIA (NIBA) Submission to WorkCover Western Australia. Legislative Review 2013
NATIONAL INSURANCE BROKERS ASSOCIATION OF AUSTRALIA (NIBA) ABOUT NIBA Submission to WorkCover Western Australia Legislative Review 2013 February 2014 NIBA is the peak body of the insurance broking profession
More informationElectronic Commerce ELECTRONIC COMMERCE ACT 2001. Act. No. 2001-07 Commencement LN. 2001/013 22.3.2001 Assent 14.3.2001
ELECTRONIC COMMERCE ACT 2001 Principal Act Act. No. Commencement LN. 2001/013 22.3.2001 Assent 14.3.2001 Amending enactments Relevant current provisions Commencement date 2001/018 Corrigendum 22.3.2001
More information2013-2014-2015 THE PARLIAMENT OF THE COMMONWEALTH OF AUSTRALIA HOUSE OF REPRESENTATIVES/THE SENATE
2013-2014-2015 THE PARLIAMENT OF THE COMMONWEALTH OF AUSTRALIA HOUSE OF REPRESENTATIVES/THE SENATE PRIVACY AMENDMENT (NOTIFICATION OF SERIOUS DATA BREACHES) BILL 2015 EXPLANATORY MEMORANDUM (Circulated
More informationResponse of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16
Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16 Summary The Northern Ireland Human Rights Commission (the Commission):
More informationStandard Terms of Engagement. and. Terms of Business
Standard Terms of Engagement and Terms of Business Contents 1. Standard Terms of Engagement of Keirs Carr... 4 1.1 Accounting Services... 4 Accounting Services... 4 Compilation of Financial Statements...
More informationThe Cloud and Cross-Border Risks - Singapore
The Cloud and Cross-Border Risks - Singapore February 2011 What is the objective of the paper? Macquarie Telecom has commissioned this paper by international law firm Freshfields Bruckhaus Deringer in
More informationEducation Services for Overseas Students Act 2000
Education Services for Overseas Students Act 2000 Act No. 164 of 2000 as amended This compilation was prepared on 17 December 2008 taking into account amendments up to Act No. 144 of 2008 The text of any
More informationLEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT
LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text
More informationProposal Form. BusinessGuard Insurance Brokers Professional Liability Insurance
BusinessGuard Insurance Brokers Professional Liability Insurance BusinessGuard Insurance Brokers Professional Liability Insurance This policy is issued by AIG Australia Limited on a claims-made and notified
More informationConsultation Document on Review of the Personal Data (Privacy) Ordinance
Consultation Document on Review of the Personal Data (Privacy) Ordinance August 2009 Contents Page Foreword Executive Summary i iii Chapter One : Introduction 1 Chapter Two : An Overview of the Personal
More informationNumber 5 of 1994 TERMS OF EMPLOYMENT (INFORMATION) ACT 1994 REVISED. Updated to 1 October 2015
Number 5 of 1994 TERMS OF EMPLOYMENT (INFORMATION) ACT 1994 REVISED Updated to 1 October 2015 This Revised Act is an administrative consolidation of the. It is prepared by the Law Reform Commission in
More informationGuidance on Personal Data Protection in Cross-border Data Transfer 1
Guidance on Personal Data Protection in Cross-border Data Transfer PART 1: INTRODUCTION Section 33 of the Personal Data (Privacy) Ordinance (the Ordinance ) prohibits the transfer of personal data to places
More information