The Privacy Act 1993 (the Act) governs the way private information is handled in New Zealand and the Codes of Practice provide guidelines as to how confidential information should be managed. As an employer, the way you manage the information of your employees is important and there are legal guidelines to be followed. Breaches of the Act carry severe penalties and can break the trust between you and your employees permanently.
The Privacy Act covers 12 principles to ensure only necessary information is shared on behalf of an individual. The principles cover seven key areas:
• personal information being collected
• the storage and security of personal information
• handling requests around personal information, such as access and how to correct statement
• accuracy of personal information
• retention of personal data
• how personal information is used and whether it is disclosed
• the use of unique identifiers
Simply going through this list can help you identify some common areas where you may run into issues of privacy. Some examples can include who has access to payroll, sensitive employment data like date of birth, where this type of information is stored and how it is managed, or previous employment history which may be sensitive.
The administration of the Privacy Act 1993 falls to the Privacy Commissioner and requires a number of key tasks to be overseen. For employers, the key responsibility that may bring the Commissioner into your workplace is the investigation of complaints on privacy breaches. Thinking of the examples above, if an employee becomes aware that their data has been shared or is being managed poorly you may expect a visit or a phone call from the Privacy Commissioner.
Privacy policies in your workplace can limit the involvement of the Commissioner in your workplace, and can also help employees feel more confident in your management. For help with policies to improve privacy in your workplace call Employsure on 0800 675 700.