the Privacy Act

As an employer, the information you collect and store about candidates and employees may be subject to Australian privacy laws contained in the Australian Privacy Principles (APPs).

The Privacy Act is Australia’s data protection law regulating the collection, use and disclosure of personal information about individuals – and that begins with the information you collect at the recruitment stage. Updated in February 2018, reviews should have been carried out within organisations, to confirm that they are compatible with the new privacy laws. 

The Act requires openness, so applicants should be aware of what information you are collecting, what it will be used for and who they can contact if they have any concerns. 

Knowing your privacy obligations is essential, as breaches can be costly. Any investigation will be a draining and time-consuming exercise. Depending on the breach, penalties may be imposed to a maximum of $420,000 for individuals and $2,100,000 for bodies corporate for serious or repeated non-compliance.

Employers need to be extra careful in the way they handle the pre-employment records and personal information of unsuccessful candidates. Again, there are high financial penalties for a corporate body which engages in a serious or repeated interference with the privacy of an individual.

collecting and storing data

Make sure your workers are aware of what’s allowed in terms of data and privacy, and what is not. 

Much of what’s required to comply with legislation is simply good practice – such as: 

  • only using the information for the purpose for which it was obtained, unless you explain clearly any additional uses
  • making sure either the employer or the agency they are using is identified
  • keeping personal information secure and treating it with respect
  • not asking for more information than is needed
  • making sure people understand how information will be verified
  • only keeping the information for as long as there is a clear business need for it. 

For more information visit the Office of the Australian Information Commissioner’s website:

small business opt-in

Small businesses and not-for-profit organisations with an annual turnover of $3m or less are not covered by the Privacy Act 1988, except those that provide health services or businesses that trade in personal information for benefit, service or advantage. They can, however, choose to opt-in to being covered by the Act and therefore subject themselves to the Australian Privacy Principles. This provides small businesses the benefit of any increase in consumer confidence.

more articles about: finding candidates