The Office of the Australian Information Commissioner (OAIC) has published new COVID-19 privacy guidance for Australian Government Agencies and private sector employers.
The OAIC said in a statement that the Privacy Act did not prevent the sharing of critical information to manage the spread of Coronavirus.
“Agencies and employers (including private health service providers) have important obligations to maintain a safe workplace for staff and visitors and handle personal information appropriately,” the OAIC said.
“In order to manage the pandemic while respecting privacy, the OAIC advises organisations should aim to limit the collection, use and disclosure of personal information to what is necessary to prevent and manage COVID-19.”
The Office said Agencies should also take reasonable steps to keep personal information secure.
“This includes the personal information of employees and their family members, visitors to organisation premises, customers and the general public,” it said.
“Where changes to working arrangements are required, organisations also need to consider the potential impact on the handling and security of personal information, assess any risks and put mitigation strategies in place.”
It said personal information should be used or disclosed on a ‘need-to-know’ basis, and only the minimum amount of personal information reasonably necessary to prevent or manage COVID-19 should be collected, used or disclosed.
“Consider taking steps now to notify staff of how your organisation will handle their information in responding to any potential or actual case of COVID-19 in the workplace,” the Office said.
“Ensure reasonable steps are in place to keep personal information secure, including where employees are working remotely.”
The OAIC’s 203-page Privacy Safeguard Guidelines can be accessed at this PS News link.
