There are a number of privacy pitfalls employers need to beware in conducting pre-employment checks, according to Amy Zhang, who says there are five key considerations employers should bear in mind when seeking to conduct pre-employment screenings
The importance of hiring a suitable and qualified employee is invaluable and, in large part, is often achieved by conducting a thorough pre-employment check. However, employers are often unaware of the privacy issues involved with conducting pre-employment screenings. These issues can extend to the types of pre-employment checks which can be conducted and the information which can be obtained by an employer from such pre-employment screenings, through to authorised or unauthorised uses of such confidential and sensitive information as set out in the Privacy Act 1988 (Cth). It is therefore important for employers and prospective employees to be aware of their respective rights in this area.
Pre-employment checks – why must employers be mindful of privacy?
Pre-employment checks are often conducted by employers at various stages of the recruitment process. However, most commonly, screenings are conducted before employment has been offered or commenced, and in many circumstances, the types of checks which are required by the employer will have been identified in the job description or the employment contract. Such checks include, but are not limited to, psychological, medical and functional assessments, review of a candidate’s employment history, credit and criminal history, as well as their use of different social media platforms.
Employers must be mindful that these pre-employment checks can not only be intrusive, but also invasive to potential employees. They must also be wary of the confidential nature of the information which has been disclosed by a prospective employee and ensure such checks are being conducted and handled with due care so as to avoid placing the employer at risk of breaching the Privacy Act. In particular, correct handling of personal information is pertinent to ensuring compliance with the Australian Privacy Principles (APP) found within schedule 1 of the Privacy Act.
The APP, which was introduced in 2012, aimed to set out the rights and obligations for the collection and use of private and confidential information. Non-compliance with the APP can allow an aggrieved individual to make a complaint to the Australian Information Commissioner pursuant to section 36 of the Privacy Act. If the matter cannot be resolved via conciliation, the Commissioner, following an investigation, can make declarations such as ordering the employer to compensate the individual for any losses suffered: see section 52 of the Privacy Act.
“Employers must be mindful that these pre-employment checks can not only be intrusive, but also invasive to potential employees”
Compliance with the APP can also protect an employer from an adverse action claim pursuant to the Fair Work Act 2009 (Cth), or from a discrimination claim pursuant to Commonwealth or State anti-discrimination legislation, arising from an employer’s inappropriate use of pre-employment information to discriminate against a prospective employee and reject their application on that basis.
Complying with privacy legislation
Important privacy principles relating to pre-employment checks
The definition of “personal information” under the Privacy Act is broadly defined to include most information employers are likely to obtain from or about a candidate during the recruitment process. Additionally, the handling of a prospective employee’s information is not considered to be exempt from the APP: see section 7B of the Privacy Act. As a consequence, privacy laws may be applicable to the collection, use and disclosure, access and correction, openness, anonymity and data security of a candidate’s pre-employment assessment(s). There are therefore various privacy issues an employer must take note of when conducting pre-employment checks.
The following pertinent APP are found in schedule 1 of the Privacy Act:
- Employers may only collect and use personal information for the purpose of assessing a candidate’s suitability for the role applied for (see Privacy Act Schedule 1- Part 2, Australian Privacy Principle 3);
- Before or at the time of collection of the personal information, an employer must bring to the attention of the candidate the purpose for which the information is being collected, their right to access the information collected, and to whom the information will be disclosed (see Privacy Act Schedule 1 – Part 2, Australian Privacy Principle 3.1-3.4);
- Collection of personal information from a third party about a candidate is only permissible if it is not reasonably practicable to obtain that information from the candidate directly. In the event that personal information is obtained from a third party, employers must inform the candidate that the information has been collected (see Privacy Act Schedule 1 – Part 2, Australian Privacy Principle 3.5-3.7 and 5.1-5.2);
- Employers must not disclose personal information of a candidate to anyone not involved in the recruitment process or to whom it is not reasonable to disclose such information to (see Privacy Act Schedule 1 – Part 3, Australian Privacy Principle 6.1-6.4);
- Employers must take steps to ensure that the personal information collected or relied upon is accurate, complete and up to date (see Privacy Act Schedule 1 – Part 4, Australian Privacy Principle 10);
- Subject to numerous exceptions, one of which includes circumstances where granting access would unreasonably impact on the privacy of other individuals, employers, upon the request of a candidate, must provide the candidate with access to personal information held by the employer in relation to the respective candidate. The exception noted above might be relied upon by an employer where an employer does not want to provide a candidate with a copy of a reference obtained from a previous employer (see Privacy Act Schedule 1 – Part 5, Australian Privacy Principle 12);
“Employers may be exposed to complaints of discrimination in the event that the request is not reasonable in the context of the job that has been advertised”
- Employers must not collect “sensitive information” in relation to a job candidate without the candidate’s consent or unless the collection is required by law. Sensitive information includes information or an opinion regarding a person’s racial or ethnic origin; political opinion; membership of a political, professional or trade association, or trade union; religious beliefs or affiliations; philosophical beliefs; sexual preferences or practices; criminal record, or health or genetic information. This requirement is particularly relevant to criminal record and passport checks that employers may undertake, and reinforces why prior consent is needed in order to conduct such checks (see Privacy Act Schedule 1 – Part 2, Australian Privacy Principle 3.3-3.4); and
- Employers must take reasonable steps to protect a candidate’s personal information from misuse or loss and from unauthorised access, modification or disclosure (see Privacy Act Schedule 1 – Part 4, Australian Privacy Principle 11).
Pre-employment checks which are legal under privacy legislation
The Privacy Act neither expressly prohibits pre-employment checks, nor lists pre-employment checks which are permissible under law. Rather, employers must ensure pre-employment checks which are conducted comply with the relevant APP (as referred to above) and is actually a required condition for the performance of the advertised position (for example, all childcare workers will be expected to undergo a working with children check before commencing employment).
Nevertheless, employers are considered to have a legitimate interest in performing the following (non-exhaustive) checks as long as they are within reason and necessary for the performance of the position advertised:
- academic record;
- character reference;
- credit history;
- criminal history;
- employment history;
- medical screening;
- passport check; and
- psychological screening.
“Candidates should be made aware of all required pre-employment screenings at the earliest date possible”
Although there is no express prohibition on asking a candidate to disclose information regarding their criminal background or medical history, as noted above, employers must ensure that they obtain consent from the candidate before such information is obtained. Otherwise, employers may be exposed to complaints of discrimination in the event that the request is not reasonable in the context of the job that has been advertised. Of course, even where consent is obtained, employers must still be vigilant of potential discrimination complaints associated with such checks. Accordingly, employers should exercise caution in conducting pre-employment checks and only use them to the extent necessary.
Practical tips for employers
Given the potential issues that can arise, employers should bear in mind the following when seeking to conduct pre-employment screenings:
- Where there is a discrepancy between the information obtained as a result of the pre-employment checks and the information provided by the candidate themselves, employers should discuss this discrepancy with the candidate and give them an opportunity to explain the discrepancy;
- Candidates should be made aware of all required pre-employment screenings at the earliest date possible. This can either be made available at the time the job is advertised or at the time of the first interview;
- All pre-employment screenings which are conducted must be reasonable and reasonably required to ascertain the suitability of a candidate for the role set out in the job position which has been advertised;
- All employers must maintain the confidentiality and sensitivity of information obtained during the pre-employment screening process and ensure that such information is not divulged in an unauthorised manner which is contrary to the APP; and
- All employers should adhere to the APP during the pre-employment screening process.