June 6, 2023

Volume XIII, Number 157


June 06, 2023

Subscribe to Latest Legal News and Analysis

June 04, 2023

Subscribe to Latest Legal News and Analysis

Privacy in the time of COVID-19

Nothing can stop us from talking about privacy, including a pandemic! Yesterday, the Office of the Australian Information Commissioner (OAIC) issued guidance on the collection, use and disclosure of personal information during the COVID-19 pandemic (Guidance). 

It mainly serves as a reminder to organisations that even in these pressing times, they must comply with the Australian privacy regime. However, it also highlights what organisations can collect and do with personal information for the purposes of preventing and managing the spread of COVID-19.

Our key takeaways highlight what organisations can collect and what they then can do with the information. These include:

  • Primary purpose of collection – organisations can collect personal information, including sensitive health information, from their employees or visitors and then use or disclose it if the use or disclosure is related to the primary purpose of collection. In these circumstances, organisations collecting health information for the purpose of preventing or managing the risk and/or reality of COVID-19 can use and disclose that information to ensure that necessary precautions are adopted in relation to that individual and any other individuals.
  • Permitted general situation – a ‘permitted general situation’ exists where the collection is undertaken to ‘lessen or prevent a serious threat to the life, health or safety of any individual, or to the public health or safety’. In the current pandemic environment, organisations can collect, use and disclose necessary health information of its employees and visitors if in doing so the aim is to assist in preventing the spread of COVID-19.
  • Employee exemption – organisations can also rely on the employee records exemption under the Australian privacy regime which exempts organisations from having to comply with the requirements of the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles.

While organisations may have wide powers to collect, use and disclose personal information from their employees and visitors to assist containing the pandemic, the Guidance reinforces that organisations must still ensure that they limit the collection, use and disclosure of personal information to only what is necessary to prevent and manage the spread of COVID-19. Organisations should therefore avoid collecting information which go beyond what is reasonably necessary for this purpose, and must still take reasonable steps to keep the information secure from unauthorised disclosure and access.

Copyright 2023 K & L GatesNational Law Review, Volume X, Number 79

About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

Rob Pulham Corporate Attorney K&L Gates
Special Counsel

Rob Pulham is an experienced corporate advisory and transactional lawyer with an active technology and privacy practice representing companies in the energy, manufacturing, mining, retail, health and financial services sectors, as well as government and not for profit organisations. He has extensive experience advising customers and vendors in the technology industry, with particular focus on software licensing, data privacy and protection, and systems integration projects. In his role as a senior corporate lawyer, Mr. Pulham reviews organisational policies and practices...

Senior Attorney

Ms. Aggromito is a senior lawyer in the lawyer in the Melbourne commercial technology and sourcing team focusing on IT, privacy and data protection.

Rebecca Gill Commercial Technology and Sourcing Lawyer Melbourne K&L Gates

Ms. Gill is a lawyer in our Corporate and Transactional team at the Melbourne office.

Primary Practice

Commercial Technology and Sourcing


  • J.D., Melbourne School of Law University of Melbourne, 2018
  • B.A., University of Melbourne, 2014
  • Certificate I in Vocational Preparation, Australian Employment and Training Solutions, 2014