July 12, 2020

Volume X, Number 194

July 10, 2020

Subscribe to Latest Legal News and Analysis

July 09, 2020

Subscribe to Latest Legal News and Analysis

Privacy in the time of COVID-19

Nothing can stop us from talking about privacy, including a pandemic! Yesterday, the Office of the Australian Information Commissioner (OAIC) issued guidance on the collection, use and disclosure of personal information during the COVID-19 pandemic (Guidance). 

It mainly serves as a reminder to organisations that even in these pressing times, they must comply with the Australian privacy regime. However, it also highlights what organisations can collect and do with personal information for the purposes of preventing and managing the spread of COVID-19.

Our key takeaways highlight what organisations can collect and what they then can do with the information. These include:

  • Primary purpose of collection – organisations can collect personal information, including sensitive health information, from their employees or visitors and then use or disclose it if the use or disclosure is related to the primary purpose of collection. In these circumstances, organisations collecting health information for the purpose of preventing or managing the risk and/or reality of COVID-19 can use and disclose that information to ensure that necessary precautions are adopted in relation to that individual and any other individuals.
  • Permitted general situation – a ‘permitted general situation’ exists where the collection is undertaken to ‘lessen or prevent a serious threat to the life, health or safety of any individual, or to the public health or safety’. In the current pandemic environment, organisations can collect, use and disclose necessary health information of its employees and visitors if in doing so the aim is to assist in preventing the spread of COVID-19.
  • Employee exemption – organisations can also rely on the employee records exemption under the Australian privacy regime which exempts organisations from having to comply with the requirements of the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles.

While organisations may have wide powers to collect, use and disclose personal information from their employees and visitors to assist containing the pandemic, the Guidance reinforces that organisations must still ensure that they limit the collection, use and disclosure of personal information to only what is necessary to prevent and manage the spread of COVID-19. Organisations should therefore avoid collecting information which go beyond what is reasonably necessary for this purpose, and must still take reasonable steps to keep the information secure from unauthorised disclosure and access.

Copyright 2020 K & L GatesNational Law Review, Volume X, Number 79

TRENDING LEGAL ANALYSIS


About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm
Partner

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

+61.3.9640.4261
Rob Pulham Corporate Attorney K&L Gates
Special Counsel

Rob Pulham is an experienced corporate advisory and transactional lawyer with an active technology and privacy practice representing companies in the energy, manufacturing, mining, retail, health and financial services sectors, as well as government and not for profit organisations. He has extensive experience advising customers and vendors in the technology industry, with particular focus on software licensing, data privacy and protection, and systems integration projects. In his role as a senior corporate lawyer, Mr. Pulham reviews organisational policies and practices regarding data privacy to identify key risks, develops and implements strategies to mitigate privacy and cybersecurity risks, and advises clients in the investigation of, and response to, data breaches.

Mr. Pulham also serves as a strategic advisor to his clients, regularly advising on large outsourcing and technology procurement matters including negotiating software licensing terms with ERP and CRM vendors such as Oracle, SAP and Salesforce, and on major systems integration transactions. He advises his clients on all facets of their technology practices, procurement and needs, including key technology procurement requirements and licensing issues (acting for both customer and service provider clients), marketing and advertising in compliance with Australian competition and consumer laws, website content and terms of use, and general commercial intellectual property and software licensing matters.

61-3-9640-4414
Senior Attorney

Ms. Aggromito is a senior lawyer in the lawyer in the Melbourne commercial technology and sourcing team focusing on IT, privacy and data protection.

+61.3.9205.2027
Rebecca Gill Commercial Technology and Sourcing Lawyer Melbourne K&L Gates
Rebecca

Ms. Gill is a lawyer in our Corporate and Transactional team at the Melbourne office.

Primary Practice

Commercial Technology and Sourcing

Education

  • J.D., Melbourne School of Law University of Melbourne, 2018
  • B.A., University of Melbourne, 2014
  • Certificate I in Vocational Preparation, Australian Employment and Training Solutions, 2014
61.3.9205.2126