Key issues:

• An Australian employer was recently ordered, along with other remedial measures, to pay $60,000 compensation (including for ‘aggravated damages’) to 14 employees and former employees for breaching their privacy.
• The decision of the Office of the Australian Information Commissioner (OAIC) on 28 May 2019 ('QF' & Others and Spotless Group Limited (Privacy) [2019] AICmr 20 (28 May 2019)), highlights the risks for employers associated with improper handling of employee records and provides some useful insights into managing and containing those risks.
• In short, the employer might have avoided liability; much of the formal dispute resolution process, and; the associated adverse publicity, through:
  • further attention to its privacy policy and processes; and
  • in the terms and conditions of employment offered to the employees concerned.