DISCRIMINATION IN EMPLOYMENT ON THE BASIS OF CRIMINAL
RECORD
Click here to access:
Submission No. 83 - Office of the
Information Commissioner, Northern Territory
Submission from: Peter Shoyer, Information
Commissioner
21 March 2005
Dr Sev Ozdowski OAM
Human Rights Commissioner
Human Rights and Equal Opportunity Commission
GPO Box 5128
Sydney NSW 2001
Dear Dr Ozdowski,
Discrimination in employment on the basis of criminal record
Thank you for the providing a copy of the Discussion Paper. I apologise for my inability to respond within the deadline. I hope my input at this stage can nevertheless be of some value.
The Discussion Paper deals with an issue of significant public importance. I commend its authors for producing a very useful tool to promote public discussion.
With regard to use of criminal records in employment, I believe that there is substantial overlap between privacy and anti-discrimination principles. With regard to both, I consider that it is important to look at the whole 'life-cycle' of this information in the hands of employers, from the point of collection to the ultimate disposal of the information.
Privacy and criminal records in employment
Throughout Australia, privacy protection is based on sets of privacy principles that apply to personal information. Privacy principles deal with issues like initial collection of personal information, how the information is used, how it is checked for accuracy, how it is stored and how it is disposed of.
I will refer below to the Information Privacy Principles that apply to Northern Territory public sector organisations (the IPPs). The IPPs are contained in the Information Act NT. However, privacy principles that are similar, and in some cases almost identical, apply to government organisations in other Australian jurisdictions and to a large segment of the private sector.
Collection (IPPs 1 and 10)
1.1 A public sector organisation must not collect personal information unless the information is necessary for one or more of its functions or activities.
1.2 A public sector organisation must collect personal information only by lawful and fair means and not in an unreasonably intrusive way.
10.1 A public sector organisation must not collect sensitive information about an individual unless -
(a) the individual consents to the collection;
(b) the organisation is required by law to collect the information; .
Details of a person's criminal record comprise personal information that is protected under the Information Act NT. They also fall within a category of information which enjoys special protection under the Act - sensitive information.
Because it is sensitive information, a person's criminal record can usually only be collected by an organisation if the person consents, or if collection is required by law. In cases where pre-employment checks are required, access to the information is usually acquired with the express consent of the individual.
However, before seeking to obtain consent an organisation must satisfy itself that:
- collection is necessary;
- collection is carried out by lawful and fair means; and
- collection is not carried out in an unreasonably intrusive way.
These requirements apply even if an individual consents. It is incumbent on each organisation to satisfy itself on each those points. Complaints to the Information Commissioner can be made on the basis of a breach of any of those requirements.
Data Quality - Access and Correction (IPPs 3 and 6)\
3.1 A public sector organisation must take reasonable steps to ensure that the personal information it collects, uses or discloses is accurate, complete and up to date.
6.1 If an individual requests a public sector organisation holding personal information about the individual for access to the personal information, the organisation must provide the individual with access to the information except to the extent that -
. [a number of exceptions are listed]
6.3 If a public sector organisation holds personal information about an individual and the individual establishes that the information is not accurate, complete or up to date, the organisation must take reasonable steps to correct the information so that it is accurate, complete and up to date.
It is important that, in developing polices about collection and use of criminal records, organisations take reasonable steps to ensure that information is accurate and up to date. While organisations may expect a higher level of accuracy from an official source such as a National Police Certificate, it may be necessary to take additional steps to confirm the accuracy of a record supplied by a private provider.
In any case, details which are used as a basis for refusing employment, or otherwise treating an employee in a less favourable manner, should be checked with the employee to confirm accuracy or otherwise. Mistakes can always be made in the recording of information or simply in the preparation of a certificate. For example, I am aware of one case in which a person has disputed the recording of a conviction against him on the basis that the conviction should have been attributed to another person with an identical name.
More generally, it is important to allow for an individual to access to any criminal record information that continues to be held by the organisation, and to correct information that is inaccurate.
Use and disclosure (IPP 2)
2.1 A public sector organisation must not use or disclose personal information about an individual for a purpose ("the secondary purpose") other than the primary purpose for collecting it unless one or more of the following apply:
(a) if the information is sensitive information -
(i) the secondary purpose is directly related to the primary purpose; and
(ii) the individual would reasonably expect the organisation to use or disclose the information for the secondary purpose;
.
(c) the individual consents to the use or disclosure of the information; .
It is important that policies and procedures recognise the limited purpose for which criminal history information is obtained. Information that has been obtained solely for the purpose of deciding an employment application should not be available for later use for purposes that are not directly related. Criminal history information should not be regarded as the property of the employer to do with as it wills.
Data security (IPP 4)
4.1 A public sector organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.
4.2 A public sector organisation must take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose.
Any criminal history information held on an individual should be destroyed as soon as possible. This is particularly true in a situation where, as the Discussion Paper acknowledges, disclosure limited to 'relevant' parts of a criminal record is not an option.
The longer a criminal record, with its 'relevant' and 'irrelevant' portions, is retained on file, the greater the chance that someone within the organisation will discover that information and use it for another purpose which may in some way adversely impact on the individual. Adverse impacts can arise through denying some work opportunity or privilege to the individual. But they may equally arise simply through a negative impact on relationships with other staff.
The simplest way to deal with management issues is to securely dispose of all information once a valid check has been carried out. Information should only be retained if, and to the extent that, it is necessary for the functions of the organisation. If it is retained-
- procedures should be put in place to ensure that the information is stored with a level of security that reflects its sensitivity; and
- the information should be disposed of as soon as reasonably possible.
Conclusion
The Discussion Paper deals with an issue of public importance. In the context of child related employment, there is currently a great deal of activity from government and the private sector. However, in relation to the broader issue, I believe there is much to be said for the development of guidelines that can assist individual employers to develop their own policies and procedures to address anti-discrimination and privacy concerns.
There may be room for development of model policies and procedures but they would need to recognise the importance of adopting a flexible approach that allows each case to be assessed and approached on its own merits.
The starting point for development of any guidelines should be an exposition of the circumstances in which it is appropriate or inappropriate to rely on criminal records in making employment-related decisions. In other words, the when and how of 'relevant' criminal records.
With that framework established, guidelines should also address issues such as checking the accuracy of information, limiting the use of information to expressed purposes, secure handling and storage of information, and disposal of information at the earliest opportunity.
Yours sincerely
Peter Shoyer
Information Commissioner
|