Disclosure: Privacy Australia is community-supported. We may earn a commission when you buy a VPN through one of our links. Learn more.

By Will Ellis

• 
• 
• 

Last Updated on January 11, 2023

As Australia attempts to flatten the curve, organizations are faced with unexpected challenges to tackle the spread of the novel Coronavirus (COVID-19). In the process, companies may be handling more personal information than usual, prompting human rights organizations to call for governments to comply with human rights laws.

During this time, it is vital that organizations understand their privacy obligations when designing and implementing urgent measures in response to the COVID-19 pandemic. But the severity of the virus could justify restrictions on certain human rights as governments use digital surveillance technologies to observe and monitor the population.

How Will OAIC Protect Personal Data

Earlier last month, the Office of the Australian Information Commissioner (OAIC) published guidance on the collection, use and disclosure of personal data to what is appropriate to stop and control the Coronavirus.

When gathering information related to COVID-19 and the risk of exposure with the virus, Commonwealth Government agencies and private sector organizations — including trusts, sole traders and companies — must comply with the requirements of the Australian Privacy Principles (APPs) and the Australian Privacy Act 1988 (Cth).

This involves data related to the individual’s symptoms, treatment and general health status.

Related: Australian Information Commissioner Sues Facebook

Be that as it may, Private sector organizations (including private health service providers) and agencies may need to gather, use and disclose personal information to control or avoid the Coronavirus in the place of business.

This includes information that the Department of Health claims is required to determine the risk and to enforce relevant controls to manage and prevent COVID-19. Private employers and agencies may need to use this information to inform employees who may be infected or at risk so that the appropriate precautions can be made.

At the same time — with the intention of managing the Coronavirus pandemic in Australia while taking privacy into account — private sector employers and agencies must aim to reduce the collection, use, and disclosure of personal data. When handling the health information of staff members, the employee record exemption may apply.

Australia’s COVID-19 Contact Tracing App

In just a few weeks, the Australian government is preparing to release a contact tracking app that will track every individual who has come into contact with a cell phone owner who has been tested positive for COVID-19.

This comes after the Chief Medical Officer Brendan Murphy stated that Australia has been carefully examining what Singapore has done in order to avoid and slow down the spread of COVID-19.

The Government services minister, Stuart Robert, has attempted to address privacy concerns by promising to reveal the tracing app’s source code, and claiming the mobile app will not trace people’s location.

At this moment in time, data privacy experts remain skeptical given that the Government hasn’t yet taken the measures it promised.

Related: Google/Apple Contact Tracing Privacy Concerns

Key Points

• Access to personal information should be limited to a need-to-know basis.
• Only the smallest amount of personal data necessary to control or stop COVID-19 should be gathered, used or disclosed.
• Consider taking measures immediately to inform employees of how their private information will be managed in response to any likely or confirmed case of Coronavirus in the place of business.
• Guarantee reasonable measures are in place to keep personal information safe.