Routine personal work information of public sector employees

Overview

The Information Privacy Act 2009 (Qld) (IP Act) and the Right to Information Act 2009 (Qld) (RTI Act), contain rules about information that is personal information. It is important to understand the way these Acts apply to personal information that is solely the routine personal work information of public sector employees.

Disclaimer

Routine personal work information is only relevant in relation to potential disclosure under:

• Information Privacy Principle 11 (IPP 11) or National Privacy Principle 2 (NPP 2); or
• a formal access application under the RTI Act or IP Act.

It does not apply to any other privacy principle or disclosure.

This guideline only addresses the disclosure of routine personal work information to the public or to a member of the public where the disclosure is for legitimate agency or department business.

Who does ‘routine personal work information’ apply to?

The concept of ‘routine personal work information’ applies to employees of agencies¹ which are subject to the RTI Act or IP Act.² It is not limited to those employed under the Public Sector Act 2022 (Qld) and may be relevant for employees of any agency subject to the legislation (such as local government, public authorities and ministerial staff).

For simplicity this guideline will refer to all agency employees as ‘public sector employees’.

What is personal information?

Personal information is defined in both the IP Act and the RTI Act as:

information or an opinion, including information or an opinion forming part of a database, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

This definition is extremely broad, and captures a substantial amount of information, beyond what most individuals would generally regard as 'private' or 'personal'.

Routine personal work information is personal information.

Routine personal work information of public sector employees

What is routine personal work information?

The information being considered in this guideline is limited to routine personal work information—personal information that is solely and wholly related to the routine day to day work duties and responsibilities of a public sector employee.

This includes information such as:

• a work email address
• a work phone number
• the fact of authorship of a work document, eg where the person's name is listed as one of the writers of a report
• a professional opinion given wholly in a professional capacity, eg that a stretch of vegetation is made up of specific sorts of plants
• a work classification, eg that someone is an AO6 project officer in the Administration area of a given department
• a work responsibility, eg that the officer is the contact if a member of the public has a complaint or a query about water allocation, or that an officer has responsibility for making decisions about granting licenses
• incidental appearances of a person's name in work documents, eg their identification as the author of a letter, their signature as an officer of a department, a mention of an officer as a member of a project team in documents produced by the project, a mention of an officer as having responsibility for a team or project, or holding a given position, on a departmental website or in a report; and
• information about qualifications held where they are required for the officer's position, eg that a scientific officer holds a Bachelor of Science.

This kind of personal information will be referred to as routine personal work information throughout this guideline.

What sort of information is not routine personal work information?

Information that is not related wholly to the routine day to day work activities of a public sector employee is not routine personal work information. The discussions below do not apply to information that is not routine personal work information, even if that non-routine information arose in or out of a work context, for example:

• complaints made by or about a public sector employee
• names and other personal information of employees in the context of dealing with a workplace complaint (including the subject of the complaint and colleagues)⁴
• reasons why an officer is accessing leave entitlements of any kind or when they have taken, or intend to take, leave
• opinions expressed at work that are not about work, eg an email discussion between two officers about a movie they had both seen
• opinions about another public sector employee
• the fact that an officer has been unsuccessful in applying for a different public service position
• details of how an officer utilises the flexible working hours arrangement, eg when they chose to start and finish work or when they access flextime
• opinions or reports about how well an officer performs their duties;
• identifying information, such as an officer's address, drivers’ license details, date of birth, or age⁵
• information about officers' emotions, team morale and incidents involving other people;⁶ and
• identification numbers.⁷

Public sector employees’ routine personal work information and the RTI Act

Access to documents under the RTI Act or chapter 3 of the IP Act

The RTI Act and IP Act allow people to apply to access documents of an agency or Minister. Access can be refused to exempt information or information the release of which would be contrary to the public interest.

Personal information is not a category of exempt information. Access to it can only be refused if would be contrary to the public interest to release (or if it is exempt for other reasons, eg it is confidential or would prejudice an investigation if released).

Information will be contrary to the public interest to release if the factors favouring disclosure outweigh the factors favouring non-disclosure (refer to the Public Interest Balancing Test for more information).

Relevant public interest factors

Schedule 4, part 3, provision 3 provides that it is a factor favouring non-disclosure that disclosure of the information could reasonably be expected to prejudice the protection of an individual's right to privacy (the privacy factor).

Schedule 4, part 4, provision 6 provides that disclosure of the information could reasonably be expected to cause a public interest harm if disclosure would disclose personal information (the personal information factor).

Other public interest factors

Additional public interest factors can apply to routine personal work information of a public sector employee. Those factors must be applied and balanced accordingly.

For example, in B31 and Queensland Ombudsman⁸ the Commissioner considered an application for the direct contact details of the Ombudsman and Deputy-Ombudsman. While their personal information was wholly employment related, the Commissioner found that it would be contrary to the public interest to release the information because of the:

• nature of the agency's role as a complaint handling body that often dealt with unreasonable complainant behaviour; and
• potential for release of the information to prejudice the efficient management of QO and the ability of the Ombudsman and Deputy Ombudsman to carry out their management functions, and executive roles and responsibilities, in an efficient and effective manner.

Balancing the routine personal work information for these factors

The routine personal work information of public sector employee is personal information within the meaning of the RTI Act and the IP Act.

This means the privacy and personal information factors will be relevant but—given that the infringement of a public sector employee’s right to privacy, or the harm that could potentially be caused, by disclosing routine personal work information will generally be minimal— and will generally be outweighed by the public interest in disclosure.

A number of factors contribute to this, including:

• the requirement that government departments be open and accountable with regards to their operations
• that public sector employees are employed in the business of government which delivers services to the public and the public is generally entitled to know the identity of the service deliverers, advice givers and decision makers
• the publication of public sector employees' appointments in the Government Gazette
• the appearance of routine personal work information in documents routinely disclosed, intended for disclosure, produced for disclosure or required by law to be disclosed, including reports, policy documents, decision notices and correspondence; and
• that a reasonable public sector employee would expect that information that is solely their routine personal work information would be made available to the public.

However, in some circumstances disclosure will not enhance government accountability or provide information about agency operations or reasons, background or contextual information for agency decisions, for example where the applicant has already been provided with the content and substance of the documents.⁹

In these circumstances, even a minimal weight given to the privacy and personal information factors may tip the balance in favour of non-disclosure.¹⁰

Assigning weight

The assigning of minimal weight to the privacy and personal information factors may be appropriate where an employee’s role was limited to administrative duties and/or they did not have a substantive role in agency operations or decisions.¹¹

The assigning of a higher weight to these factors may be appropriate where an employee’s role involves duties that could put them at risk if their routine personal work information was disclosed. For example, an employee’s identity as a member of an acute health care team¹² or the identity or advice of employees who conduct risk assessments of dangerous prisoners.

A number of factors contribute to this, including:

• the requirement that government departments be open and accountable with regards to their operations
• that public sector employees are employed in the business of government which delivers services to the public and the public is generally entitled to know the identity of the service deliverers, advice givers and decision makers
• the publication of public sector employees' appointments in the Government Gazette
• the appearance of routine personal work information in documents routinely disclosed, intended for disclosure, produced for disclosure or required by law to be disclosed, including reports, policy documents, decision notices and correspondence; and
• that a reasonable public sector employee would expect that information that is solely their routine personal work information would be made available to the public.

This applies only to routine personal work information as discussed above and not to any other personal information of public sector employees arising out of or in connection with the workplace.  It does not apply to the personal information of private sector employees.

Some Commissioner decisions that consider the application of routine personal work information are:

• Hardy and Department of Health (Unreported, Queensland Information Commissioner, 27 June 2011)
• Australian Broadcasting Corporation and Psychologists Board of Australia (Unreported, Queensland Information Commissioner 3 January 2012)
• G8KPL2 and Department of Health (Unreported, Queensland Information Commissioner, 17 June 2013)
• Kelson and Queensland Police Service [2017] QICmr 7 (3 March 2017)
• Poyton and Metro North Hospital and Health Service [2016] QICmr 50 (13 December 2016)
• Underwood and Department of Housing and Public Works (310671)
• Z Toodayan and Metro South Hospital and Health Service [2017] QICmr 34 (11 August 2017)
• Q51 and Logan City Council [2020] QICmr 61 (20 October 2020)
• G46 and Queensland Police Service (No. 2) [2020] QICmr 73 (7 December 2020); and
• O52 and Queensland Ombudsman [2020] QICmr 31 (11 June 2020)
• P22 and Metro South Hospital and Health Service [2023] QICmr 5 (2 February 2023); and
• E24 and Department of Justice [2025] QICmr 6 (27 February 2025).

Other factors

Other public interest factors may apply to routine personal work information of a public sector employee. Those factors must be applied and balanced accordingly.

Consultation

A decision maker must take reasonable steps to seek the views of someone who would reasonably be expected to be concerned about the release of information. Generally, when dealing with routine personal work information, there would be no reasonable expectation of concern and consultation would not be necessary. However, if based on the circumstances the decision maker believes the employee would reasonably be concerned, they will need to consult.

Public sector employees’ routine personal work information and disclosure under the privacy principles

As discussed above, routine personal work information is personal information within the meaning of both the RTI and the IP Act.  The IP Act contains privacy principles which regulate the disclosure of personal information.

Whether personal information can be disclosed in compliance with the privacy principles does not have the same ‘public interest’ considerations as a formal access application. The agency or Minister must consider the privacy principles to determine whether personal information (including routine personal work information) can be disclosed.

Generally, disclosure of a public sector employees' routine personal work information is unlikely to be a breach of the IP Act.

Disclosure under the privacy principles

Disclosure is defined in the IP Act as a situation in which an agency or Minister:

• gives personal information to an entity, or places it in a position to be able to find it out, where the entity does not know the personal information and is not otherwise in a position to be able to find it out; and
• the agency or Minister does not have any control over who the entity will cause to know the personal information.

If an agency or Minister makes a public sector employee’s routine personal work information available to a member of the public, eg by providing their name and work phone number to a person, or to the public generally, eg by including it on a webpage, they have disclosed it. The general rule under the IP Act is that personal information cannot be disclosed unless one of a number of factors apply.

Permitted disclosures under the IP Act

The rules about disclosure of personal information are contained in the privacy principles – the Information Privacy Principles (IPPs) and the National Privacy Principles (NPPs). The IPPs apply to all agencies (except health agencies); the NPPs apply to health agencies.

• IPP 11(1)(a) provides, relevantly, that an agency may disclose personal information if the individual the personal information is about would reasonably likely have been aware that it is the agency's usual practice to disclose the type of personal information to the relevant entity.
• NPP 2(1)(a) provides, relevantly, that information may be disclosed for a purpose other than the primary purpose for which it was collected if the secondary purpose is related to the primary purpose and the individual would reasonably expect the health agency to disclose the information for the secondary purpose.

Application to routine personal work information

Disclosure of routine personal work information to the public or to a member of the public for legitimate agency purpose will, in most circumstances, be a permitted disclosure under IPP 11(1)(a) or NPP 2(1)(a).

IPP 11(1)(a)

Under IPP 11(1)(a) it may be disclosed because a reasonable public sector employee would, because of the nature of a public sector employee’s position and the need to both interact with the public and provide it with information, be reasonably likely to be aware that routine personal work information would be disclosed to the public or members of the public where it was necessary for legitimate agency purposes.

NPP 2(1)(a)

The reason for collecting routine personal work information would, in most instances, be done to facilitate the workings of the health agency or to carry out its legitimate business. Where the secondary purpose for disclosing routine personal work information to the public or members of the public is to conduct legitimate business of the health agency, this is directly related to the primary purpose.

Under NPP 2(1)(a) it may be disclosed because a reasonable public sector employee would reasonably expect that routine personal work information would be disclosed to the public or members of the public where it was necessary for legitimate business of the health agency.

The privacy principles and routine personal work information generally

The routine personal work information ‘exception’ only applies when disclosing personal information under IPP 11 or NPP 2.  It does not change an agency’s obligation to collect, store, use and ensure the accuracy of routine personal work information in compliance with the privacy principles.