The Information Privacy Act 2009 (Qld) (IP Act) and the Right to Information Act 2009 (Qld) (RTI Act), contain rules about information that is personal information. It is important to understand the way these Acts apply to personal information that is solely the routine personal work information of public sector employees.
Routine personal work information is only relevant in relation to potential disclosure under IPP 11 or NPP 2; it does not apply to any other privacy principle. It may also be a consideration in relation to formal applications and consultation processes under the RTI Act and the IP Act.
This guideline only addresses the disclosure of routine personal work information to the public or to a member of the public where the disclosure is for legitimate agency or department business.
Who does ‘routine personal work information’ apply to?
The concept of ‘routine personal work information’ applies to employees of agencies1 which are subject to the RTI Act or IP Act.2 It is not limited to those employed under the Public Service Act 2008 (Qld) and may be relevant for employees of any agency subject to the legislation (such as local government, public authorities and ministerial staff).
For simplicity this guideline will refer to all employees as ‘public sector employees’.
Private sector employees
The concept of routine personal work information does not apply to private sector employees.3
What is personal information?
Personal information is defined in both the IP Act and the RTI Act as:
information or an opinion, including information or an opinion forming part of a database, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
This definition is extremely broad, and captures a substantial amount of information, beyond what most individuals would generally regard as 'private' or 'personal'.
Routine personal work information of public sector employees
What is routine personal work information?
The information being considered in this guideline is limited to routine personal work information—information that is solely and wholly related to the routine day to day work duties and responsibilities of a public sector employee.
This includes information such as:
- a work email address
- a work phone number
- the fact of authorship of a work document, eg where the person's name is listed as one of the writers of a report
- a professional opinion given wholly in a professional capacity, eg that a stretch of vegetation is made up of specific sorts of plants
- a work classification, eg that someone is an AO6 project officer in the Administration area of a given department
- a work responsibility, eg that the officer is the contact if a member of the public has a complaint or a query about water allocation, or that an officer has responsibility for making decisions about granting licenses
- incidental appearances of a person's name in work documents, eg their identification as the author of a letter, their signature as an officer of a department, a mention of an officer as a member of a project team in documents produced by the project, a mention of an officer as having responsibility for a team or project, or holding a given position, on a departmental website or in a report; and
- information about qualifications held where they are required for the officer's position, eg that a scientific officer holds a Bachelor of Science.
This kind of personal information will be referred to as routine personal work information throughout this guideline.
What sort of information is not routine personal work information?
Information that is not related wholly to the routine day to day work activities of a public sector employee is not routine personal work information. The discussions in sections 5 and 6 below do not apply to information that is not routine personal work information, even if that non-routine information arose in or out of a work context, for example:
- complaints made by or about a public sector employee
- reasons why an officer is accessing leave entitlements of any kind or when they have taken, or intend to take, leave
- opinions expressed at work that are not about work, eg an email discussion between two officers about a movie they had both seen
- opinions about another public sector employee
- the fact that an officer has been unsuccessful in applying for a different public service position
- details of how an officer utilises the flexible working hours arrangement, eg when they chose to start and finish work or when they access flextime; and
- opinions or reports about how well an officer performs their duties.
Public sector employees’ routine personal work information and the RTI Act
Access to documents under the RTI Act or chapter 3 of the IP Act
The RTI Act and IP Act allow people to apply to access documents of an agency or Minister. Access can be refused to exempt information or information the release of which would be contrary to the public interest.
Personal information is not a category of exempt information. Access to it can only be refused if would be contrary to the public interest to release (or if it is exempt for other reasons, eg it is confidential or would prejudice an investigation if released).
Information will be contrary to the public interest to release if the factors favouring disclosure outweigh the factors favouring non-disclosure (refer to the Public Interest Balancing Test for more information).
Relevant public interest factors
Schedule 4, part 3, provision 3 provides that it is a factor favouring non-disclosure that disclosure of the information could reasonably be expected to prejudice the protection of an individual's right to privacy.
Schedule 4, part 4, provision 6 provides that disclosure of the information could reasonably be expected to cause a public interest harm if disclosure would disclose personal information.
Balancing the routine personal work information for these factors
The routine personal work information of public sector employee is personal information within the meaning of the RTI Act and the IP Act. This means the above public interest factors are relevant.
However, the potential harm that could be caused by disclosure of routine personal work information will, in most circumstances, be minimal or none. Additionally, the infringement of a public sector employee’s right to privacy will, generally, be minimal or non-existent.
A number of factors contribute to this, including:
- the requirement that government departments be open and accountable with regards to their operations
- that public sector employees are employed in the business of government which delivers services to the public and the public is generally entitled to know the identity of the service deliverers, advice givers and decision makers
- the publication of public sector employees' appointments in the Government Gazette
- the appearance of routine personal work information in documents routinely disclosed, intended for disclosure, produced for disclosure or required by law to be disclosed, including reports, policy documents, decision notices and correspondence; and
- that a reasonable public sector employee would expect that information that is solely their routine personal work information would be made available to the public.
This applies only to routine personal work information as discussed above and not to any other personal information of public sector employees arising out of or in connection with the workplace. It does not apply to the personal information of private sector employees.
The assigning of minimal or no harm under these factors to the routine personal work information of a public sector employee may not be appropriate in all circumstances.
For example, for officers who conduct risk assessments of dangerous prisoners: disclosing their routine personal work information, ie their identity as risk assessors and/or the advice they provide, may cause harm if disclosed and if so, refusing access may be necessary to protect their safety.
Some Commissioner decisions that consider the application of routine personal work information are:
- Hardy and Department of Health (Unreported, Queensland Information Commissioner, 27 June 2011)
- Australian Broadcasting Corporation and Psychologists Board of Australia (Unreported, Queensland Information Commissioner 3 January 2012),
- Kelson and Queensland Police Service  QICmr 7 (3 March 2017)
- Poyton and Metro North Hospital and Health Service  QICmr 50 (13 December 2016)
- Underwood and Department of Housing and Public Works (310671); and
- Z Toodayan and Metro South Hospital and Health Service  QICmr 34 (11 August 2017).
Other public interest factors may apply to routine personal work information of a public sector employee. Those factors must be applied and balanced accordingly.
A decision maker must take reasonable steps to consult with someone who would reasonably be expected to be concerned about the release of information. Generally when dealing with routine personal work information, there would be no reasonable expectation of concern and consultation would not be necessary. However if, based on the circumstances, the decision maker believes the employee would be concerned, they consider if consultation is necessary.
Public sector employees’ routine personal work information and disclosure under the privacy principles
As discussed above, routine personal work information is personal information within the meaning of both the RTI and the IP Act. The IP Act contains privacy principles which regulate the disclosure of personal information.
Whether personal information can be disclosed in compliance with the privacy principles does not have the same ‘public interest’ considerations as a formal access application. The agency or Minister must consider the privacy principles to determine whether personal information (including routine personal work information) can be disclosed.
Generally, disclosure of a public sector employees' routine personal work information is unlikely to be a breach of the IP Act.
Disclosure under the privacy principles
Disclosure is defined in the IP Act as a situation in which an agency or Minister:
- gives personal information to an entity, or places it in a position to be able to find it out, where the entity does not know the personal information and is not otherwise in a position to be able to find it out; and
- the agency or Minister does not have any control over who the entity will cause to know the personal information.
If an agency or Minister makes a public sector employee’s routine personal work information available to a member of the public, eg by providing their name and work phone number to a person, or to the public generally, eg by including it on a webpage, they have disclosed it. The general rule under the IP Act is that personal information cannot be disclosed unless one of a number of factors apply.
Permitted disclosures under the IP Act
The rules about disclosure of personal information are contained in the privacy principles – the Information Privacy Principles (IPPs) and the National Privacy Principles (NPPs). The IPPs apply to all agencies (except health agencies); the NPPs apply to health agencies.
- IPP 11(1)(a) provides, relevantly, that an agency may disclose personal information if the individual the personal information is about would reasonably likely have been aware that it is the agency's usual practice to disclose the type of personal information to the relevant entity.
- NPP 2(1)(a) provides, relevantly, that information may be disclosed for a purpose other than the primary purpose for which it was collected if the secondary purpose is related to the primary purpose and the individual would reasonably expect the health agency to disclose the information for the secondary purpose.
Application to routine personal work information
Disclosure of routine personal work information to the public or to a member of the public for legitimate agency purpose will, in most circumstances, be a permitted disclosure under IPP 11(1)(a) or NPP 2(1)(a).
Under IPP 11(1)(a) it may be disclosed because a reasonable public sector employee would, because of the nature of a public sector employee’s position and the need to both interact with the public and provide it with information, be reasonably likely to be aware that routine personal work information would be disclosed to the public or members of the public where it was necessary for legitimate agency purposes.
The reason for collecting routine personal work information would, in most instances, be done in order to facilitate the workings of the health agency or to carry out its legitimate business. Where the secondary purpose for disclosing routine personal work information to the public or members of the public is to conduct legitimate business of the health agency, this is directly related to the primary purpose.
Under NPP 2(1)(a) it may be disclosed because a reasonable public sector employee would reasonably expect that routine personal work information would be disclosed to the public or members of the public where it was necessary for legitimate business of the health agency.
The privacy principles and routine personal work information generally
The routine personal work information ‘exception’ only applies when disclosing personal information under IPP 11 or NPP 2. It does not change an agency’s obligation to collect, store, use and ensure the accuracy of routine personal work information in compliance with the privacy principles.
- 1 In this Guideline, any reference to an agency includes a Minister.
- 2 Kiepe and the University of Queensland (Unreported, Queensland Information Commissioner, 1 August 2012) at paragraph 19.
- 3 Underwood and Department of Housing and Public Works (Unreported, Queensland Information Commissioner, 18 May 2012) at  and Y46 and Queensland Police Service  QICmr 3 (4 February 2020) at  – .
Current as at: February 4, 2014