The Information Privacy Act 2009 (Qld) (IP Act) provides for the protection of personal information1 collected and held by Queensland government agencies2. It contains the privacy principles,3 which set the rules for what those agencies must and may do with personal information.
All agency employees must handle personal information in accordance with the privacy principles and their personal information must also be handled in accordance with the privacy principles. However, the privacy principles provide for extraordinary situations like a pandemic.
This guideline explains how these privacy obligations apply in common situations that have arisen in the pandemic.
I have been exposed, or tested positive to a virus such as COVID-19 – do I have to tell my employer?
It may be mandatory under Public Health Directions or as part of your workplace health and safety obligations. Your agency may also have given a direction that you must advise your manager or other senior officer in the event of exposure or a positive test.
If you have concerns or want to know the specific rules operating within your agency, you should speak to your supervisor or your agency’s human resources unit.
Can my employer advise other staff or visitors that I was the one who tested positive or was exposed?
If you attended the workplace after testing positive or being exposed, the agency will need to advise your colleagues and any visitors to the workplace that someone tested positive or was exposed to someone who tested positive. They can only share your identity if it is necessary, ie, you have been in close contact with a particular person and they need to know your status. However, where the workplace is small or, because of the circumstances, there is only one person it could have been, your identity may be apparent even if it is not specifically shared.
In certain circumstances both you and the agency may have to disclose this information to relevant authorities. Refer to the most recent Federal or State government health information for more details.
Assistance from your employer if you test positive
You may be entitled to special leave or specific government allowances or assistance if you test positive. Advising your employer as soon as possible will help them assist you in making a claim.
I have made a claim for financial assistance - what information will my employer provide so my claim can be assessed?
If you make a claim for assistance to a government body, your agency should only provide information required to assess your claim. This will often be information you consented to the government body obtaining when you applied for assistance. If you want to know more about the information they will ask for, you should check with the government body who is assessing your claim.
You could advise your agency they will be contacted about your claim and, if you chose, give it authority to disclose your information to the government body. This may expedite matters.
In some situations, your agency may be required by law to disclose certain information to the government body assessing your claim. In those circumstances, your agency must provide it and your authority is not required.
I’ve started working from home - what do I need to know?
You are required to meet your obligations as an agency employee even when working remotely. These include following your code of conduct, handling personal information in accordance with the privacy principles, following workplace policies and procedures, complying with information security requirements, and maintaining the integrity of agency records and documents.
If you are using your own device for official agency business, you must comply with any agency ‘bring your own device’ policy and ensure agency records are appropriately captured and stored. Any information you create in your capacity as an agency officer is a document of the agency, even if you are working remotely and using your own device, and it must be managed accordingly. If you are using an agency-issued device, you need to comply with all policies and procedures that govern the use of agency IT equipment and services.
You may need to take extra steps while working remotely to meet your privacy obligations, including securing information and devices and finding private spaces to conduct meetings or calls.
You should take extra care to:
- only use secure networks in line with your agency’s IT advice
- only use official agency email accounts or agency approved alternatives
- keep any devices used for work, such as laptops and mobile phones, secure and safe, including by locking computer screens when you are not at the keyboard and storing them where they are safe from unauthorised access or theft
- conduct your work in a secure and private space, for example taking extra precautions during phone calls or video conferencing to ensure they are not overheard by others
- comply with your agency’s policies and procedures for working remotely.
Your agency needs to give you access to appropriate resources, equipment and technical advice as needed.
For more information, refer to Protecting personal information when working remotely.
Access to agency systems
Where you use agency systems, eg email or collaborative tools such as Microsoft Teams or Zoom, the agency can access the contents and messages on those systems without breaching privacy where there is a legitimate need to do so, for example as part of investigating a complaint.
- 1 Any information about an individual whose identity is reasonably ascertainable. Refer to section 12 of the IP Act.
- 2 Agency includes a Minister.
- 3 Information Privacy Principles (IPPs) for non-health agencies; National Privacy Principles (NPPs) for health agencies.
Current as at: March 9, 2021