When recruiting, employers will usually make a number of requests for a job applicant’s personal information in order to assess their suitability for the role. Typical requests include requests for references, prior employment information and details of the applicant’s education and qualifications. The requirements of the Privacy Act 1993 (the ‘Act’) apply to the collection of a job applicant’s personal information during the recruitment process.

The allegations

This case involved a complaint from a job applicant who had applied for a position as a call centre operator through a temporary employment agency. During the recruitment process the employment agency had conducted a credit check on him for the employer, for a job that involved no financial risk. The complainant asserted that he found it disturbing that the employment agency had accessed his personal financial records and that this caused him unwarranted stress and humiliation. He alleged that this was a breach of privacy principle 1 (‘PP1’) of the Act which states:

Personal information shall not be collected by any agency unless –

      (a) the information is collected for a lawful purpose connected with a function or activity of the agency; and

      (b) the collection of the information is necessary for that purpose.

Rule 11(2)(b)(iii) of the Credit Reporting Privacy Code 2004 provides that a prospective employer should only access an employee’s credit information for positions that involve ‘significant financial risk.’ ‘Significant financial risk’ for the employer may include roles where employees handle accounts or payments i.e. accountants and financial advisors.

On this occasion the complainant expressed that he was sceptical whether it was necessary for the employment agency to collect his credit information. He claimed that the role he had applied for did not involve him handling any of the employer’s money nor would he be required to deal with sensitive information at the call centre.

The temporary employment agency’s response

In response to the complaint, the employment agency argued that performing credit checks in the interview process was standard practice and contractually required by their clients. They explained that their clients had an expectation that the employees they hired did not have any ‘convictions or credit worthiness issues.’ The employment agency stated that doing a credit check was a legitimate part of their screening process. Furthermore, they stated that employees in the call centre were handling sensitive information and therefore should be thoroughly vetted.

The employment agency also referred to the fact the complainant had consented to the credit check being carried out.

The outcome

The Privacy Commissioner concluded that the credit check could not be satisfied because the role did not involve significant financial risk. The Commissioner did not accept that a contractual obligation to perform the check overrules an agency’s obligation to comply with the Act.  Consenting to the check was also found not to alter the responsibility of the employment agency to comply with the Act. There is no exception in PP1(b) in relation to an individual’s consent.

In order to successfully claim that a breach of a privacy principle amounts to an interference with an individual’s privacy, the complainant must show that the breach caused or may cause damage, injury to feelings or adversely affect the rights or interests of the complainant. Though PP1 was breached the Commissioner did not accept that the requisite harm required by section 66(1)(b) of the Act was established. Consequently, the Commissioner did not find that there had been an interference with the complainant’s privacy.

A note to employers

In order to ensure that they don’t fall afoul of the Act, employers should only ask job applicants for pertinent information in order to ascertain a candidate’s suitability for the specific job.

An employer should be transparent when collecting information and ensure that the candidate is aware of:

  • Why specific information is being requested and what it will be used for;
  • Who will see/have access to the information;
  • Whether it is mandatory or optional for the candidate to provide the information and the potential consequences of denying the request;
  • The fact that the candidate may have access to this personal information for the purpose of correcting it if it is inaccurate.


Disclaimer: The above information is for information purposes only and does not constitute legal advice. It is recommended that specific professional advice is sought before acting on the information given.