Case Citation: OPC v Employment Services Company [2005] PrivCmrA 13

Subject Heading: Improper collection of personal information on employment services application forms.

Law: Section 40(2) of the Privacy Act 1988 (Cth) and National Privacy Principles 1.1 and 7.2 in Schedule 3 of the Privacy Act, Tax File Number Guideline 5.1

Facts: The employment services company assesses applicants' qualifications, places selected applicants with employers and receives a fee from those applicants if the employers engage them. The Privacy Commissioner had received information that the employment services company had been requiring applicants to provide a large amount of personal information including their tax file numbers and credit card details. It was also alleged that the employment services company had photocopied applicants' passports and required applicants to sign a form consenting to a wide range of uses and disclosures of their personal information.

Issues: Tax File Number Guidelines 5.1 Tax File Number guideline 5.1 (issued under section 17 of the Privacy Act) provides that an organisation or individual shall only request or collect tax file numbers as authorised by taxation, assistance agency and superannuation law. The Privacy Commissioner took the view that collecting a tax file number from applicants, before they were accepted for registration and placement, was not authorised by taxation, assistance agency and superannuation law.

National Privacy Principle 7.2 National Privacy Principle 7.2 allows the use of Commonwealth identifiers (such as passport numbers) in limited circumstances, including those in which an organisation is fulfilling obligations to the agency that assigned the identifier. In this case it was the practice of the employment services company to photocopy passports, including the passport number, and store that information to later verify the identity of the individual. The Privacy Commissioner was of the view that photocopying and storing a passport number was a use that was not authorised under NPP 7.2.

National Privacy Principle 1.1 Under National Privacy Principle 1.1, an organisation must not collect personal information which is not necessary for one or more of its functions or activities. The employment services company required that applicants provide their credit card details on the application form. The employment services company initially argued that it was necessary to collect the credit card details in the event that the applicant was registered and placed in employment and wished to pay their fees via credit card. The Privacy Commissioner took the view that because an individual who had obtained a placement had the choice of using his/her credit card to pay fees to the employment services company it was not necessary for it to collect the credit card details of those who did not wish to provide them.

The Privacy Commissioner also raised concerns with the employment services company that its collection statement required applicants to consent to a broad range of uses and disclosures of individuals' personal information which may not have been necessary. The Privacy Commissioner advised that broad or "bundled" consent forms diminish individuals' freedom of choice, effectively coercing individuals to hand over their personal information and to agree to a variety of uses and disclosures in exchange for a service.

Outcome: The Privacy Commissioner initiated an investigation using her own motion power (without an individual having made an official complaint) under section 40(2) of the Privacy Act. As a result of the investigation, the employment services company removed the request for a tax file number and the requirement for credit card details from its application form. The employment services company agreed that it would sight passports rather than copy them and it agreed to review its consent form to remove references to unnecessary uses and disclosures of personal information. The employment services company also agreed to review the application form with a view to allowing applicants to opt-in to future uses and disclosures of their personal information unrelated to their placement with employers.

Consequently, the Privacy Commissioner closed the matter on the grounds that it had been adequately dealt with.

OFFICE OF THE PRIVACY COMMISSIONERJune 2005