If you're concerned about what legal liability you may be taking on...

Reference checks: What are your legal obligations under the Privacy Act 1988?

Providing or acquiring references for prospective employees can be a daunting process. The Privacy Act is just one area of law that impacts on what managers can say or do in regards to giving a reference.

What are your legal obligations when giving a reference?

Some of the possible legal pitfalls facing former employers providing references, include being accused of defamation, misrepresentation or an invasion of privacy.

Obligations under Privacy Act 1988

The Privacy Act 1988 protects an individual’s personal information, which is information or an opinion which does or could identify you. For example, your name, address, phone number or opinions about you. Personal information also includes references given by an employer.

Recent changes to the Privacy Act including a new set of Australian Privacy Principles (APPs)  outline how public and private sector organisations must handle personal information. This includes personal information provided as a reference. For example, the Privacy Act gives an individual a right to access and correct all the personal information an organisation holds about them, including a referee’s report.

In some limited circumstances, the Privacy Act  will deny an employee access to a referee’s report, for example when giving access would be a confidentiality law breach. However, in most cases, the employer would need to be prepared to give the referee’s report to the current or former employee. Employees also have a right under the Privacy Act to correct personal information if it is inaccurate, not up-to-date, incomplete, irrelevant or misleading.

Take a look at how the privacy laws relate to emails employees receive at work here

The Privacy Act also requires businesses to manage the information of anyone that provides information to the business. Download our free Data Breach Response Plan Template here.

Duty of Care

In addition to Privacy Act, employers need to be aware of their legal obligation to provide a duty of care when providing or acquiring a reference check. Employers have a duty of care under common law to the former employee that the information in the reference provided is correct and fair. Employers have an additional duty of care to the prospective new employer to truthfully portray the former employee’s professional attributes.

This balancing of duty of care to the employer and employee can be a challenge, and a contributing reason to why many employers are now choosing not to provide reference checks. Laneen Forde, Partner at Cornwall Stodart provides a useful summary of the obligations on employers providing references.  A new employer can make a claim against the old employer if the reference provided misrepresents the capabilities and qualities of the person.

How do you legally conduct reference checks?

  • Referees can only be contacted with the candidate’s permission.
  • Take notes when acquiring and providing a reference as evidence.
  • Provide information only to members of the selection panel as appropriate to confirm the appointment decision or staff as part of the selection process.
  • Store personal information in a secure way and destroy it after it is no longer required

Do you have to tell the candidate what the referee said?

Yes. Under the Freedom of Information Act & Privacy Act, employers are generally required to provide the referee’s report if the employee requests the information.

It is vital that referees should be asked if they are prepared to proceed with the reference with the knowledge that the employee can have access to it.

If you want to check out the ERS Academy, click on the image below.

Free Download: Termination Letter Template

Need to let an employee go? Use our letter of termination template to ensure you are using the correct format. 

termination letter template