Victoria Acts: Covid Data Revoked. As we transition into a post-pandemic world, businesses are faced with new challenges and responsibilities. One such challenge is the recent recall of workplace regulations in Victoria.
In this article, our in-house privacy expert Darius Vitlin highlights 3 key takeaways and what to consider right now as these regulations come into effect.
With Victoria revoking its workplace regulations, businesses in that state are required to destroy the information they have collected about the vaccination status of their employees. It is a reminder too for all businesses to review their vaccination information requirements and decide whether any of the information they collected during the height of the pandemic is better destroyed or disposed of.
Vaccination information is health information, which is a high-risk type of personal information. That means there is a greater risk associated with holding it, and greater consequences in the event of a breach or other unauthorised disclosure.
Nationally, no jurisdictions have a blanket requirement for businesses to collect the vaccination status of employees. There may be requirements for certain industries, and workplaces in most jurisdictions are able to collect that information if they view it as appropriate. However, if there isn’t a clear continuing purpose for collecting vaccination status, businesses should review what information they hold, and how they can effectively dispose of it.
Key Takeaways:
Understanding the Risks of Retaining Health Information: Vaccination data is classified as health information, a high-risk category of personal data. The potential risks and consequences associated with unauthorised disclosure or breaches are significant, emphasising the need for businesses to handle such data with utmost care.
No Universal Requirement for Vaccination Status Collection: Across Australia, there is no blanket mandate for businesses to collect employees’ vaccination status. While certain industries may have specific requirements, it’s crucial for businesses to evaluate the necessity and purpose of collecting such information.
The Importance of Regular Data Review and Disposal: Considering the changing regulations, businesses should regularly review the information they hold. If there’s no clear, ongoing purpose for retaining vaccination status data, businesses should devise effective strategies for its disposal, ensuring compliance with privacy laws and regulations.
To conclude,the recall of vaccination information regulations in Victoria serves as a wake-up call for businesses to re-evaluate their data collection and retention policies.
If you have any further questions or need specific consultation on how privacy and data are being managed in your organisation, please contact Customer Science Group or complete the form below.
Written by Darius Vitlin
Resources:
https://www.worksafe.vic.gov.au/news/2023-07/expiry-covid-19-vaccination-information-regulations