Are you doing enough to protect your employees’ personal information?


As an employer who collects personal and potentially sensitive information about your employees, it is important the right processes are in place when it comes to managing your employees’ personal information.

Personal information can be any information about an individual including their name, birthday, superannuation member number or even where they work. Some information may also be sensitive, such as membership of professional associations and/or unions, religious beliefs, and more.

By sharing such information, intentionally or not, you are exposing your employees and your organisation to potentially serious consequences, such as identity theft, fraud, lawsuits, etc.

To minimise such risks, here are some do's and don’ts when it comes to personal data protection


Store personal information in locked cabinets or on a secure IT system. Don’t share employees’ personal information with third parties, unless necessary (e.g. when required by government agencies or authorised by employees).
Minimise personnel access to employees’ personal information.  Don’t publish employees’ personal information without their authorisation.
Securely dispose of information when it is no longer required for any business or legal purpose.  Don’t retain personal information when it is no longer required for any business or legal purpose.

Most Australian organisations have obligations under the Privacy Act to treat personal information more carefully than other types of information. If you’re unsure whether the Privacy Act is applicable, visit the website of the Office of the Australian Information Commissioner (OAIC) and access their business guidance resources.

We can help

If you suspect that your systems or payroll services have been compromised, please let us know immediately.

We can take additional steps to help protect your employees’ super accounts. 

Contact us

This article is for guidance only and does not constitute as advice. Cbus encourages employers to seek their own independent legal advice in relation to privacy obligations.