Personal information consent form

A group of business people

Privacy laws have become quite onerous, especially where personal information is stored on computers or passed on to others for legal or industry compliance purposes.

Did you know that company-issued information such as an employee’s email address, employee ID, company phone numbers etc is considered to be personal information!

To achieve industry compliance you may also have been sharing professional licenses of your staff with your customers. As a result, you may have been passing on personal information such as name, date of birth, address, photo etc. If so, it is quite possible that your organisation could be breaching some privacy laws – by providing personal information of your staff to third parties without their express written consent.

The fact that the information must be passed on to your customer to make your organisation compliant with industry regulations may not be seen as an excuse for breaching privacy laws. We have to be compliant with both.

To ensure your organisation is compliant, we suggest you obtain written consent from your staff that allows you to store their personal information, internally or externally, for as long as your organisation or customers reasonably require and allows you to provide their company-related personal information to customers and regulators where your organisation is required to do so.

We developed an example form for Australian legislation so if you come under other legislation, please amend the form. Also, please be aware that we take no responsibility for how you use the attached consent form or whether it satisfies satisfy your organisation’s legal obligations. We, therefore, recommend that you seek your own legal advice around privacy law compliance.

And finally – even if you store staff personal information on paper, your own databases, or external databases like Strytex, we strongly recommend that your organisation obtain a signed statement of consent from every relevant staff member whose company-related personal information is going to be provided to third parties. And where better to store your signed consent forms than your Strytex Member Site.

We hope this helps. Happy complying!

Nigel Dalton-Brown, GAICD, AMIIA, MBA

Managing Director, Chair, Speaker, Lecturer, Author

Nigel is the Founder of Strytex and has been presenting and writing on Goverence, Obligational Awarenss, Risk Management and Compliance administration (GORC) since 2010.

Leave a Comment