Candidate Rights During Background Checks in Australia

In Australia, you have a fundamental right to know when an employer is conducting background checks on you. This isn't just good practice — it's enshrined in law. Under the Australian Privacy Act 1988, organisations must be transparent about the personal information they collect, why they collect it, and how it will be used.

Before any screening begins, your prospective employer must clearly inform you about:

• The specific types of checks being conducted (police checks, reference checks, qualification verification, etc.)
• Why each check is relevant to the role you've applied for
• Which third-party providers will access your personal information
• How the results will be used in the hiring decision
• How long your data will be retained and who will have access to it

Employers cannot conduct background checks in secret. If you discover that checks were performed without your knowledge, this may constitute a breach of the Australian Privacy Principles (APPs). The Office of the Australian Information Commissioner (OAIC) has made it clear that covert collection of personal information during recruitment is not acceptable except in very narrow circumstances related to law enforcement.

It's also worth noting that you have the right to ask a prospective employer exactly what checks they plan to run before you agree. A reputable employer will have no issue explaining their screening process upfront. If an employer is evasive about what checks they're conducting, consider it a red flag about their broader approach to employee privacy.

Consent is the cornerstone of lawful background checks in Australia. Australian Privacy Principle 3 (APP 3) requires that personal information must only be collected by lawful and fair means — and in most employment screening contexts, this means obtaining your explicit, informed consent before any check is initiated.

For consent to be valid under Australian law, it must meet several criteria:

• Informed: You must understand exactly what you're consenting to. A vague "I agree to background checks" is not sufficient. The consent form should specify each type of check.
• Voluntary: You cannot be coerced into providing consent. While refusing may affect your candidacy, the employer cannot pressure you or misrepresent the consequences of refusal.
• Current: Consent must be obtained for each specific screening process. An employer cannot rely on consent given for a previous job application or role.
• Specific: Blanket consent forms that cover "any and all checks" are problematic. Each check type should be listed and, ideally, separately consented to.

For police checks through the Australian Criminal Intelligence Commission (ACIC), a signed consent form is mandatory. The applicant must provide proof of identity (typically 100 points) and sign a declaration authorising the check. Without this, no accredited provider can lawfully process the check.

Certain types of information carry additional protections. Under APP 3.3, sensitive information — which includes criminal records, health information, and biometric data — requires explicit consent and can only be collected when reasonably necessary for the organisation's functions. An employer asking for a health check for a desk-based office role, for example, would likely fail the "reasonably necessary" test.

You also have the right to withdraw consent at any time before the check is completed. If you change your mind, the screening provider must stop processing your information, though this will likely end your candidacy for the role.

Australian employers have legitimate reasons to conduct background checks, but their powers are not unlimited. What an employer can check depends on the role, the industry, and the relevant state or territory legislation.

Employers generally CAN check:

• Criminal history: Through an ACIC-accredited provider, but only with consent and only when relevant to the role. A minor traffic infringement from 10 years ago is unlikely to be relevant for an accounting position.
• Work rights: Under the Migration Act 1958, employers must verify that all workers have the legal right to work in Australia. This is a legal obligation, not optional.
• Professional qualifications: Verifying degrees, licences, and certifications that are genuinely required for the role.
• Employment history: Confirming previous job titles, dates of employment, and conducting reference checks with past employers and referees you've nominated.
• Driving record: When the role involves driving as a core function.

Employers generally CANNOT:

• Access your medical records without specific consent and a demonstrable need related to the inherent requirements of the role.
• Check your credit history unless the role involves significant financial responsibility (e.g., handling large sums, financial advisory). The Privacy Act restricts credit reporting access.
• Investigate your social media in ways that would constitute surveillance or collect information about your political opinions, religious beliefs, sexual orientation, or union membership — all of which are protected under APP 3.3.
• Contact referees you haven't nominated without your permission. Backdoor reference checks — contacting former employers not listed as referees — require your knowledge and consent.
• Access spent convictions in most circumstances (see state-specific spent convictions legislation).

If you're applying for roles in regulated industries such as healthcare, childcare, aged care, or financial services, additional checks may be mandatory under industry-specific legislation. For example, the National Law requires registered health practitioners to undergo criminal history checks, and the Worker Screening Act mandates Working With Children Checks for roles involving children.

Background check results are not infallible. Errors in criminal history databases, mistaken identity, outdated records, and data entry mistakes all occur. Under Australian Privacy Principle 13 (APP 13), you have the right to request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading.

If you believe a background check contains errors, here's how the dispute process typically works:

• Request a copy of the results: Under APP 12, you have the right to access any personal information an organisation holds about you. Ask the employer or screening provider for a copy of the check results.
• Identify the specific errors: Review the results carefully and document exactly what is incorrect and why.
• Lodge a correction request: Contact the screening provider in writing, specifying the errors and providing supporting evidence.
• Await a response: The provider must respond within 30 days. If they refuse to correct the information, they must provide written reasons and attach a statement to your file noting the disputed information.

During the dispute process, you should not be disadvantaged. Best practice — and what the OAIC recommends — is that employers should not make adverse hiring decisions based on disputed results until the dispute is resolved. Unfortunately, this is not strictly legally mandated in all circumstances, which is why it's important to raise disputes as quickly as possible.

For police check errors specifically, you can contact the relevant state or territory police service to request a review of your criminal history record. Each jurisdiction has its own correction process, but all are required to address genuine errors in their databases.

Keep records of all correspondence related to your dispute. If the screening provider or employer fails to address your concerns, this documentation will be essential if you escalate to the OAIC.

Once a background check is complete, what happens to your personal information? Under the Australian Privacy Act, organisations must not keep personal information for longer than is reasonably necessary for the purpose it was collected. This principle — found in APP 11.2 — gives you meaningful protections around data retention.

In the employment screening context, this means:

• Successful candidates: Your screening results may be retained as part of your employment file for the duration of your employment and a reasonable period afterward (typically 7 years, aligning with record-keeping obligations under the Fair Work Act 2009).
• Unsuccessful candidates: There is less justification for retaining your data. Most privacy experts and the OAIC recommend that unsuccessful candidates' screening data be destroyed or de-identified within 6 to 12 months.
• Screening providers: Third-party providers should have clear data retention policies. Reputable providers will specify how long they retain results and when data is purged.

You have the right to ask both the employer and any screening provider how long they will retain your data. You can also request deletion of your personal information once it's no longer needed. While there's no absolute "right to be forgotten" in Australian privacy law (unlike the GDPR in Europe), organisations must take reasonable steps to destroy or de-identify information that is no longer required.

If you're concerned about your data being retained unnecessarily, write to the organisation's privacy officer requesting deletion. They must respond and, if they refuse, provide reasons. Keep in mind that some retention may be required by other legislation — for example, financial services firms may need to retain records under anti-money laundering laws.

Australian anti-discrimination law provides significant protections for candidates during the screening process. Employers cannot use background checks as a pretext for discrimination, and the results of checks must be assessed in the context of their relevance to the role — not used as blanket disqualifiers.

Key legislation protecting candidates includes:

• Age Discrimination Act 2004: An employer cannot refuse to hire you because background checks reveal your age, or use age-correlated information (such as graduation dates) to discriminate. Screening processes should be age-neutral.
• Disability Discrimination Act 1992: Pre-employment medical checks are only lawful when related to the inherent requirements of the position. An employer cannot reject you based on a disability that doesn't affect your ability to perform the core duties of the role, with or without reasonable adjustments.
• Sex Discrimination Act 1984: Background checks cannot be applied differently based on gender. If male and female candidates for the same role are subjected to different screening requirements, this may constitute unlawful discrimination.
• Racial Discrimination Act 1975: Screening processes must be applied consistently regardless of race, ethnicity, or national origin. Using background checks disproportionately against candidates of particular racial backgrounds is unlawful.

At the state and territory level, additional protections exist. For example, most states have spent convictions legislation that prevents employers from considering old or minor criminal convictions. In Queensland, the Anti-Discrimination Act 1991 specifically prohibits discrimination based on a spent conviction. Similar protections exist in NSW, Victoria, and other jurisdictions.

The Fair Work Act 2009 also provides protections through the general protections provisions (Part 3-1). An employer cannot take adverse action against a prospective employee because of their race, colour, sex, sexual orientation, age, physical or mental disability, marital status, family responsibilities, pregnancy, religion, political opinion, national extraction, or social origin.

If you believe screening results have been used in a discriminatory way, you may have grounds for a complaint under both federal and state anti-discrimination legislation. The threshold for discrimination is that the protected attribute was a "substantial reason" for the adverse decision — it doesn't need to be the only reason.

If your rights have been breached during a background check process, you have several avenues for complaint depending on the nature of the issue.

Office of the Australian Information Commissioner (OAIC)

For privacy-related complaints — unauthorised collection, lack of consent, failure to correct errors, or data retention issues — the OAIC is your primary port of call. The complaint process involves:

• First, raise the issue directly with the organisation (the employer or screening provider). They have 30 days to respond.
• If unresolved, lodge a complaint with the OAIC via their online form at oaic.gov.au. Include all correspondence and evidence.
• The OAIC will attempt conciliation between you and the organisation.
• If conciliation fails, the Commissioner may make a determination, which can include orders for compensation, apologies, or changes to practices.

Fair Work Commission

If you believe an employer took adverse action based on a protected attribute revealed or inferred through a background check (discrimination, for example), you can lodge a general protections application with the Fair Work Commission. Key points:

• For prospective employees (not yet hired), you can make a general protections court application alleging adverse action in connection with your prospective employment.
• Applications should be made within 21 days of the adverse action, though extensions may be granted in some circumstances.
• The Fair Work Commission will first attempt to resolve the matter through conciliation.

State and Territory Anti-Discrimination Bodies

Each state and territory has its own anti-discrimination body that handles complaints under state legislation. These include the Anti-Discrimination Board of NSW, the Victorian Equal Opportunity and Human Rights Commission, the Queensland Human Rights Commission, and equivalent bodies in other jurisdictions. State bodies may offer additional protections beyond federal law.

Australian Human Rights Commission (AHRC)

For federal discrimination complaints, the AHRC handles complaints under the Age Discrimination Act, Disability Discrimination Act, Racial Discrimination Act, and Sex Discrimination Act. The AHRC process is free and involves investigation and conciliation. If a matter cannot be resolved, you may be granted leave to pursue the matter in the Federal Court or Federal Circuit Court.

Regardless of which avenue you pursue, document everything: save all emails, consent forms, rejection letters, and any communication about the screening process. Time limits apply to most complaints, so act promptly if you believe your rights have been breached.