Triangles, privacy and a pandemic: navigating employment law in 2020

Print Friendly, PDF & Email


In our latest employment law newsletter, we discuss restructuring your business during a pandemic, understanding just what a triangular employment relationship is and what it means for you as an employer, and your new obligations under the Privacy Act 2020, which comes into force on 1 December.

Restructuring your business in a pandemic

With the COVID-19 pandemic and the economic restrictions it brings putting pressure on businesses, many business owners will be considering a restructuring of some kind at this time. While the situation we find ourselves in is unprecedented, employment law still applies as usual.

First and foremost, this means the age old requirement for consultation still applies, even if you have a genuine reason to restructure your business. An employer must consult with employees who will (or could potentially) be affected by any changes including:

  • presenting the “proposed” structure to the employees in writing, together with the reasons for the proposed changes i.e. significant financial downturn and how that might affect their role
  • providing those employees with an opportunity to provide feedback on the proposed changes, including giving them an opportunity to seek independent legal advice, and having a representative or support person with them when they attend the meeting, and
  • considering alternatives and then genuinely taking the employee’s feedback into account prior to coming to a decision on the “confirmed” structure.

The consultation process is usually conducted through face-to-face meetings but can be conducted digitally (via video conferencing) or in writing due to the COVID-19 climate e.g. a lockdown.

If you are considering a restructure, you should spend a reasonable amount of time preparing your business case and ensuring you understand the reasoning for the changes you’re proposing. You’ll need to be prepared to share that information with employees as part of the process, or at least have that information available should an employee request it.

A genuine reason for a redundancy is typically based on what a “fair and reasonable employer could have done in all the circumstances”. However, employers could be remiss for thinking the downturn in the economic climate is enough to meet that qualification. In a case called Totara Hills Farm, the Employment Courts confirmed that if a redundancy is challenged by the employee, the employer cannot simply say there was a genuine business reason without the Court examining the merits of the claim.

Employers may also think that a restructuring process could be an easier way to let go of difficult staff. However, there are lower risk ways of resolving employment issues, so we strongly recommend seeking legal advice before going down this path.

Are you my employer? Understanding the Triangular Employment Relationship

By now, those of you that use labour hire, contract workers or assert control over the employees of others should be aware that the legal landscape has changed and the Employment Relations (Triangular Employment) Amendment Act 2019 (the Act) has been in force since 27 June 2020.

The Act deals with the situation where an employee of one employer works under the control of another person. Under the Act that situation is called a “triangular employment relationship” and, the identity of the real employer can become complicated. In some instances an employee will have two employers. The first being the original employer that is named on the individual employment agreement and the second being the person or entity that is exercising the control over that employee.

The changes to the law allow an employee that is in a triangular employment relationship to, under certain circumstances bring a personal grievance against their employer as well as the controlling third party that they are actually doing the mahi for.

The Act defines a ”controlling third party” as a person:

  1. who has a contract or other arrangement with an employer under which an employee of the employer performs work for the benefit of the person, and
  2. who exercises, or is entitled to exercise, control or direction over the employee that is similar or substantially similar to the control or direction that an employee her exercises, or is entitled to exercise in relation to the employee.

Generally speaking, if an employee is contracted, loaned, seconded or otherwise provided to a third party for a shutdown, project or specific piece of work and that third party dictates how the employee works or exercises control the way an employer would a triangular employment relationship exists.

Being party to a triangular employment relationship creates potential liability for both the original employer and the controlling third party and we recommend you seek legal advice as to how that risk can be reduced.

The new Privacy Act: What employers need to know

New Zealand has a new Privacy Act (the Privacy Act 2020) and it comes into force on 1 December 2020.

The update of the legislation is long overdue – consider that the original Act came into force five years before Google was invented! However, we think the changes have not been as well publicised as they could have been. Plenty of SME businesses are still yet to come up to speed on their obligations under the 1993 Act, let alone the updated version. Here, we set out some of the key obligations in the legislation along with a summary of some of the new features to expect from December.

What are an employer’s privacy obligations generally?

The underlying basis of the Act remains very similar to the 1993 original. It limits what you can do with people’s personal information. “Agencies” (people, companies, unincorporated bodies etc.) have to follow certain strict rules around the collection of personal information, how it is stored, how it is accessed, and what it is used for.

In a nutshell, you need a good and lawful reason to collect it – generally with permission, not to collect more information than is necessary for your lawful purpose, keep and store that information securely, provide access to the information to the person it is about, and only keep it as long as is necessary.

The summary above is a very simplified version of the obligations – there are additional obligations and exceptions to each of the principles.

The key point is that if you are an employer you should be on top of all your obligations under the Act.

In 2015, an employer breaching the 1993 Act in relation to an employee ended up having to pay nearly $170,000 for their mistakes. The new Act contains stricter requirements and so we are expecting privacy issues to become more common.

What has changed?

A number of the changes focus on the technological advances in the way we do business. The biggest companies in the world make their money from harvesting and selling people’s data – movements, shopping habits, political views etc. To ensure that is done in accordance with New Zealand law, there are now restrictions on when information can and can’t be passed to entities based outside New Zealand. That will be relevant for organisations which use cloud storage or various online services where the provider is based outside of New Zealand. Equally, the legislation seeks to capture overseas agencies doing business in New Zealand. It will be interesting to see how this is enforced against an overseas entity with a purely digital presence.

Organisations will also have a mandatory reporting obligation for certain breaches of privacy. Where an agency has breached a person’s privacy, and it causes (or is likely to cause) serious harm, they will have to notify the Privacy Commissioner. Think about a situation like accidentally emailing personal details held by an employer (like medical, performance, or disciplinary records) outside of the business. In some circumstances that could require a notification to the Commissioner. This is similar to the model seen in the Health and Safety arena.

At the enforcement end – the Commissioner can now issue compliance notices and there are new criminal offences (misleading an agency by pretending to be someone in order to obtain/destroy that person information, and destroying a document when a request for that document has been made). The maximum fines for offences have been raised from $2,000 to $10,000. That may be a five-fold increase, but is still much lower than many comparable jurisdictions such as Australia (up to $2 million).

How can we help?

Technical privacy obligations are often a long way down the list of priorities for businesses. While the potential fines are not high, the losses claims from individuals can be significant – often far higher than an ordinary employment claim.

The increased risk under the new Act should motivate all businesses and employers to make sure their processes around information privacy are up to scratch.

How can we help?

WRMK Lawyers has Northland’s largest team of employment law specialists. If you would like to discuss any of these topics further, or have a question about any kind of employment law matter, please give one of us a call or contact your usual WRMK lawyer for advice.

WRMK Lawyers takes all reasonable care to make sure that the information in this article is up-to-date and accurate at the time of publication. It is necessarily general information and not intended as legal advice to be relied upon.

Get in touch with your question now