Is It A Privacy Violation To Send A Work Email Celebrating Someone’s Birthday?

You’ve worked there before. The company where you get cupcakes every time it’s someone’s birthday, and of course there’s a newsletter sent out to your department announcing the celebration. But, a date of birth is personal information and it’s usually collected for employment purposes. So, is sharing it for this secondary purpose a data breach?  

The TL;DR answer: is that there is a low risk of a financial penalty or an enforcement action from the OAIC. It doesn’t appear we’ve had this come up yet in Australian privacy law. But that the law isn’t the only consideration here – some individuals may feel that it’s a violation of privacy, which isn’t good for company morale. 

Regulator Guidance on Workplace Birthday Celebrations

We couldn’t find guidance from the OAIC on the topic of workplace birthday emails, but the NZ Privacy Commissioner has published an answer in its ‘Ask Us’ Forum. The NZ Privacy Commissioner notes: 

If the person has told lots of people in the workplace about their birthday and the newsletter is only circulated within the workplace then it is not a problem. But you should not search employment records to find out colleagues’ birthdays for this purpose because that is not why the information was collected.

Try thinking about the culture of the workplace and about the person involved. Considerations of courtesy are a good guide. If publishing a colleague’s birthday is going to embarrass them in some way, or oblige them to provide a shout when they don’t have the time or money to do so, then don’t do it.

Personal Objections For Birthday Celebrations

There are a host of reasons people may not wish for their birthday to be celebrated or shared at work, including: 

• Individual comfort (or discomfort) with sharing personal details and information at work. 
• A desire to keep work and personal lives separate.
• Privacy consciousness. 
• Cultural and/or religious reasons. 
• Lack of time, money, or the desire to celebrate. 

At the company level, some people also don’t care to receive another email, or sign another card, or attend another gathering for cupcakes. So it’s helpful to to consider the company culture and personalities when deciding how to celebrate birthdays (if at all). 

Best Practices For Celebrating Birthdays in The Workplace

These are some best practices for celebrating birthdays in the workplace: 

1. Do not use information from their employment records for the purpose of celebrating birthdays.
2. Ideally, only share employee birth months via workplace newsletters or anything distributed in the workplace. 
3. Consider having employees opt-into birthday celebrations via a separate process during the onboarding, including them disclosing the month of their birthday. 
4. If they don’t opt-in, assume they do not want their personal information shared (and do not share it). 
5. Never divulge a person’s year of birth, and do not celebrate ‘milestone’ birthdays. 

Improve Your Privacy Posture With Privacy 108

Privacy 108 offers a comprehensive suite of privacy legal and consulting services, delivered by our team of privacy and security experts.We can help you navigate the legal landscape and business considerations so you can customise your privacy and security policies to fit your risk profile. 

Privacy108’s privacy consultants are well-versed in global trends in data privacy and data security – and we’re available to help you uplift your organisational privacy policies, awareness, and culture.