Respect personal information and privacy

We handle personal information with respect and protect the privacy of all individuals.

Personal information is any information or opinion about a person that can be used to identify them. Protecting personal information and privacy is essential to prevent harm and maintain trust. 

Respect personal information and privacy

  • What it means for you

    BHP only collects personal information when necessary to meet business purposes. We are transparent and seek permission before collecting or using personal information and do not use personal information in any way that is not legal and required for a reasonable business purpose, or for personal gain. 

    Our Requirements help us safeguard this information against unauthorised or inappropriate access, disclosure or use. We act immediately if something doesn’t seem right. 

    A breach or misuse of personal information may cause serious harm to others.

  • How you make an impact
    You handle personal information with care and respect and follow Our Requirements.  
  • Resources
    Global Privacy Notice for BHP Workers
    Privacy Policy
    Data Global Standard
Worker on site

Always

• Have a legal, legitimate and specific BHP business purpose for collecting, sharing, using or handling personal information and do not use it for any other purpose. If you are unsure about the purposes for which you are entitled to collect, share, use or handle personal information, seek advice from Legal.

• Collect the minimum amount of personal information legitimately necessary for the specific business purpose.

• Maintain the accuracy of your personal information as well as any personal information that you handle or process.

• Retain personal information for the minimum amount of time necessary and securely dispose of it when it is no longer required as detailed in the Data Global Standard.

• Notify individuals why their personal information is required and how it will be used and allow them to exercise their legal rights in relation to their personal information.

• Adequately safeguard personal information against unauthorised or unlawful handling, access, use, modification, sharing, loss, interference, destruction or damage.

• Check and comply with the country-specific legal requirements for handling personal information, as applicable from time to time.

• Follow the Data Global Standard when creating, capturing or managing information including records, non-records, personal information and controlled documents.

• Follow the Privacy by Design Checklist when designing a new or changed processing activity that involves personal information.

• Immediately report any actual or suspected unauthorised access to, modification or disclosure of, or loss, misuse or interference of personal information to your line leader and cybersecurity@bhp.com.

Person at desk

Never

• Access or use or share personal information without specific authorisation from your line leader or a clear business requirement.

• Retain personal information for longer than legally required or necessary for the purpose it was collected (or any other purpose permitted by law).

• Collect or process sensitive personal information unless explicit consent has been obtained from the individual or it is permitted by applicable laws and regulations.

• Store files without adequate protection and access restrictions if they contain sensitive personal information, such as health data or payroll information.

Hypothetical scenarios

  • Q: I suspect the payroll details of an employee may have been mistakenly shared with an incorrect recipient. Should I wait until they confirm they have received the data to report the potential breach?
    A: No, you must immediately report all suspected and confirmed data breaches to your line leader and cybersecurity@bhp.com.
  • Q: I’ve recently changed my address and phone number but haven’t informed anyone at BHP. Is this a problem?
    A: We are required by law to keep your personal information accurate and up to date to ensure that you or your next of kin can be contacted in an emergency. It is your responsibility to inform us of any changes to your personal information as soon as possible. You can do this online (via the Digital Workspace) or by providing the information to your line leader or 2Up leader.

     

  • Q: I have been requested to create a report that involves payroll details of individuals at a site. What are the requirements I need to be aware of while storing and sharing this report?

    You must ensure:

    • only the minimum amount of data necessary for the report is collected and used
    • the report is stored securely and proper access rights are administered to prevent unauthorised personnel from accessing the report
    • the file is password protected or encrypted prior to being shared with others.
  • Q: While engaging with a potential candidate for an upcoming role, they discussed sensitive information regarding a pre-existing medical condition. Can I keep a detailed record of everything the candidate has shared with me?
    A: No. You must first consider whether it is necessary for you to record all this information, as it may not be necessary for a legitimate BHP business purpose and the candidate may not have intended for BHP to have it on record. You must also consider whether the candidate has been made aware of BHP’s Privacy Policy (which explains what types of information BHP collects and why), and has provided their consent to the collection of their sensitive information (including their health information).
  • View more hypothetical scenarios

    English

    español

    Chinese

    Portuguese

    Malay

How to speak up

If you have questions about Our Code, speak to your line leader, 2Up leader, Ethics and Investigations, Compliance, or Legal. Employee Relations or a HR Business Partner can direct you to the relevant reporting options available. You can also seek further information and resources via BHP’s RespectChat.  Anyone who works with us, on our behalf, or is associated with us, can also raise misconduct concerns via Integrity@BHP or the BHP Protected Disclosure Reporting Channel.

Online: Make a report in either Integrity@BHP or the BHP Protected Disclosure Reporting Channel

Phone: You can also contact the BHP Protected Disclosure Reporting Channel by phone

Download Our Code