Employment/HR Sensitive Data

Name: Employment/HR Sensitive Data
Creator: TestPattern Community
License: https://opensource.org/licenses/MIT

Detects references to sensitive employment and human resources data including performance reviews, disciplinary actions, and workplace investigations.

Type: keyword_list
Confidence: medium
Confidence justification: Medium confidence: keyword-based detection relies on phrase-matching regex within the Purview engine. Corroborative evidence keywords are needed for reliable identification since HR-related terms can appear in non-sensitive contexts.
Jurisdictions: au
Regulations: AML/CTF Act (Cth), HRIPA (Cth), IPA 2009 (Qld), My Health Records Act 2012 (Cth), NDB Scheme (Cth), Privacy Act 1988 (Cth), TIA Act 1979 (Cth)
Frameworks: ISO 27001, ISO 27701
Data categories: pii, employment, sensitive-data
Scope: narrow
Risk rating: 7

Should match

Disciplinary action taken regarding workplace misconduct — Matches 'disciplinary action' and 'workplace misconduct' via Pattern_hr_sensitive_phrase
Performance review summary and salary review documentation — Matches 'performance review' via Pattern_hr_sensitive_phrase
Workers compensation claim and return to work plan — Matches 'workers compensation' and 'return to work plan' via Pattern_hr_sensitive_phrase

Should not match

HR department phone number — No HR sensitive phrase matched by the Purview regex
Employment opportunities available — No HR sensitive phrase present

Known false positives

Generic HR terms such as employment or salary in non-sensitive contexts. Mitigation: Require specific sensitive HR keywords like disciplinary, grievance, or misconduct.