Employers increasingly use wellbeing allowances to support employee health. However, traditional methods such as receipt-based reimbursements and prepaid cards can unintentionally expose businesses and employees to significant privacy risks.

Givenwell has reviewed recent analyses from leading law firm Buddle Findlay, alongside relevant New Zealand privacy cases. This blog highlights why avoiding these problematic models might be the best strategy. You can download detailed insights from Buddle Findlay’s reports at the end of this article.

How Receipt-Based and Card-Based Allowances Work

Receipt-based allowances involve employees submitting detailed receipts for reimbursement of wellbeing-related expenses. These receipts often reveal sensitive personal health information such as visits to therapists, medical specialists, or pharmacies.

Prepaid card-based allowances typically involve providing employees with cards restricted to certain wellbeing-related merchants or categories. Transactions are automatically tracked, potentially revealing sensitive details about an employee’s health-related spending patterns.

Both methods require collecting, storing, and processing personal data, creating substantial privacy risks.

Privacy Risks in Receipt-Based and Card-Based Allowances

Receipt-based reimbursements and prepaid card systems involve significant privacy concerns. Buddle Findlay’s analysis identifies several critical risks. Firstly, these systems can lead to excessive and unnecessary collection of sensitive data, exposing organisations to potential legal breaches under the Privacy Act. For instance, detailed receipts or card transactions can inadvertently disclose confidential health information such as mental health treatment, fertility clinics, or specialist healthcare services.

Moreover, this sensitive information may become accessible across multiple departments within an organisation, increasing the risk of data misuse or unauthorised access. Employees, aware of these vulnerabilities, may fear potential discrimination or unfair treatment based on the health details inadvertently revealed through their wellbeing claims, discouraging full utilisation of wellbeing resources.

Privacy Act 2020: Principles and lessons from the courts

New Zealand’s Privacy Act outlines essential principles regarding the handling of personal data. Organisations must collect only the necessary personal data directly related to their legitimate functions, ensure transparency about data use, secure data storage, restrict data access strictly to authorised personnel, and delete data when it is no longer needed.

Traditional wellbeing allowance models frequently struggle to meet these principles, inadvertently exposing businesses to significant compliance risks. Several recent cases highlight the severe consequences of mishandling employee privacy:

Health Agency Privacy Breach (2016)

In this notable case, an employee repeatedly accessed patient health records without legitimate cause, causing significant emotional distress and leading to organisational penalties. The Privacy Commissioner found the organisation's security measures inadequate, underscoring the critical need for strict access controls.

Stonewood Group Privacy Breach (2024)

The Stonewood Group faced penalties for covertly seizing and mishandling an employee’s personal devices, including medical and tax records. This breach led to substantial emotional harm and a notable financial penalty, highlighting the risks of improperly managing sensitive employee data.

NZCU Baywide Privacy Breach (2015)

In a particularly damaging case, NZCU Baywide was ordered to pay substantial damages after deliberately disseminating a former employee’s private information. This case vividly illustrates the severe reputational and financial consequences businesses face from privacy violations.

These examples emphasise the importance of rigorous adherence to privacy regulations and the severe

Buddle Findlay's Recommended Privacy-Safe Practices

To mitigate these privacy risks, Buddle Findlay recommends adopting wellbeing allowance solutions specifically designed with robust privacy safeguards. Organisations should implement systems that fully restrict visibility into individual employee spending, significantly reducing the potential for data breaches and misuse.

Additionally, Buddle Findlay stresses the importance of collecting only essential data directly necessary for reimbursement or allowance purposes. Clear, transparent communication with employees regarding how their data is used, secure data storage practices, strict access controls, regular privacy training, and routine compliance audits are essential strategies for reducing privacy risks.

Organisations adopting these comprehensive measures will simplify their administrative responsibilities and substantially minimise their exposure to privacy-related risks.

For more detailed information, download the full reports from Buddle Findlay below:

Download the PDF Report:

Receipt-based wellbeing allowances: privacy considerations

Download the PDF Report:

Card allowances: privacy considerations

Givenwell: A better way to offer wellbeing allowances

Givenwell is a smart, modern, and privacy-focused wellbeing solution that addresses these privacy challenges head-on. Our platform empowers employees by providing them with digital tokens that can be privately spent on hand-picked wellbeing experiences and products worldwide. With Givenwell:

• Employees enjoy confidential spending, knowing their choices remain private.
• Employers gain peace of mind with simplified administrative processes and guaranteed compliance with the Privacy Act.
• Teams experience increased satisfaction, engagement, and overall wellbeing.

Discover how Givenwell can transform your wellbeing programme into a trusted, private, and highly effective initiative.

Their wellbeing. Their way.

Give staff a wellbeing allowance to spend confidentially on millions of wellbeing options globally, from therapy, to health insurance, gym memberships to yoga, and more.

Learn more