All Australian businesses are required to comply with the Privacy Act 1988. The Act protects the privacy of individuals and dictates how their personal information is handled. The Act covers the collection, use, storage and disclosure of personal information.
The Privacy Act was amended recently to enhance the protection of privacy in Australia, with 13 Australian Privacy Principles (APPs) applied to all organisations with revenue greater than $3 million.
One of the key principles dictates that businesses must take reasonable steps to protect personal data from mis-use, including an obligation to destroy or de-identify data in some circumstances. This is where secure shredding and data destruction is critical to avoid significant fines and reputational damage.