Does your business need to be compliant? Find out here.
14 Quick Checkpoints To Make Sure Your Business Needs Compliance.
As a business owner, you will hear the word ‘compliance’ bandied about frequently – but in all honesty, sometimes it is hard to know exactly what that means for your own individual business.
We want to make it easy for you, so you can stop wondering about whether you are required to comply with Australian Privacy Principles, just by following this simple list of questions.*
Because the last thing you want is for your business to be unprotected or vulnerable, so go through these questions, and confidently stay secure within the bounds of your compliance requirements.
Do you need to be compliant?
Question 1: Does your business handle personal information?
Question 2: Has your business had an annual turnover of more than $3m in any financial year since 2002?
Question 3: Does your business trade in personal information?
Question 4: Does your business trade in personal information (express or implied) without the consent of the individual and without being required or authorised by law?
Question 5: Is your business a health service provider?
Question 6: Is your business related to a larger body corporate that is subject to the Privacy Act?
Question 7: Is your business a Commonwealth contracted service provider?
Question 8: Are you a reporting entity or authorised agent of a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) or its Regulations or Rules?
Question 9: Does your business operate a residential tenancy database?
Question 10: Does your business carry on a credit reporting business?
Question 11: Is your business an employee association registered or recognised under the Fair Work (Registered Organisations) Act 2009?
Question 12: Is your business a protected action ballot agent for a protected action ballot conducted under Part 3-3 of the Fair Work Act 2009?
Question 13: Is your business a service provider that is required to comply with the data retention provisions in Part 5-1A of the Telecommunications (Interception and Access) Act 1979?
Question 14: Has your business voluntarily opted into the Privacy Act?
What to do if you are deemed to be compliant?
Be diligent about following the Privacy Act Guidelines. There are risks by not doing so, including loss of business, criminal liability, or loss of insurance cover.
In general, the time period to keep documents safe and secure is 7 years – but this depends on the kinds of personal information that you are storing, and the kinds of documents actually holding that information.
Once you are free to get rid of documents, then the key is to ensure they are securely destroyed by a reputable shredding and document destruction company. Ideally, they should guarantee complete destruction, and provide you with a Certificate of Destruction for your records. Make sure also that the company you choose is environmentally minded, recycling waste in the appropriate manner.
By shredding your data properly, you make sure that you are protected, your customers are protected, and your business is protected.
Rules about Document Destruction
As well as understanding the time period you are required to retain documents, there are also laws and guidelines when it comes to document destruction itself. If documents may be required for legal proceedings, for example, then it may be necessary to retain them indefinitely. If not, businesses are required to explain to their staff and have policies in place which ensures that all document and information destruction is undertaken safely and securely.
If you have any questions about managing your compliance with regard to document destruction, get in touch with a member of our team. We’ll make it easy for you.
*Questions sourced from the Australian Government Office of the Australian Information Commissioner