Explaining the Privacy Act
Let’s help explain The Privacy Act, for both your business, and your customers.
If you’re unfamiliar with the Australian Privacy Act and its principles, now may be the time to start acknowledging it. There are few organisations who do not need to comply with the principles within the Act – thankfully the Australian Government has already made it easier for those trying to determine whether or not this is the case for their business.
If your small business handles personal or sensitive information or has had an annual turnover of more than $3M in any financial year since 2002, then chances are you need to understand how to comply. For more information on which businesses need to comply with the Australian Privacy principles please visit the Government website
The Australian Privacy Principles (APPs) place more stringent obligations on businesses who handle ‘sensitive information’. This is classified as a type of personal information and includes information about an individual’s:
· Racial or Ethnic Origin
· Political Opinions
· Membership of a political association, professional or trade association or trade union.
· Religious beliefs or affiliations
· Philosophical beliefs
· Sexual Orientation or practices
· Criminal record
· Biometric information that is used for certain purposes
· Biometric Temples
Each business should consider how the APPs apply to their unique situation. Such as how personal information can be used and disclosed and how it is kept secure. More importantly, following the APPs can benefit your business and your customers.
Sensitive information is given a higher level of privacy protection under the Privacy Act and you and your staff have additional responsibilities when you collect, use or disclose it. Generally, sensitive information can only be collected with someone’s consent. All employees should only have access to personal information that they need for their role or function. By limiting access to personal information, you’re helping to protect the information from unauthorised access, use or disclosure.
Businesses must take reasonable steps.
Businesses must take reasonable steps to protect personal information from unauthorised access, modification or disclosure and also against misuse, interference and loss. You must also take all steps necessary to destroy all personal information when it is no longer needed.
Finally, ensure yourself and your employees are familiar with and follow the businesses policies on information security, including internet security, physical security and access security. Always destroy personal information in accordance with your destruction policies. As well as this, ensure that employees are familiar with the businesses breach response plan. This will help everyone respond quickly and appropriately in the event of a data breach. Quick responses can substantially decrease the damage caused by data breaches and its harm to the business and its customers.
For more information regarding the Australian Privacy Act, data breach response plans for organisations and more, please visit this website . For document destruction services, you can rely on Shred Easy. By shredding your data properly, you make it impossible for it to be used for fraudulent purposes. You protect yourself, your customers, and your business. Contact us today on (07) 3823 4440 or get a quote online.