Protecting your clients’ personal information is critical to maintaining your business’ credibility. You may also have legal obligations to keep personal information secret under Australian privacy law.

Personal information is information that identifies the person to whom it relates. For example, names, addresses and credit card details. However, personal information may also include opinions if these contain identifying information. This article outlines practical steps to help you protect your clients’ privacy.

Only Collect the Personal Information You Need

You must take steps to protect the personal information you collect from being illegally disclosed or stolen. Therefore, it is an unnecessary burden to collect personal information that you do not require. As an example, to write follow-up emails to customers, it would usually only be necessary to collect names and email addresses.

Furthermore, once you no longer need personal information, you should destroy it. Ensure that you shred printed documents before disposal. Similarly, if you store personal information on an electronic device, you must wipe all copies before disposing of the device. Ideally, you should reformat all disk drives to ensure that you have deleted all information.

Share Personal Information on a Need-to-Know Basis

Only share clients’ personal information with those who need it to do their job. For example, if collecting names and addresses for direct marketing, only the marketing team should have access to the information. This will reduce the likelihood that the personal information is misused.

You may, however, disclose personal information to third-party service providers to enable them to provide their services to you. For example, you may need to disclose information to:

  • IT service providers;
  • data storage, web-hosting and server providers;
  • debt collectors;
  • marketing consultants; and
  • payment systems operators.

However, as with employees, the information you share should only be enough to allow the service provider to do their job.

Train Staff in How to Handle Personal Information

All staff with access to personal information must know how to keep it secure. Therefore, provide staff with training in the business’ privacy policies and procedures. You should also provide refresher training to keep staff updated on changes to Australian privacy law, as well as changes to how you collect, use or store personal information.

To complement this training, write a privacy manual that explains how to handle personal information. This allows your staff to check on a procedure if unsure. The manual should also include a copy of the business’ privacy policy so that staff can talk about this to clients.

Secure Electronically Stored Data

There is always a risk that your electronic data gets hacked or stolen. Keep all your software up to date to prevent security breaches, especially web browsers and operating systems. Install antivirus software to provide additional security.

You should also make sure you have strong password protection. These passwords should be complex, using both lowercase and uppercase letters, as well as symbols. Complex passwords are much less likely to be cracked.

Conduct a Privacy Impact Assessment

The Office of the Australian Information Commissioner recommends conducting a privacy impact assessment whenever you change business processes. For example, when you upgrade to a new accounting system. A privacy impact assessment will measure the privacy impacts of the change and describe how you plan to manage them to protect personal information. You should document the assessment in writing and it should result in real steps taken to improve privacy.

You should also consider an information security risk assessment. This is similar to a privacy impact assessment but focuses on security risks such as hacking. To conduct an information security risk assessment, identify weaknesses in your security systems and specific threats to your data security. Following this, decide how to manage these risks.

Communicate Your Privacy Policy to Clients

Taking these practical steps to protect your clients’ personal information will go a long way towards meeting your obligations under Australian privacy law. However, clients must also trust that you will keep their information secure. Otherwise, they might not give it to you in the first place.

Therefore, communicate to clients that you understand the importance of protecting their information, and further, that you have also taken action to protect it. You can best do this by displaying a privacy policy on your website, with PDF copies to distribute as needed. The policy should describe how you will collect, store and use clients’ personal information.

Key Takeaways

Protecting your clients’ privacy is important to keeping their trust. You may also have legal obligations under Australian privacy law. You can protect your clients’ privacy by taking practical steps such as:

  • restricting access to personal information;
  • training staff in your business’ privacy policies;
  • writing a privacy manual;
  • conducting privacy risk assessments; and
  • destroying personal information that is no longer relevant to your business.

If you need help in complying with Australian privacy law, call LegalVision’s online lawyers on 1300 544 755 or fill out the form on this page.

Jacqueline Gibson
If you would like further information on any of the topics mentioned in this article, please get in touch using the form on this page.
Would you like to get in touch with Jacqueline about this topic, or ask us any other question? Please fill out the form below to send Jacqueline a message!