In Short
- Beauticians must adhere to privacy laws concerning client data.
- Consent is required before collecting, using, or sharing client information.
- Implement strong data protection measures to secure client records.
Tips for Businesses
Familiarise yourself with privacy legislation relevant to your beauty business. Always obtain clear consent from clients before handling their personal information. Use secure systems to store data and regularly update your privacy policies to enhance compliance and build client trust. Training staff on privacy protocols is also essential.
If you run a beautician business, you will often collect and store personal information about your clients, such as their allergies and prior health conditions. In this context, you may have legal obligations regarding the handling of this personal information. Understanding these obligations helps you avoid breaching laws and facing heavy penalties. This article explains when you will need to comply with Australian privacy law for your beautician business.
The Privacy Act
The Privacy Act aims to protect individuals’ personal information and sets out how a business collects, stores and discloses personal information. Examples of personal information about clients that you might have include your clients’:
- names;
- addresses;
- emails;
- dates of birth; and
- medical history.
Am I an APP Entity? Do I Need to Comply With the Privacy Act?
You are an APP entity if :
- you have an annual turnover of more than $3 million;
- are a health service provider and you hold health information which is not in an employee record; or
- trade in personal information.
There are also other entities which might be APP entities but they are probably not relevant to you.
A health service provider is someone who intends to
- assess;
- maintain;
- improve;
- diagnose;
- manage;
- treat; or
- record an individual’s health.
Hence, even if your annual turnover is $3 million or less, you may qualify as an APP entity and need to comply with the Privacy Act.
Continue reading this article below the formWhat are My Obligations under the Privacy Act?
If you want or need to comply with the Privacy Act, the Act sets out a number of key principles or guidelines that you must comply with, which are called the Australian Privacy Principles (or APPs).
Some of the APPs distinguish between personal information and sensitive information. Relevantly for beauticians, sensitive information includes health information about an individual. You may request that your clients complete a questionnaire before some treatments.
Under the Act, you may have collected sensitive information if the questionnaire asked about:
- allergies;
- pregnancy;
- breastfeeding;
- overall health;
- diseases; or
- blood pressure.
Below, we set out key APPs and examples specifically relevant to beauticians.
Collection
You can only collect personal information if it is reasonably necessary for your activities.
You might also collect customer data in different ways.
You need to notify customers when you are collecting their personal information. You should have a Privacy Collection Notice, which should be made available to your client when you are collecting their information.
A Privacy Collection Notice is a statement detailing what personal information you are collecting from the individual, why you are collecting it, and how it will be used or disclosed. You must clearly explain what information you want, why you need it, and how you will use it or share it.
Sensitive Information
If you are collecting health information, this is defined as ‘sensitive information’ which is afforded higher levels of protection under the Privacy Act. You need to obtain consent before collecting any sensitive information.
Transparency
You must have a clear, easy-to-read and updated privacy policy which sets out how you deal with your clients’ personal information. You can make the policy available on your website, and at your front desk, so it is easily accessible to your clients.
Use of Personal Information
You can generally use personal information you collect from clients for the primary purpose of collection, such as providing your beauty services or maintaining client records. For any other uses (secondary purposes), you must ensure the use is reasonably expected and related to the primary purpose. Otherwise, you need to obtain the client’s consent. For example, sending appointment reminders via email after collecting a client’s email address for booking a facial treatment would likely meet this criterion.
You may also use or disclose information if the law requires it or in specific situations like preventing a serious threat to someone’s health. Always use the minimum necessary information and protect your clients’ privacy. It is best to clearly inform clients how you will use their information when you collect it.
Key Takeaways
Protecting your clients’ personal information creates more trustworthiness for your beautician business. You may be considered to be an APP entity, and thus required to comply with the Privacy Act if you have an annual turnover of over $3 million, or you are considered to be providing health services and collecting health information. Either way, the Privacy Act sets out principles you should comply with, including:
- only collecting information if necessary;
- using the information for the primary purpose for which it was collected or for a secondary purpose that your client would reasonably expect the information to be used for; and
- making sure your clients know how you handle personal information in a privacy policy.
If you need help preparing a privacy policy, our experienced contract lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 1300 544 755 or visit our membership page.
Frequently Asked Questions
A beautician business must comply with the Australian Privacy Act if it qualifies as an APP entity. This happens if the business has over $3 million in annual turnover, provides health services, or trades in personal information. Even with less turnover, a business may still be an APP entity if it collects health-related information.
Beautician businesses must adhere to the Australian Privacy Principles (APPs). They should collect personal information only when necessary, obtain consent for sensitive data collection, and inform clients with a Privacy Collection Notice. Businesses must have an accessible privacy policy and use client information primarily as collected. For other uses, they must ensure it is expected or obtain client consent.
We appreciate your feedback – your submission has been successfully received.