Skip to content

Data Protection and Privacy Laws for Your Charity

Understanding data protection and privacy laws is crucial for board members of a charity. Knowing these rules and safeguarding personal information benefits you, as it builds trust with the community and regulators. When your charity can show that it prioritises compliance, this is likely to inspire support from donors and volunteers. In particular, a charity should be compliant in its collection and use of information. This article explores the key issues of data protection and privacy laws in your charity.

What Does Data Privacy Cover?

Data privacy involves protecting individuals from unwarranted intrusions on their autonomy. For you, as a charity owner, privacy is an essential consideration because of the personal information you hold about your:

  • clients;
  • donors; 
  • members; and 
  • staff. 

For example, charities often collect information for promotional purposes, such as:

  • names, 
  • signatures, 
  • contact details, 
  • financial details from members and donors and 
  • photographs to document events.

Sharing this information without consent could lead to legal consequences, as you are obligated to safeguard personal data.

In the Privacy Act 1988 (Cth), “personal information” refers to data or opinions about an identifiable or reasonably identifiable individual. This includes “sensitive information”, such as details about an individual’s health or ethnicity.

Which Charities Are Included?

In general, the Privacy Act applies to your charity if its annual turnover exceeds $3 million. Annual turnover includes income from all sources, excluding: 

  • assets held;
  • capital gains; or
  • proceeds of capital sales.

Charities will also need to adhere to privacy laws if they are:

  • a contracted service provider for an Australian Government contract;
  • providing health services (even if it is not their primary activity); or
  • trading personal information for benefits
  • related to a larger corporation that is subject to privacy law.

A charity can opt into the Australian Privacy Principles (APPs) in the Privacy Act as a show of good faith and to improve its reputation.

Continue reading this article below the form
Loading form

What Are Your Responsibilities?

A charity is responsible for taking reasonable steps to protect personal information. While there are 13 APPs, six of these are worth noting:

  • Your organisation must have a privacy policy and take reasonable steps to deal with personal information in an open and transparent way (APP 1)
  • You must only collect personal information that is reasonably necessary for the charity’s activities (APP 3)
  • You must not disclose personal information except with individual consent (APP6). There are exceptions, such as when another law authorises disclosure.
  • You must protect personal information with reasonable security safeguards against loss or misuse (APP 11)
  • Ensure personal information is up-to-date (APP 10) and allow individuals to correct their personal information (APP 13)

In case of a significant data breach that could cause harm, you must report it to the affected parties and the Office of the Australian Information Commissioner.

To lower your risk of breaching data protection laws, you can take practical steps. These steps are not necessarily costly to put into practice.

The first step is simple: always get consent before collecting or using personal information. When it comes to sensitive data, individuals should expressly and clearly give consent. To reduce risk, it is  important that:

  • people are well-informed before giving consent;
  • consent is given willingly; and
  • individuals have the ability to understand and communicate their consent.

Moreover, the consent you receive should be current and specific, not outdated and unclear. For instance, if there’s an ongoing agreement for using personal data, make sure to renew it at reasonable intervals.

Imagine that you work at a charity and someone from the media contacts you to enquire about a celebrity member of your organisation. Should you share personal information? No, because that would violate purpose and disclosure restrictions. You should only use information for its intended purpose unless there is a valid exception. Sharing information with the media breaches privacy.

Another crucial step is to conduct regular staff training on data protection and privacy responsibilities. This training will help your team apply these practices in their daily work. For best results, consider using videos, modules, and quizzes to reinforce their understanding.

Thirdly, it is essential to have a privacy management and data breach response plan in place. Developing such a plan is often most effective when done with the guidance of a legal professional.

Breach Consequences

When you breach data protection and privacy obligations, it can have significant consequences, both for individuals and entities. Apart from legal consequences, the adverse impact can lead to a substantial loss of income. 

If you breach privacy laws, a court could make you pay civil penalties. The Australian Information Commissioner has the authority to request the Federal Court or Federal Circuit Court to order your company to pay fines to the Australian Government if you are found guilty of breaking penalty provisions. The penalties for serious or repeated privacy breaches are substantial and could amount to millions of dollars, depending on the situation.

Front page of publication
2024 Key Data and Privacy Developments

The Australian Government is changing the law to protect consumer privacy after a series of high-profile data breaches and to bring the law into line with the safer and more protective laws in other regions. This fact sheet outlines what is expected in 2024.

Download Now

Key Takeaways

In a non-profit charitable setting, compliance with data protection laws is essential to maintain trust. An ethical approach involves ensuring that you use personal information for the purpose for which you collect it and that information is adequately secured. You should train your staff to respect privacy in their everyday activities. Remember, data integrity is a commitment to the well-being of those you serve.

If you have any questions about data protection and privacy laws, our experienced charity lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 1300 544 755 or visit our membership page.

Register for our free webinars

ACCC Merger Reforms: Key Takeaways for Executives and Legal Counsel

Online
Understand how the ACCC’s merger reforms impact your legal strategy. Register for our free webinar.
Register Now

Ask an Employment Lawyer: Contracts, Performance and Navigating Dismissals

Online
Ask an employment lawyer your contract, performance and dismissal questions in our free webinar. Register today.
Register Now

Stop Chasing Unpaid Invoices: Payment Terms That Actually Work

Online
Stop chasing late payments with stronger terms and protections. Register for our free webinar.
Register Now

Managing Psychosocial Risks: Employer and Legal Counsel Responsibilities

Online
Protect your business by managing workplace psychosocial risks. Register for our free webinar.
Register Now
See more webinars >
Sukrit Sabhlok

Sukrit Sabhlok

Read all articles by Sukrit

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2025 Employer of Choice - Australasian Lawyer

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2022 Law Firm of the Year - Australasian Law Awards