What’s the Difference Between Personal and Sensitive Information?

Technology plays an increasingly important role in our homes, businesses and personal devices. As a result, we are generating more personal data than ever before. As a business owner, you may value this data because it can allow you to better understand your client base. It can also be essential information to collect from your employees. However, strict laws apply to the collection, storage, and use of personal and sensitive information. If you collect data from your employees, it is important to understand exactly what type of information your business deals with. Understanding the difference between personal and sensitive information allows you to understand what your obligations are under Australian privacy laws. This article will explain the difference between personal and sensitive information.

Why is There a Distinction Between Personal and Sensitive Information?

Any organisation that collects, stores, uses or discloses personal and sensitive information has certain obligations under Australian privacy laws. However, these obligations are stricter in relation to sensitive information. This is because of how serious the effect of disclosing sensitive information may be on a person’s life. The nature of sensitive information means that if a business inappropriately handles that information, the person affected might suffer:

• discrimination;
• mistreatment;
• humiliation; or
• embarrassment.

Because of this, sensitive information attracts greater protection under privacy laws than personal information. Businesses that handle this type of information should be very careful.

What is Personal Information?

Personal information is a very broad term. Generally, it refers to any information or opinion about:

• a particular individual; or
• a person who could be easily identified. 

Even if this information or opinion is untrue or inaccurate, it may still be considered personal information under the law. The information also does not need to be in written form. Some examples of personal information include an individual’s:

• name;
• address;
• phone number;
• date of birth;
• signature;
• email address; and
• bank account details.

What is Sensitive Information?

Sensitive information is a type of personal information. Unlike some personal information, however, sensitive information may result in discrimination or harm if it is mishandled. For example, sensitive information includes any information or opinion about an individual’s:

• race or ethnic origin;
• political opinions or membership of a political organisation;
• religious beliefs and affiliations;
• philosophical beliefs;
• membership of a professional association or trade union;
• sexual preferences and orientation;
• criminal record;
• health information;
• genetic information; or
• biometric information.

What Personal Information Do I Have About My Employees?

If your business has employees, you are likely to possess specific pieces of information that are considered personal information. For example, your business may possess details about an employee’s:

• terms and conditions of employment;
• personal and emergency contact details;
• performance and conduct assessments;
• hours of employment;
• salary or wages;
• membership of a professional or trade association (which is also sensitive information);
• membership of a trade union (which is also sensitive information);
• leave accrual and use; or
• taxation, banking or superannuation details.

Once you have identified what personal information you currently have about your employees, you should ensure that you protect and organise this information correctly and securely.

Key Takeaways

It is important to understand what type of information your business collects and why your business collects it. Once you have a clear understanding of the information you are dealing with, you can review your obligations under Australian privacy laws relating how you store and protect the personal and sensitive information you collect. If you have any questions about how your business collects or uses employees’ information, contact LegalVision’s IT lawyers on 1300 544 755 or fill out the form on this page.