What’s the Difference Between Personal and Sensitive Information?

We are increasingly using technology in our homes, businesses and on our smartphones, generating more information and data than ever before. Business value this data because it helps them better understand their client base. But where does that leave our privacy? Australian privacy laws apply to the collection, storage, and use of personal and sensitive information. 

Why is There a Distinction?

Organisations who collect, store, use and/or disclose personal information have obligations under Australian privacy laws. If a business inappropriately handles sensitive information, the person affected can suffer discrimination, mistreatment, humiliation or embarrassment. Sensitive information then attracts greater protection under privacy laws and businesses that handle this information have more stringent obligations.

What is Personal Information?

Personal information is any information or opinion about an individual or someone who can be reasonably identified. Personal information is any information or opinion about an individual, regardless of whether it is true or not. It does not have to be in written form. Some examples of personal information include an individual’s:

• name,
• address,
• phone number,
• date of birth,
• signature,
• email address, and
• bank account details.

What is Sensitive Information?

Sensitive information is a subset of personal information. It is defined as any information or opinion about an individual’s:

• race or ethnic origin;
• political opinions or membership of a political organisation;
• religious beliefs and affiliations;
• philosophical beliefs;
• membership of a professional association or trade union;
• sexual preferences and orientation;
• criminal record;
• health information;
• genetic information; or
• biometric information or templates.

What About My Employees?

If your business has employees, there are specific examples of information you would collect that are considered personal information including an employee’s:

• engagement, training, and discipline;
• details of termination or resignation;
• terms and conditions of employment;
• personal and emergency contact details;
• performance and conduct;
• hours of employment;
• salary or wages;
• membership of a professional or trade association (which is also sensitive information);
• membership of a trade union (which is also sensitive information);
• leave accrual and use; or
• taxation, banking or superannuation details.

Why is This Important?

It’s important to understand what information you collect and why you collect it. From there you can start to understand your obligations under privacy laws in dealing with and protecting the personal and sensitive information you collect.

***

Do you collect, store, use or disclose personal or sensitive information? Get in touch with our IT lawyers on 1300 544 755 to learn more about your obligations and discuss drafting a privacy policy to ensure compliance with privacy law.