What’s the Difference Between Personal and Sensitive Information?

< Back to Regulatory and Compliance
July 26, 2017

We are increasingly using technology in our homes, businesses and on our smartphones, generating more information and data than ever before. Business value this data because it helps them better understand their client base. But where does that leave our privacy? Australian privacy laws apply to the collection, storage, and use of personal and sensitive information. 

Why is There a Distinction?

Organisations who collect, store, use and/or disclose personal information have obligations under Australian privacy laws. If a business inappropriately handles sensitive information, the person affected can suffer discrimination, mistreatment, humiliation or embarrassment. Sensitive information then attracts greater protection under privacy laws and businesses that handle this information have more stringent obligations.

What is Personal Information?

Personal information is any information or opinion about an individual or someone who can be reasonably identified. Personal information is any information or opinion about an individual, regardless of whether it is true or not. It does not have to be in written form. Some examples of personal information include an individual’s:

  • name,
  • address,
  • phone number,
  • date of birth,
  • signature,
  • email address, and
  • bank account details.

What is Sensitive Information?

Sensitive information is a subset of personal information. It is defined as any information or opinion about an individual’s:

  • race or ethnic origin;
  • political opinions or membership of a political organisation;
  • religious beliefs and affiliations;
  • philosophical beliefs;
  • membership of a professional association or trade union;
  • sexual preferences and orientation;
  • criminal record;
  • health information;
  • genetic information; or
  • biometric information or templates.

What About My Employees?

If your business has employees, there are specific examples of information you would collect that are considered personal information including an employee’s:

  • engagement, training, and discipline;
  • details of termination or resignation;
  • terms and conditions of employment;
  • personal and emergency contact details;
  • performance and conduct;
  • hours of employment;
  • salary or wages;
  • membership of a professional or trade association (which is also sensitive information);
  • membership of a trade union (which is also sensitive information);
  • leave accrual and use; or
  • taxation, banking or superannuation details.

Why is This Important?

It’s important to understand what information you collect and why you collect it. From there you can start to understand your obligations under privacy laws in dealing with and protecting the personal and sensitive information you collect.

***

Do you collect, store, use or disclose personal or sensitive information? Get in touch with our IT lawyers on 1300 544 755 to learn more about your obligations and discuss drafting a privacy policy to ensure compliance with privacy law. 

Christopher Lichtenberg

About Christopher Lichtenberg

(Read all articles by Christopher)
Chris is a commercial lawyer. After graduating from a Bachelor of Laws/Bachelor of Arts (Italian) from the University of Wollongong, he worked as a graduate at Oracle. He has an interest in IT law, particularly with the regulations surrounding cloud computing services. In his spare time, Chris also volunteers with the Australian National Dance Association.
If you would like further information on any of the topics mentioned in this article, please get in touch using the form on this page.
Would you like to get in touch with Christopher about this topic, or ask us any other question? Please fill out the form below to send Christopher a message!

Tags