Principle 1 seeks to safeguard the open and transparent use of data. APP entities need to take all reasonable steps to implement internal practices such that an organisation complies with the APP and can deal with customer complaints and questions about their compliance with them.
Under the Act, an APP entity is either an agency or organisation.
An agency is a government department or other public position including (among others) ministers, the Australian Federal Police and federal courts.
The Act defines an organisation as:
- An individual;
- Body corporate;
- Any other unincorporated association; or
Unless that organisation is a:
- Small business operator;
- Registered political party;
- A state or territory authority, agency, or a prescribed instrumentality of a state or territory.
A small business operator is an individual, body corporate, partnership, unincorporated association or trust who carries on one or more small businesses with an annual turnover of $3,000,000 or less in the preceding financial year.
What Should Your Policy Say?
Let people know that they can access their data and how to do so. Also, outline your procedures for handling questions and complaints about the handling of personal information.
You might also discuss how you safeguard the quality of your information and your systems vis-à-vis independent contractors who may have access to data.
When you draft your policy, concentrate on the structure as well as the content. Headings can help orient customers. Simple language is best because your policy is then easy to read and understand. If you need to summarise, do so unless it affects the quality of your policy.
Providing a link to the APP (if applicable) is an excellent idea as is giving clear contact details if customers wish to make an inquiry or complaint.
However, think carefully about obtaining professional legal assistance to draft your policy. While it may involve cost, it will ensure that it meets any and all of your legal obligations. You can focus on your work in the community.
If you have any questions concerning policy policies or need help to draft one, contact LegalVision’s qualified lawyers to assist you. Call us on 1300 544 755.