Information is everywhere and the collection of data is becoming increasingly easier. Even if your business unintentionally collects information with no plans to use or deal with it in any way, it is important to understand your obligations once the information does come your way. Sure, you’ve read your way through the Australian Privacy Principles, and theoretically you understand what you have to do. But how can you proactively ensure that your business complies with the Privacy Act 1988 (Cth)?

Ensure you have a Privacy Policy

A Privacy Policy is a standard document for a business that receives or handles personal information. A Privacy Policy can address the key Australian Privacy Principles to ensure customers understand what information you are collecting from them, but also what you plan to do with that information. Businesses commonly use this document for dealings with the public and it can help develop trust amongst your customer base. Businesses operating online or providing health or recruitment services will generally require a Privacy Policy.

Develop a Privacy Manual

A privacy policy is of limited use if your employees do not understand its purpose or enforcement. A Privacy Manual should outline to people in your organisation how you will collect, use, store and handle personal information. You can introduce a privacy manual into your business through formal training processes. Sometimes businesses appoint a privacy officer who can answer employee questions or take enquiries from the public when it comes to privacy compliance. You will be more inclined to successfully manage privacy if you take steps to ensure that your employees understand your policy.

Establish some barriers

There are some practical methods to ensure compliance with the Australian Privacy Principles. This can range from limiting access to personal information to those who need it to perform their everyday tasks. This can also include the proper disposal of personal information if you have no plans to use it. By ensuring you have properly destroyed personal information, you lessen the likelihood of external third parties of gaining access to this information.

Inform Your Customers

Customers may be releasing their information through various means. Although it is often quite easy or straightforward to collect personal information, you do need to consider your obligations. Use active methods to ensure that your customers remain informed about your Privacy Policy. This could be through a link or pop-up on your website. If customers can create an account on your website, you may want to show clearly which personal information is optional.

Conclusion

Whatever your business does, it is likely that you will have a level of access to your customers’ personal information. By keeping the above pointers in mind, you will be more equipped at addressing privacy issues in your organisation. If you are unsure of your privacy obligations or what your organisation needs to do to comply with the Privacy Act, speak to LegalVision’s experienced team of online lawyers

Kristine Biason

Ask Kristine a Question

If you would like further information on any of the topics mentioned in this article, please get in touch using the form on this page.