Recent data retention laws now oblige telecommunications service providers to retain and store a customer’s telecommunications data for two years. Consequently, privacy issues are a high priority for many people.  

Although the data retention laws do not directly affect all small and medium-sized businesses, privacy issues may arise when dealing with customers and employees. The Privacy Act 1988 (Cth) (“the Act”) outlines the obligations a small business may have when it comes to dealing with privacy.

Are You An Australian Privacy Principle Entity?

The Act does not cover all small businesses. “Australian Privacy Principle (APP) Entity” is the term used for businesses that need to comply with the Act. An APP entity refers to businesses that have an upwards annual turnover of $3 million. However, there are a few other exceptions that may put your business into the category of an APP entity. For example, if your business provides health services, you would be considered an APP entity regardless of your annual turnover.

Does Your Business Have Access to Personal Information?

Personal information refers to the details collected to identify a person. Obvious details include a name or address. A business could obtain even more precise details such as a birth date or banking information. If your business does collect personal information, you may be considered an APP entity if you fulfill certain criteria. This criteria includes:

  • your business exchanges personal information to receive an advantage (eg. receipt of money);
  • your business provides health services;
  • your business is part of a larger entity that is considered an APP entity;
  • your business has reporting requirements according to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006;
  • your business runs a residential tenancy database that is accessible by another entity; or
  • your business is a registered employee association (e.g., a union)

How Can my Business Opt In?

If your business is not an APP entity, the Act outlines various ways that you can opt in. Although the Act may not require your business to describe how they deal with the personal information they encounter in their day-to-day running, it is best practice to do so. A Privacy Policy setting out this information not only adds credibility and validity to your business, but also allows your customers to feel comfortable with the information that they provide to you.

What Does it Mean to Comply with the Act?

If you have just discovered that you are an APP entity, or you are a business that wants to comply with the Act, it is important to understand what this means. The Australian Privacy Principles provide an outline of your obligations. This includes being open about the ways you use personal information. It also requires businesses to store information securely and to allow their customers to change or access the stored information.


At LegalVision, our experienced team of online lawyers can help to determine whether your business needs to comply with the Australian Privacy Principles and if so, how to ensure you do not breach any of your legislative obligations. Speak to our team of specialists to discuss privacy in your business.

Kristine Biason
If you would like further information on any of the topics mentioned in this article, please get in touch using the form on this page.
Would you like to get in touch with Kristine about this topic, or ask us any other question? Please fill out the form below to send Kristine a message!