Principle 1 aims to ensure that all APP entities manage personal information openly and transparently. These entities must take reasonable steps to implement internal practices, processes and procedures so as to comply with the APP. Such entities also need to be able to handle customer enquiries and complaints about their compliance with the APP efficiently.
Principle 1.3 requires all APP entities to have a clearly expressed and up to date policy concerning their management of personal information.
Section 6 of the Act defines an APP entity as either an agency or organisation.
Under the Act, agency refers to government departments and other public bodies or offices including (among others) Ministers, the Australian Federal Police and Federal Courts. It is a concept distinct from marketing or advertising agency.
An organisation under the Act is:
- An individual;
- Body corporate;
- Any other unincorporated association; or
Unless that organisation is a:
- Small business operator;
- Registered political party; or
- An agency or a state or territory authority or a prescribed instrumentality of a state or territory.
Further, a small business operator is an individual, body corporate, partnership, unincorporated association or trust who:
- Carries on one or more small businesses; and
- Does not carry on a business that does not qualify as a small business.
A small business is a business whose annual turnover for the preceding financial year was $3,000,000 or less.
In general, they should tell consumers their privacy rights. This includes how you handle, secure and protect your data as well as how you identify potential risks to that data.
It should detail how your organisation deals with data you no longer require, how individuals can access their data and how your agency handles complaints about data management.
It should also discuss how your organisation manages the quality of its data and its policies when engaging independent contractors to whom you might disclose information.
Your policy should be structured well with the clear use of headings. Use plain language and focus on the likely concerns of your customers. Be specific but don’t hesitate to summarise if necessary.
Above all, ensure that your policy is easy to read and accessible. You could think about linking it electronically to the APP. Also, provide information that will allow a consumer to contact you to ask a question or make a complaint.
Contact LegalVision’s online law specialist lawyers to assist you. Questions? Call us on 1300 544 755.