Privacy compliance is something your business should seriously consider. Privacy laws apply to personal information, which is any information or opinion which identifies a person or makes them reasonably identifiable.

Examples of personal information include: 

  • name;
  • address;
  • email;
  • telephone number;
  • photographs of people;
  • preferences; and
  • opinions.

There are many reasons why your business should care about privacy. Whether your business has a legal obligation to comply or not, it is beneficial to take some practical steps to implement good privacy practice. This article will outline why it is important to comply with privacy laws, and how your business can do so.

Why Should You Care About Privacy?

There are two core reasons why should care about ensuring your business has sound privacy practices. These are:

  1. because you have a legal obligation to do so; and 
  2. to establish trust in your business.

A Legal Obligation

Firstly, your business may have a legal obligation to meet privacy requirements. While overseas privacy laws like the General Data Protection Regulation (GDPR) in the European Union are quite well known, Australian privacy laws are less well advertised. 

However, being unaware of your privacy obligations is not a defence for non-compliance. 

Accordingly, it is important that you find out what your business’ obligations are and take practical steps to comply with these obligations.

Trust and Expectation

In this digital age, privacy is increasingly becoming a focus for individuals and businesses around the world. With the recent introduction of prominent overseas privacy laws, such as the GDPR and the California Consumer Privacy Act (CCPA), individuals have received a multitude of communications about changes to privacy and their enhanced privacy rights. With this has come a focus on privacy protections. 

Accordingly, while not all businesses are required to comply with Australian privacy laws, trust is the cornerstone of many business relationships and good privacy management builds trust with customers.

Further, it is an expectation of the public that a business will only use their personal information in ways they would reasonably expect. Customers also expect that businesses secure personal information from:

  • unauthorised access;
  • unauthorised use; or
  • loss.

It is therefore important to meet these expectations to retain the trust of your customers. This is particularly true if your business handles a lot of personal information, such as:

  • if you provide a customer relationship management software solution; or
  • run a recruitment business.

Which Privacy Laws are Relevant?

The Privacy Act

While overseas laws such as the GDPR and CCPA may be relevant for some Australian businesses, this article’s focus is on Australian privacy law. In Australia, the key privacy legislation you should be aware of is the federal Privacy Act.

The Privacy Act will apply to your business if you have an annual turnover of over $3 million. If you have a lower turnover, you may still need to comply due to other requirements, such as if you:

  • provide a health service and hold health information;
  • are a Commonwealth contractor; or
  • trade in personal information.

Within the Privacy Act, there are 13 Australian Privacy Principles (APPs) which set out how your business may:

  • collect;
  • use;
  • disclose; and
  • store personal information.

The APPs also set out access and correction rights for individuals and a requirement for regulated businesses to:

  • have a privacy policy; and
  • include specific details in that policy.

Marketing Laws

Where you send electronic marketing such as email marketing or SMS marketing, you will also need to be aware of the Spam Act. The Spam Act prohibits the sending of commercial electronic messages, unless you:

  • have consent;
  • include your sender details in the message; and
  • provide an unsubscribe facility in the message, which is functional for at least 30 days after the date of sending.

It is important to honour any unsubscribe requests within five working days of such request.

If you also carry out marketing via telephone calls you will need to consider the Do Not Call Register Act.  

Health Privacy Laws

If your business handles health information, you may also have obligations under state and territory based health legislation. Locations that have health record laws which apply to private sector organisations include:

  • New South Wales; 
  • Victoria; and
  • the Australian Capital Territory. 

Surveillance Device Laws

Surveillance device laws are state and territory based laws to be aware of. These apply to activities such as:

  • call recording;
  • data surveillance; and 
  • CCTV.

These laws vary across Australia and need to be carefully considered if you plan to engage in any surveillance. 

For example, a common surveillance activity is recording calls for training purposes. 

6 Practical Tips to Comply With the Privacy Act

As the Privacy Act is the core privacy legislation in Australia, it is useful to take practical steps to comply with this Act, whatever your reason for doing so.

Some practical tips for startups and small businesses to comply with the Privacy Act are:

  1. if you collect personal information, tell the person that you are collecting it and what you are going to do with it. You can do this by developing a privacy policy and making the person aware of the privacy policy when collecting their information;
  2. collect de-identified information where possible. If you need to collect personal information but wish to keep it for longer than strictly necessary, anonymise the information;
  3. only use personal information for the purpose for which it was obtained, or for related reasons the person would reasonably expect. If the information is sensitive information, seek consent to collect, use and disclose the information;
  4. review the third parties you disclose personal information to and confirm that they are reputable businesses and have processes in place to protect the privacy of the information;
  5. keep personal information safe by putting technical security measures in place to secure against digital threats and prepare a plan for responding to data breaches; and
  6. review your privacy procedures from time to time to ensure that you are complying with your legal obligations.

Key Takeaway

Your business’ compliance with privacy laws is crucial in avoiding investigation by privacy regulators and in meeting your customers’ expectations with respect to privacy management. You should ensure you understand whether you have legal obligations under privacy laws and, if so, that you are meeting these. Regardless of whether you have a legal obligation to comply, it is beneficial to take practical steps to implement good privacy practice. If you have any questions about how to implement this sound privacy practice, contact LegalVision’s privacy lawyers on 1300 544 755 or fill out the form on this page.

COVID-19 Business Survey
LegalVision is conducting a survey on the impact of COVID-19 for businesses across Australia. The survey takes 2 minutes to complete and all responses are anonymous. We would appreciate your input. Take the survey now.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. For just $199 per month, membership unlocks unlimited lawyer consultations, faster turnaround times, free legal templates and members-only discounts.

Learn more about LVConnect

Jacqueline Gibson
Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.
Our Awards
  • 2019 Top 25 Startups - LinkedIn 2019 Top 25 Startups - LinkedIn
  • 2019 NewLaw Firm of the Year - Australian Law Awards 2019 NewLaw Firm of the Year - Australian Law Awards
  • 2020 Fastest Growing Law Firm - Financial Times APAC 500 2020 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review 2020 AFR Fast 100 List - Australian Financial Review
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards
  • Most Innovative Law Firm - 2019 Australasian Lawyer 2019 Most Innovative Firm - Australasian Lawyer
Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at info@legalvision.com.au

View Privacy Policy