Reading time: 6 minutes

Privacy compliance is something your business should seriously consider. Privacy laws apply to personal information, which is any information or opinion which identifies a person or makes them reasonably identifiable.

Examples of personal information include: 

  • name;
  • address;
  • email;
  • telephone number;
  • photographs of people;
  • preferences; and
  • opinions.

There are many reasons why your business should care about privacy. Whether your business has a legal obligation to comply or not, it is beneficial to take some practical steps to implement good privacy practice. This article will outline why it is important to comply with privacy laws, and how your business can do so.

Why Should You Care About Privacy?

There are two core reasons why should care about ensuring your business has sound privacy practices. These are:

  1. because you have a legal obligation to do so; and 
  2. to establish trust in your business.

A Legal Obligation

Firstly, your business may have a legal obligation to meet privacy requirements. While overseas privacy laws like the General Data Protection Regulation (GDPR) in the European Union are quite well known, Australian privacy laws are less well advertised. 

However, being unaware of your privacy obligations is not a defence for non-compliance. 

Accordingly, it is important that you find out what your business’ obligations are and take practical steps to comply with these obligations.

Trust and Expectation

In this digital age, privacy is increasingly becoming a focus for individuals and businesses around the world. With the recent introduction of prominent overseas privacy laws, such as the GDPR and the California Consumer Privacy Act (CCPA), individuals have received a multitude of communications about changes to privacy and their enhanced privacy rights. With this has come a focus on privacy protections. 

Accordingly, while not all businesses are required to comply with Australian privacy laws, trust is the cornerstone of many business relationships and good privacy management builds trust with customers.

Further, it is an expectation of the public that a business will only use their personal information in ways they would reasonably expect. Customers also expect that businesses secure personal information from:

  • unauthorised access;
  • unauthorised use; or
  • loss.

It is therefore important to meet these expectations to retain the trust of your customers. This is particularly true if your business handles a lot of personal information, such as:

  • if you provide a customer relationship management software solution; or
  • run a recruitment business.

Which Privacy Laws are Relevant?

The Privacy Act

While overseas laws such as the GDPR and CCPA may be relevant for some Australian businesses, this article’s focus is on Australian privacy law. In Australia, the key privacy legislation you should be aware of is the federal Privacy Act.

The Privacy Act will apply to your business if you have an annual turnover of over $3 million. If you have a lower turnover, you may still need to comply due to other requirements, such as if you:

  • provide a health service and hold health information;
  • are a Commonwealth contractor; or
  • trade in personal information.

Within the Privacy Act, there are 13 Australian Privacy Principles (APPs) which set out how your business may:

  • collect;
  • use;
  • disclose; and
  • store personal information.

The APPs also set out access and correction rights for individuals and a requirement for regulated businesses to:

  • have a privacy policy; and
  • include specific details in that policy.

Marketing Laws

Where you send electronic marketing such as email marketing or SMS marketing, you will also need to be aware of the Spam Act. The Spam Act prohibits the sending of commercial electronic messages, unless you:

  • have consent;
  • include your sender details in the message; and
  • provide an unsubscribe facility in the message, which is functional for at least 30 days after the date of sending.

It is important to honour any unsubscribe requests within five working days of such request.

If you also carry out marketing via telephone calls you will need to consider the Do Not Call Register Act.  

Health Privacy Laws

If your business handles health information, you may also have obligations under state and territory based health legislation. Locations that have health record laws which apply to private sector organisations include:

  • New South Wales; 
  • Victoria; and
  • the Australian Capital Territory. 

Surveillance Device Laws

Surveillance device laws are state and territory based laws to be aware of. These apply to activities such as:

  • call recording;
  • data surveillance; and 
  • CCTV.

These laws vary across Australia and need to be carefully considered if you plan to engage in any surveillance. 

For example, a common surveillance activity is recording calls for training purposes. 

6 Practical Tips to Comply With the Privacy Act

As the Privacy Act is the core privacy legislation in Australia, it is useful to take practical steps to comply with this Act, whatever your reason for doing so.

Some practical tips for startups and small businesses to comply with the Privacy Act are:

  1. if you collect personal information, tell the person that you are collecting it and what you are going to do with it. You can do this by developing a privacy policy and making the person aware of the privacy policy when collecting their information;
  2. collect de-identified information where possible. If you need to collect personal information but wish to keep it for longer than strictly necessary, anonymise the information;
  3. only use personal information for the purpose for which it was obtained, or for related reasons the person would reasonably expect. If the information is sensitive information, seek consent to collect, use and disclose the information;
  4. review the third parties you disclose personal information to and confirm that they are reputable businesses and have processes in place to protect the privacy of the information;
  5. keep personal information safe by putting technical security measures in place to secure against digital threats and prepare a plan for responding to data breaches; and
  6. review your privacy procedures from time to time to ensure that you are complying with your legal obligations.

Key Takeaways

Your business’ compliance with privacy laws is crucial in avoiding investigation by privacy regulators and in meeting your customers’ expectations with respect to privacy management. You should ensure you understand whether you have legal obligations under privacy laws and, if so, that you are meeting these. Regardless of whether you have a legal obligation to comply, it is beneficial to take practical steps to implement good privacy practice. If you have any questions about how to implement this sound privacy practice, contact LegalVision’s privacy lawyers on 1300 544 755 or fill out the form on this page.

Webinars

How to Sponsor Professionals For Your Healthcare Organisation

Thursday 24 March | 11:00 - 11:45am

Online
Plug skill shortages in your healthcare organisation by sponsoring professionals from overseas. Learn how in our free webinar.
Register Now

Everything You Need to Know about SaaS Agreements

Thursday 7 April | 11:00 - 11:45am

Online
Understand which contracts will protect your SaaS contract from risk, and how. Register for free today.
Register Now

What to Consider When Buying a Tech or Online Business

Wednesday 13 April | 11:00 - 11:45am

Online
Learn how to get the best deal when buying a tech or online business. Register for our free webinar today.
Register Now

Corporate Governance 101: Responsibilities for New Directors

Wednesday 27 April | 11:00 - 11:45am

Online
If you are a new company director, join our free webinar to understand your legal compliance obligations. Register today.
Register Now

Rogue Directors and Business Divorces: How to Remove a Director

Thursday 28 April | 11:00 - 11:45am

Online
Removing a board director is not simple. Join our free webinar to learn how to handle rogue directors. Register today.
Register Now

Employment Essentials for Tech Businesses

Thursday 5 May | 11:00 - 11:45am

Online
Protect your tech business and your employees by understanding your employment legal obligations. Register for our free webinar today.
Register Now

How to Protect and Enforce Your Trade Mark

Wednesday 11 May | 11:00 - 11:45am

Online
Protect your business’ brand from copycats and competitors. Register for this free webinar to learn how.
Register Now

How Franchisors Can Avoid Misleading and Deceptive Conduct

Wednesday 18 May | 11:00 - 11:45am

Online
Ensure your franchise is not accused of misleading and deceptive conduct. Register for our free webinar today.
Register Now

How to Expand Your Business Into a Franchise

Thursday 26 May | 11:00 - 11:45am

Online
Drive rapid growth in your business by turning it into a franchise. To learn how, join our free webinar. Register today.
Register Now

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year - Australasian Law Awards
  • 2019 Most Innovative Firm - Australasian Lawyer