Privacy Policy: How to draft the ‘sensitive information clause’?

Updated on March 8, 2017

Reading time: 2 minutes

To ensure that your business complies with the Australian Privacy Principles (contained within the Privacy Act), your business should have an easily accessible Privacy Policy on your website. The Privacy Policy needs to set out how your business will collect personal information, what personal information will be collected, how the personal information will be used and disclosed, and how the personal information will be stored.

It is important to note that sensitive information is a special subset of personal information and, therefore, needs to be dealt with differently.

What is sensitive information and how is it collected?

Sensitive information must not be collected unless the customer consents to the collection of the information and the information is reasonably necessary for one or more of the functions of your business. For clarification on what is regarded as sensitive information, it is advisable that you speak with an online solicitor.

The following all constitute sensitive information:

Racial or ethnic origin, political opinions, religion, trade union or other professional association or memberships, philosophical beliefs, sexual orientation or practices, criminal records;

Health information; or
Biometric information;

Where personal information that is also sensitive information is collected for a particular purpose i.e. the primary purpose, you cannot disclose it for another purpose i.e. a secondary purposes unless:

The customer would reasonably expect you to use or disclose such sensitive information for the secondary purpose; and
The secondary purpose is directly related to the primary purpose.

Under what circumstances can sensitive information be disclosed?

Sensitive information may also be disclosed if:

The disclosure is required under Australian law;
A permitted general situation exists;
A permitted health situation exists; or
You reasonably believe that the use or disclosure of such information is necessary for an enforcement related activity conducted by or on behalf of an enforcement body.

Conclusion

Businesses operating in the medical or disability sector generally collect, use and disclose sensitive information. If your business deals with sensitive information, you need to ensure that the sensitive information is well protected. If you have concerns as to your obligations under the Australian Privacy Principles, you should speak with an experienced contract lawyer as soon as possible.

Webinars

How to Recover Unpaid Invoices

Thursday 13 May | 11:00 - 11:45am

Online

What do you do if your customers don't pay your invoices? Attend this webinar to learn about how to recover unpaid invoices.

Trade Marks 101

Thursday 17 June | 11:00 - 11:45am

Online

Your trade mark is one of the most valuable assets of your business. It is therefore crucial to understand how to protect your trade mark, avoid disputes, and prevent competitors from infringing on your rights.

Thanks!

We appreciate your feedback – your submission has been successfully received.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.