Privacy Policy: How do I draft the ‘sensitive information’ clause?

< Back to Commercial Contracts
October 27, 2014 (Updated on March 8, 2017)

To ensure that your business complies with the Australian Privacy Principles (contained within the Privacy Act), your business should have an easily accessible Privacy Policy on your website. The Privacy Policy needs to set out how your business will collect personal information, what personal information will be collected, how the personal information will be used and disclosed, and how the personal information will be stored.

It is important to note that sensitive information is a special subset of personal information and, therefore, needs to be dealt with differently.

What is sensitive information and how is it collected?

Sensitive information must not be collected unless the customer consents to the collection of the information and the information is reasonably necessary for one or more of the functions of your business. For clarification on what is regarded as sensitive information, it is advisable that you speak with an online solicitor.

The following all constitute sensitive information:

  • Racial or ethnic origin, political opinions, religion, trade union or other professional association or memberships, philosophical beliefs, sexual orientation or practices, criminal records;
  • Health information; or
  • Biometric information;

Where personal information that is also sensitive information is collected for a particular purpose i.e. the primary purpose, you cannot disclose it for another purpose i.e. a secondary purposes unless:

  • The customer would reasonably expect you to use or disclose such sensitive information for the secondary purpose; and
  • The secondary purpose is directly related to the primary purpose.

Under what circumstances can sensitive information be disclosed?

Sensitive information may also be disclosed if:

  • The disclosure is required under Australian law;
  • A permitted general situation exists;
  • A permitted health situation exists; or
  • You reasonably believe that the use or disclosure of such information is necessary for an enforcement related activity conducted by or on behalf of an enforcement body.

Conclusion

Businesses operating in the medical or disability sector generally collect, use and disclose sensitive information. If your business deals with sensitive information, you need to ensure that the sensitive information is well protected. If you have concerns as to your obligations under the Australian Privacy Principles, you should speak with an experienced contract lawyer as soon as possible.

If you would like further information on any of the topics mentioned in this article, please get in touch using the form on this page.
Would you like to get in touch with Priscilla about this topic, or ask us any other question? Please fill out the form below to send Priscilla a message!

Read other articles by Priscilla

Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at info@legalvision.com.au

View Privacy Policy