Privacy Policy: How do I draft the ‘sensitive information’ clause?
To ensure that your business complies with the Australian Privacy Principles (contained within the Privacy Act), your business should have an easily accessible Privacy Policy on your website. The Privacy Policy needs to set out how your business will collect personal information, what personal information will be collected, how the personal information will be used and disclosed, and how the personal information will be stored.
It is important to note that sensitive information is a special subset of personal information and, therefore, needs to be dealt with differently.
What is sensitive information and how is it collected?
Sensitive information must not be collected unless the customer consents to the collection of the information and the information is reasonably necessary for one or more of the functions of your business. For clarification on what is regarded as sensitive information, it is advisable that you speak with an online solicitor.
The following all constitute sensitive information:
- Racial or ethnic origin, political opinions, religion, trade union or other professional association or memberships, philosophical beliefs, sexual orientation or practices, criminal records;
- Health information; or
- Biometric information;
Where personal information that is also sensitive information is collected for a particular purpose i.e. the primary purpose, you cannot disclose it for another purpose i.e. a secondary purposes unless:
- The customer would reasonably expect you to use or disclose such sensitive information for the secondary purpose; and
- The secondary purpose is directly related to the primary purpose.
Under what circumstances can sensitive information be disclosed?
Sensitive information may also be disclosed if:
- The disclosure is required under Australian law;
- A permitted general situation exists;
- A permitted health situation exists; or
- You reasonably believe that the use or disclosure of such information is necessary for an enforcement related activity conducted by or on behalf of an enforcement body.
Conclusion
Businesses operating in the medical or disability sector generally collect, use and disclose sensitive information. If your business deals with sensitive information, you need to ensure that the sensitive information is well protected. If you have concerns as to your obligations under the Australian Privacy Principles, you should speak with an experienced contract lawyer as soon as possible.
Negative Online Reviews: What are the Legal Options?
Wednesday 22 September | 11:00 - 11:45am
Online
Australia’s Global Talent Visa: How to Attract Top Talent
Thursday 7 October | 11:00 - 11:45am
Online
5 Essential Contracts for your Online Business
Thursday 14 October | 11:00 - 11:45am
Online
Was this article helpful?
Thanks!
We appreciate your feedback – your submission has been successfully received.
About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.
The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.
If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.
