As with all questions relating to the Privacy Act 1988 (Cth), a business’ obligations relating to privacy and the collection of information will depend on whether the organisation would be considered an Australian Privacy Principles (APPs) Entity. Although many small businesses do not fall into this category, many businesses do decide to opt in. If your business has a mobile app for your customers, or if your business provides app development services, this article will outline a few privacy pointers.
Understand the Privacy Life Cycle
The first step to understanding your privacy obligations when developing your app is determining what personal information will be collected and at what point this will impact a person who is using the app. The life cycle of personal information often takes the form of collection, use, disclosure, access and storage or disposal.
Match Your Life Cycle with the Australian Privacy Principles
Once you are aware of how the app will deal with personal information, you will need to know that once you collect it, you will have legal obligations under the Act to protect an individual’s privacy. A way to ensure you meet these requirements is by taking steps to ensure you thoroughly understand the APPs and factor it into the features and functions of the app.
Disclosure Is Key
The way you deal with personal information at each point of the life cycle may simply vary depending on how your app works or how your app business model operates. For example, if your app has to advertise, you may be providing personal information to external advertisers. No matter what your business model, above all, disclosure is essential. There are some reasons why disclosure is beneficial, including the ability to gain trust and loyalty from consumers.
Make it Visible
- collection of personal information, including storage;
- use of the personal information either by your business or any external parties;
- the disclosure of information either in Australia or overseas;
- how users can make complaints or access their personal information.