Why is Privacy Important to my Business?
Privacy laws are now considered an important part of doing business. Whether your business operations are solely online or have a physical presence, privacy laws will most likely have some bearing on your day-to-day business operations. This may just be a simple obligation to ensure that you have collected the consent of individuals to the collection of personal information, or it may be more serious such as restricting the processing of sensitive data. Regardless of how privacy laws may impact your business, it is important to understand why privacy laws exist and the types of information that they seek to protect.
Protection of Personal Information
The Privacy Act 1988 (Cth) (the ‘Privacy Act’) is the main privacy law which regulates the handling of personal information about individuals. Under the Privacy Act, ‘Personal Information’ is defined as “information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
Importantly, this includes information that does not readily identify an individual by itself. For example, a physical address may not by itself be able to identify an individual, but it could be used in a database, which could ultimately identify an individual living at that address.
Identifying what personal information your business might be collecting and processing is an important first step in defining your business’s privacy obligations.
Does my Business need to comply with the Privacy Act?
If you are a small business with less than $3 million annual turnover, then the Privacy Act may not apply to you, unless your business is in a special category. Further, the Privacy Act can apply to small businesses that are a subsidiary of a larger company. Nevertheless, small business can elect to be bound by the obligations contained in the Privacy Act. Apart from the Privacy Act, all businesses (including those not affected by the Privacy Act) should consider whether the EU General Data Protection Regulation (‘GDPR’) applies to their business activities.
Why Privacy is important to Businesses
Regardless of whether the Privacy Act applies to your business, privacy laws are an important tool to measure your current privacy procedures. The Privacy Act contains 13 principles, known as the Australian Privacy Principles (‘APP’s’) that offer guidance as to how personal information should be treated and protected. The APP’s are listed as follows:
- open and transparent management of personal information;
- anonymity and pseudonymity;
- collection of solicited personal information;
- dealing with unsolicited personal information;
- notification of the collection of personal information;
- use or disclosure of personal information;
- direct marketing;
- cross-border disclosure of personal information;
- adoption, use or disclosure of government related identifiers;
- quality of personal information;
- security of personal information;
- access to personal information;
- correction of personal information.
The principles listed above can be found under Schedule 1 of the Privacy Act, though, they may not apply equally to all types of businesses. Nevertheless, they provide a useful and assessable instrument to determine whether your business’s privacy efforts are compliant with the Privacy Act.
Businesses should implement a ‘privacy by design’ approach to compliance with the Privacy Act:
- Determine how and to what extent the APP’s apply to your business activities;
- Ensure that transparent privacy practices are a fundamental aspect of your company culture.
For more information about special categories of businesses that the Privacy Act applies to, visit the OAIC website here: https://www.oaic.gov.au/agencies-and-organisations/faqs-for-agencies-orgs/businesses/small-business
For more information about the GDPR see our recent article here: https://w3iplaw.com/eu-general-data-protection-regulations/
Sam Gilbert, IP and Technology Consultant, B.A., LL.B University of Technology, Sydney
If you would like to know more about this article or about how the Privacy Act applies to your business, please do not hesitate to get in contact with the team at W3IP Law on 1300 776 614 or 0451 951 528.
Disclaimer. The material in this post represents general information only and should not be taken to be legal advice.