Data is the driving force of every organization. Businesses whether small or large collect data of their customers for different purposes. However, today’s customer is becoming aware of the concerns with data sharing. They understand that data security is important and are always keen to know how and where their personal data could be used by a business. Generally, data retention laws are made for large enterprises however the Privacy Act 1988 defines the responsibilities of small businesses regarding data privacy. But how can one know that their business is covered by the Privacy Act? This blog post contains all the insights.
What is the Privacy Act?
The Privacy Act 1988 normalizes how businesses handle personal information of the customers. According to this act, Personal Information is defined as any data or information about an individual, whether true or not true, whether stored in a material form or not. For example, it could be a customer’s name, address, phone number, signature, email, medical records, date of birth, bank account details, or any opinion of the customer.
4 Objectives of The Privacy Act
- To confine the disclosure of personal records by any business
- To provide the customers with rights to see how a company is maintaining and using their records
- To establish a rule of conduct on how businesses can collect, access and maintain the records
- To authorize individuals to change or amend their personal information stored by any company and raise a complaint if they find that their information is being mishandled
Who complies with the Privacy Act?
- Any small business including the non-profit organizations or self-governing organizations
- Any small business that collects personal information of a visitor or a client
- Businesses having an annual turnover of more than $3 million
How Can you check if your Business Complies with the Privacy Act?
According to the Privacy Act, the following businesses need to comply with it:
- Health Service Providers for physical, mental, emotional and psychological health. These businesses need the personal information of a person to keep their medical records, diagnose their illness or prescribe medication.
- Businesses that trade in personal information that is businesses that collect information of people for a service. For instance, some businesses buy and sell mailing lists. The Privacy Act sets some guidelines that this kind of business needs to follow while collecting and using data.
- Businesses that are related to any other large enterprise. For instance, if a business is a subsidiary of any other enterprise then it has to comply with the Privacy Act.
- Contractor Business that provides service under a Commonwealth Contract that is any business that works on a contract basis with a Commonwealth agency. This does not apply to small businesses working on a contract basis with a state or territory government.
- Businesses that are operating residential occupancy databases
- A recording entity for the purpose of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act)
What Does it Mean if your Business Complies with the Privacy Act?
If your business comes under the categories mentioned above then you must follow the Privacy Act 1988. You will be required to tell people whenever you collect some information from them that how you will be using that information. People must know why you are collecting their personal information.
You will always be required to use the information for the purposes that you mentioned to the customer or any other individual. If you have not taken their consent and you want to use their information for other purposes as well, you should always ensure that you are using the personal information reasonably and the person would not get offended with that usage.
If you are required to pass on the data that you have collected, always make sure that you are passing it on only for the intended purpose. Again, if you want to pass it on for some other reason that you had not mentioned to the individual before, ensure that your reason is sensible and would be accepted by the individual once they came to know about it.
If any individual wants to see what information have you recorded, you have to provide them with the records. The person holds the right to make changes in that information or withdraw that information completely from your records.
It is your responsibility to keep the information stored by you up-to-date and accurate. All these guidelines that small businesses should follow are mentioned under the NPPs (National Privacy Principles) in the Privacy Act 1988. One can check the detailed guidelines from there.
Things to include in your Privacy Plan
So, you know about the Privacy Act now. You know that your business complies with this act. Now, how are you going to ensure that you are actually following the Privacy Act? Here 5 most important things that your Privacy Plan should contain:
- Assign the responsibility for handling the Privacy concerns – if you are not able to hire a separate person for taking care of the privacy issues, you can assign this task to any of your managers or other trustworthy employees. This will ensure that everything is being carried out smoothly.
- Understand the NPPs carefully – Any miss would lead to troubles. Hence you must be aware of the whole act and the principles.
- Check your current process – see how you collect information, maintain records and use the information. On that basis, see where you are facing issues in obliging with the NPPs.
- Have a process for handling the complaints – you need to be prepared for situations when customers would ask questions and raise concerns. Be ready on how you are going to handle them.
- Train your staff – it is not only the business owner who should be concerned about the privacy issues but the whole team. Hence train all your employees regarding the Privacy Act and aware them of the consequences.
Before the clients and customers, a business should be concerned about data privacy. That not only builds a reputation but builds a trustworthy relationship between the clients and the business. It is important for a business to tell people what information is being stored and how that information is going to be used. Send them an email, convey via telephone or send a brochure. Also, do mention your business, its name and contact information clearly to the individual while collecting information.