Many business transactions rely on the use of customers’ personal information. How this information is collected, used, stored and disclosed is regulated by the Federal Privacy Act.
Are you aware that your business is bound by the Privacy Act and that you have obligations with regard to each of the ten National Privacy Principles?
Do you and your employees know what your obligations are with regard to these principles? If you don’t know, or you’re not sure, then you should undertake privacy compliance training at the earliest opportunity.
In the meantime, here’s a brief summary of the ten National Privacy Principles:
Principle 1: Collection
When collecting personal information from individuals, you must inform them that it is being collected, why it is being collected, who that information might be passed on to, and that they have the right to ask what information you have about them.
Principle 2: Use and Disclosure
You must not collect personal information unless it is required for your business activities and you must not use it for any other purpose than that which it was collected for.
Principle 3: Data Quality
You must ensure the information you collect is accurate, complete and current.
Principle 4: Data Security
You must ensure the information is protected from loss, misuse and unauthorised disclosure.
Principle 5: Openness
You must have a company policy on your information handling procedures, which is available for public scrutiny.
Principle 6: Access and Correction
An individual can request access to their personal information which must be provided if requested.
Principle 7: Identifiers
You must not use or disclose an identifier (personal identity information such as a tax file number, Medicare number etc) assigned by a Commonwealth government agency.
Principle 8: Anonymity
You must allow individuals to interact anonymously if they wish to do so, provided it is legal and practical.
Principle 9: Transborder Data Flows
You can only transfer personal information outside Australia if you know the country you are sending it to has appropriate privacy protection laws.
Principle 10: Sensitive Information
You must not collect sensitive information (i.e. state of health, political persuasion, sexual preference etc) without an individual’s consent (unless a public interest exception applies).
The Office of the Australian Information Commissioner (OAIC) administers the Privacy Act, and offers this advice to businesses wanting to safeguard people’s privacy:
- Only collect necessary information.
- Tell people what you are going to do with their information and give them access to it if they request it…
- Store personal information securely and keep it accurate and up to date
- Consider making someone in your organisation responsible for privacy.
The penalties for non-compliance with privacy legislation range from significant fines to imprisonment. Your business could also suffer loss of reputation and damage to your brand.
Customising your business requirements to a suitable learning management system is the best way of educating your employees about their obligations under the Privacy Act and making sure your business is protected against a breach of the Privacy Principles.