Privacy and your business

Don't get caught out by the new privacy requirements.


New tougher privacy laws mean you need to be a lot more careful about  how your business manages the issue of privacy and personal data.

The revised Privacy Act covers how businesses handle, process and use personal information for direct marketing and how the information is disclosed to other people and businesses overseas. The new act also allows the Privacy Commissioner to hand out penalties of up to $340,000 for individuals or $1.7 million for organisations found to be in breach of the Act.

What does it mean for your business?

Even if you’ve heard of the change in privacy rules, you might not know what it actually means for your business. Here are a few of the requirements of the new rules:

  • If your company has an annual turnover of $3 million or more, you will need to have a privacy policy that is compliant with the new rules.
  • If your business sends personal information overseas you will need to disclose which countries the information is being sent to, this includes the use of cloud computing services.
  • If your business employs direct marketing, you will need to obtain consent from individuals and will need to include mandatory opt-out options for any direct marketing communications you send out, as well as indicating where your business obtained their personal details.

Don’t get caught out

Make sure you review and update your privacy policies, privacy statements, any fine print or other disclosure statements on your website or printed material. Disclosure statements which are out of date can mean your business is non-compliant.

Some of the changes you should make:

  • replacing any references to the “National Privacy Principles” with the new “Australian Privacy Principles”
  • disclosing whether your business is likely to send personal information overseas and if so, which countries you will send it to
  • explain how your business will deal with any privacy related complains and how a member of the public can make a complaint about a breach of the Australian Privacy Principles
  • review the way your business collects, stores and uses personal information
  • review your security systems to ensure any personal information collected is kept safe and isn’t vulnerable to a data breach
  • train your staff so they’re compliant with the new legislative requirements. Contact the Office of the Australian Information Commissioner to access resources and training material.

Visit the Office of the Australian Information Commissioner for more information on the new privacy requirements.