The month of May marks the start of Privacy Awareness Week, a program to promote awareness of privacy rights and responsibilities in the workplace. So how do privacy and the Privacy Act affect your small business?
The Privacy Act
The federal Privacy Act 1988 contains ten National Privacy Principles (NPPs) that apply to parts of the private business sector.
Small business and the Act
Generally, small businesses do not need to comply with the Privacy Act unless they have an annual turnover of more than $3 million.
However, some small businesses with an annual turnover of $3 million or less are required to comply with the Act's privacy principles.
Your small business may need to comply with the Act if it is:
- A health service provider;
- Trading in personal information (e.g. mailing lists);
- Related to a larger business;
- A contractor to Commonwealth agencies;
- A reporting entity for the purpose of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act);
- An operator of a residential tenancy database.
Small businesses covered by the Act will need to review how they handle personal information, including collection, use, disclosure and security.
How to comply with the Act
In practical terms complying with the Privacy Act is likely to mean:
- Telling people you collect personal information and what you will do with it;
- Only using personal information about people in ways that they might expect;
- Not passing personal information on without telling people;
- Giving people the chance to see any information you hold about them if they ask;
- Keeping personal information safe; and
- If people ask, telling them how you handle personal information in your small business.
These obligations are set out in the NPPs.
Personal Information Vs Employee Information
The Privacy Act exempts employment records where information about employees is only used for employment purposes. If employee information is the only personal information held then there are probably no obligations under the Privacy Act.
A small business that does not have to comply with the Act can choose to be bound by the Act.
Breaching the Privacy Act has serious consequences. To check if your small business needs to comply with the Act, check with your lawyer or industry association.