Privacy Law and Obligations for Businesses in Australia
The handling of personal information is an important issue for both large and small businesses in Australia. In today’s environment, organisations and individuals are continually dealing with new technology which brings with it high volumes of personal and confidential information, which increasingly exposes them to various potential privacy breaches. In Australia, privacy laws are contained in a variety of Commonwealth, State and Territory Acts. It is important that any organisation involved in dealing with client information to be aware of their legal obligations.
Federal Law
In Australia, the Privacy Act 1988 (Cth) is the primary federal statute that regulates a majority of private sector organisations and businesses. The Privacy Law establishes national standards through the National Privacy Principles (NPP’s) in relation to the “collection, use, disclosure, security and access” to personal information. The Act applies to the Australian Government, Australian Capital Territories agencies and private sector organisations (except for some small businesses). The privacy act establishes special rules relating to:
- The use and disclosure of credit information by credit providers and credit reporting agencies
- The collection and use of tax file numbers
- The collection of sensitive information, including information about health, race, sexual preferences, criminal record, and religion or political affiliation, and
- Sending personal information outside Australia.
State Law
Some state and territories have created privacy legislation which applies to their own government agencies and private sector organisations. Various industry sectors have additional obligations under industry codes and common law duties – particularly the health sector, telecommunications, and financial services. As such, it is important for you to ensure your business procedures are not in breach of basic requirements established under state laws, and any additional requirements that may apply to your industry.
Privacy Laws for Small Business
The privacy act does not apply to a majority of small businesses that have an annual turnover of $3 million ($AUD) or less. However the Commonwealth Government has introduced privacy legislation which contains various exceptions to this rule. This includes if the business is related to another business (its holding company or any subsidiary company) that has an annual turnover of greater than $3 million, or if your business provides services that holds certain confidential client information. If you are a small business, it is important to seek professional advice to see whether your business comes within the scope of the Privacy Act.
Privacy Laws for Individuals
The Privacy Act does not cover the “collection, use and disclosure” of personal information by an individual unless it is done in the course of running a business. The Privacy Act does not apply to personal information that individuals collect, hold, use or disclose for the purposes of their personal, family or household affairs. The activities of individuals operating a business in their own names may be subject to the Privacy Act unless the business is a small business operator or one of the other exemptions applies.
Application to Acts and Practices Overseas
Where an Australian organisation deals with personal and/or sensitive information about Australians, the Privacy Act will apply to information held both within Australia and overseas. Where Australian organisations send personal information about Australians to foreign organisations, they will also have to ensure that the foreign organisation complies with the Privacy Laws.
What Can We Do?
In is important to seek professional legal advice about privacy laws to ensure you avoid breaching these legal requirements. Contact us to organise a consultation. Our dedicated legal team will deal with your problem in a sympathetic, time efficient and cost effective manner. Send an online enquiry or call us on +61 2 9223 9166.