With the advancement of the digital age, many of us are conducting our personal affairs online. Things such as online shopping, social networking, official functions, job hunting have become part of our everyday life where we often need to provide our personal information.
- Date of birth
- Contact number
- Location data
- Social insurance number
- Payment details
- It is required by law.
- Some third-party apps or services you use may need it.
- It will help you to be transparent.
- Protecting privacy will enable you to gain more revenue.
- You will gain more customer and their trust.
- It is a safeguard for both you and your visitors.
Australian Privacy Principles (APP)
The Australian Privacy Principles (APP) are the basis of the Australian Privacy Act. APP works as a privacy framework to protect the information of individuals and regulate how Australian government agencies and organisations handle the personal details of their users.
Who does APP apply to?
However, there are some exceptions too, your business might have an annual turnover of less than $3 million, but you may still need to comply with the privacy act. You will be considered as an APP entity if you:
- Provide private health care services (hospital, pharmacy, gym or weight loss clinic, childcare centre etc.) and receive health information.
- Sell or purchase personal information.
- Provide constructed service for an Australian Government contract.
- Run a business that opted-in to Privacy Act.
As a business owner, you can always choose to opt-in and be covered by the Privacy Act.
13 Australian Privacy Principles
The following 13 principles work to govern the standards, rights and obligations of collecting or using personal information.
Principle 1: Open and transparent management of personal information
Principle 2: Anonymity and Pseudonymity
Business authority should give individuals anonymity and pseudonymity option as they cannot compel anyone to disclose their identity. But there can be some exceptions.
Principle 3: Collection of solicited personal information
It states how an entity will deal with an individual’s personal information. Entities can collect personal data only when it is necessary for the function and activities of their business. In terms of sensitive issues, entities need the full consent of their customer.
Principle 4: Dealing with unsolicited personal information
With the unsolicited personal information, entities have to decide whether that unsolicited information could be collected as outlined in principle three or to destroy or de-identify.
Principle 5: Notification of the collection of personal information
Businesses must notify users about the collection of personal use. If notice is not possible early notification of privacy rules must be given.
Principle 6: Use or disclosure of personal information
An entity must inform individuals for what purpose their personal information is collected, and it must disclose the information only the way an individual expects.
Principle 7: Direct marketing
With the proper consent of an individual, an entity can use that person’s personal information for direct marketing to promote services and goods.
Principle 8: Cross border disclosure of personal information
Organisations must take all necessary steps to protect personal information from being disclosed to any overseas recipient.
Principle 9: Adaptation, use or disclosure of government related identifiers
An entity cannot use any government related identifiers such as passport number, license number, tax file ID as their own until the organisation is authorised by law to do so.
Principle 10: Quality of personal information
The quality of individuals’ personal information should be accurate, updated and complete.
Principle 11: Security of personal information
It is the company’s responsibility to protect the collected personal data from loss, interference, unauthorised access.
Principle 12: Access to personal information
With the request of an individual, entities have to give the user access to his/her information.
Principle 13: Correction of personal information
Entities must collect accurate, complete, relevant, updated data. If an individual’s information is incorrect, it should be corrected to prevent misleading information.
Violation of these principles might result in regulatory actions, including penalties.
Be specific about how and why you will collect personal information
Clearly explain how you are going to collect those personal details. Are you going to collect those directly from the customers via phone call or online forms? Or you will receive it through third parties? Also, mention whether you are going to use those data for primary or for a secondary purpose.
Think about the audiences
How you will deal with sensitive issues
Sometimes sensitive information such as financial data, political opinions, religious statement, criminal records, trade secrets or other information is being collected. Inform your customers how your entity will preserve those or, even due to some exceptions, ensure that proper consent will be taken from them before using.
Disclosure of personal information
To deliver the service, you might need to disclose the personal details of your customers. Describe all the disclosure and the conditions about those disclosures. There might be some involvement of a third party; if yes, then explain who and how you will deal with them. Explain how you will disclose the information to overseas entities, legal advisors, government or regulatory authorities, related companies for billing or other purposes.
Ensure security to your customers
Mention all the possible steps you will take to protect customer privacy from misuse, loss, modification, unauthorised access. You better destroy or de-identify any personal information whenever it is not needed.
Give your customer’s access to their personal information
Company contact information for customers
You should provide customers with an email address and contact number. Make it available all the time so that if they have any questions about privacy or if there is a complaint or an error in their personal info, they can easily reach you.
You should regularly review and update your entity policies as policy keep changing.
You read a lot. We like that
Want to take your online business to the next level? Get the tips and insights that matter.