- You are an Australian or Norfolk Island Government agency
- Your business or not-for-profit generates an annual turnover of at least $3 million.
- You are a health service provider in the private sector.
- Employee associations registered under Fair Work (Registered Organisations) Act 2009 (Cth).
- Contracted service providers for a Commonwealth contract
- All business that sells or purchase personal information
- Credit reporting bodies
- All subsidiaries of a company covered by the Privacy Act 1988 (Cth)
If you are unsure whether your small business needs to comply with the Privacy Act 1988 (Cth), please visit the Privacy Business Resource.
1. Failing to disclose how you collect data
If you are unsure about your business’s policies regarding data collection and usage, visit our website to connect with a business lawyer who can guide you through this process.
2. Collecting data without permission
3. Failing to disclose third-party access
4. Failing to treat data security seriously
Protecting the privacy of customers or users that access your website and app is a serious business. Further, it is pivotal that the data collected is not misused, modified, disclosed or accessed without authorisation. Incorporating reasonable steps like algorithms, filters, secured servers and anonymisation tools will help protect the data collected. This can be done by analysing the harm that would occur if the data collected is compromised before incorporating a suitable security measure. For example, your website can incorporate SSL, if you intend on collecting sensitive information like credit card details. This will establish an encrypted link between your web server and browser to ensure all data that passes between them remains private.
5. Your procedure for dealing with complaints
Your Private Policy should outline the procedure for receiving any complaints related to privacy breaches. This will ensure users that your business has an effective complaint handling procedures in place to specifically deal with privacy breaches. It is also essential that you provide contact details for users to make a complaint in case of a privacy breach.
Anjaly is working in our Content Team as a Legal Tech Intern. She is currently studying a Bachelor of Laws and Bachelor of Science at Macquarie University. She has a particular interest in Intellectual Property Law, Employment Law, and exploring how technology can improve access to justice.