What Is the Difference Between Privacy and Confidentiality in Australia?

by Angela Omari

February 17, 2022
Legal guides

Whether you’re a big company, small business, or a sole trader, one of the most important factors you need to consider is protecting your business’s privacy and confidentiality.

Your business’s confidential information is the edge you need over your competitors in today’s competitive environment.

After all, isn’t this what keeps your business going and thriving? It sure is.

This is where it’s essential to know how confidentiality and privacy makes a difference.

They both sound similar, don’t they? In some instances, they are, but they do play different roles.

To ensure that your business continues to thrive and you have a clear understanding of these terms and how they may impact your policy development, read along.

What is the difference between privacy and confidentiality?

Before we get into the itty-bitty details of privacy and confidentiality for your workplace, it will be good first to understand the differences between the two terms.

Privacy and confidentiality differ in the type of information they can protect.

Confidential information is protected by how you’ve defined it in your employees’ contract or your company’s policies.

Whereas privacy and privacy laws protect personal information according to what is required under the following pieces of privacy legislation applicable in NSW, VIC and Western Australia:

Australian Privacy Principles (APPs)
Privacy Act 1988 (Privacy Act) – More information about the Privacy Act is available in the Office of the Australian Information Commissioner (OAIC)
Freedom of Information Act 1992 (WA)
Commonwealth Privacy Act.

In general, they differ in how they protect different types of information. Since they are defined differently, they are also enforced differently.

What is privacy in Australia?

In Australia, privacy refers to the protection of people’s rights to their personal information privacy, including:

Phone numbers
Healthcare – health information, health records and health service providers
Name
Signature
Address, email, telephone number, date of birth
Medical records – personal health information
Bank details
Photos and videos
IP address
Disability and aged care information
Family members information, carer and emergency contact details

The Privacy Act applies to individuals, commonwealth government agencies (gov) and businesses.

So if you run a business, chances are that you will come across the sensitive information listed above. Because of that, you need to understand your obligations around privacy.

Don’t know what your obligations are? These are all contained and governed by the Privacy Act.

What is the Privacy Act 1988?

Unlike confidentiality, privacy imposes obligations on you based on what is required under the Privacy Act.

So as a business owner, you may be required under Privacy Act to protect your customer’s personal information from:

Theft
Misuse
Interference
Loss
Unauthorised access
Modification
Disclosure

When you no longer need your customers’ personal information, you must destroy it or de-identify it.

How do you know if the Privacy Act applies to your business?

If your business has an annual turnover of more than $3 million, you must comply with the Privacy Act.

Even if your business has an annual turnover of less than $3 million, you may still have to comply with the Privacy Act.

This will depend on what business you have and run. Let us give you some examples. You’ll still be required to comply with the Privacy Act if:

Your business is in the health sector. For example, therapists, gyms, weight loss clinics, child care centres and private education providers
Your business sells or purchases personal information
You are a contractor providing services under a contract with the Australian Government
You are a credit provider/credit reporting body
You are a residential tenancy database operator

If the Act does apply to your business, you have to comply with your obligations. For example, it’s required that you have a Privacy Policy in place that tells customers how you will be handling their personal information.

So, how is this different to confidentiality? Let’s go through it now.

Get a free legal document when you sign up to Lawpath

What is confidential information in Australia?

Privacy is governed by the Privacy Act, but confidentiality isn’t. This is a matter of common law.

It simply means that the way confidentiality is defined and enforced depends on how it is written into your employees’ contracts and your business policies.

You don’t need any specific laws to tell you how to do this. Most business owners, however, often include confidentiality clauses for the sake of protecting valuable business information.

You need to think about this to protect your business’s information.

For example, think about KFC. I’m sure KFC doesn’t want their 11 secret herbs and spices to become public knowledge. This is what keeps their business going.

What is defined as confidential information?

So, you’re probably asking yourself, ‘how do I know what is considered confidential information?

As mentioned before, confidentiality is more flexible than your privacy obligations because it is entirely up to you on how you define it in your company’s agreements and employment contracts.

You have the power to decide what would be considered confidential in your business and what isn’t.

Looking for some examples? If you write up an employment contract or business policy, confidential information can include:

Disclosure of personal information
Salaries
Employee perks
Client lists
Trade secrets
Sales numbers
Customer information
News about pending terminations
Reasons for a firing
Phone codes or computer passwords
Customer details and confidential information
Information that relates to the contract
Information disclosed in the course of employment

Suppose your business deals with any of the things listed above. In that case, this information should be listed as confidential in your employee’s contracts and outlined in your business policies.

What isn’t considered confidential information?

One important thing to note is that not all information will be considered confidential, and there are certain exemptions.

Yes, that’s right, there is a fine line between the two. Here are some things not considered confidential:

Information that’s entered the public domain and has become common knowledge. Even if it goes public, personal information will still be protected by the Privacy Act.
Disclosure of facts in legal proceedings and court documents may destroy confidentiality
Publication of information subject to personal confidence will usually destroy any duties of confidentiality
Publications of differing versions of similar information destroy confidence
Disclosing party has given written consent for the receiving party to disclose it
Disclosure is required to provide the goods or services under the contract
Disclosure is required by law, for example, in court proceedings
Information disclosed to a professional advisor, like a lawyer

The main point here is that confidentiality in Australia is not explicitly regulated.

This is why it’s vital that you carefully draft a confidentiality clause appropriate for your business.

Confidentiality defined by the law

Even though no specific legislation governs confidential information, you can still take legal action if your business’s confidential information is breached.

To establish this, there are specific requirements. For instance, the information cannot be:

In the public domain
The relevant parties must have been informed of its confidential nature
The information must have been received in the circumstances importing an obligation of confidence. For example
- Written in an employment contract
- Inferred from the relation, e.g. solicitors and client, employer and employee
- Information acquired by ears dropping
- An injunction may be granted against any 3rd party who knowingly obtained the confidential information

Why is privacy and confidentiality important?

Privacy and confidentiality are important whether it’s the personal information of customers, employee information that managers collect or proprietary information, which is otherwise called trade secrets.

Let’s go through them:

Privacy and confidentiality could be the edge you need over your competitors in today’s highly competitive environment, which is why you need to protect it
It is possible that your business could dry up if your former employee goes to work for a competitor and shares your client list
You hire a contractor to create a software code for a new product, but they use the same code when hired for another company.
When confidential information is not protected and secured, it can cause both losses to your business and unlock the possibility of fraudulent activity such as identity theft
It’s important to maintain your duty of confidentiality because if you don’t, you could face legal action for breach of confidence

We’re sure breaches of privacy and confidentiality is the last thing you want happening to your business.

What if we told you there are a few things you can do to prevent this and ensure your business is protected? There are different privacy and confidentiality policies you can implement in your business.

Maintaining privacy and confidentiality in the workplace

Did you know that you can take legal and non-legal steps to ensure privacy and confidentiality is protected in and outside your workplace?

Sound like music to your ears? Let’s go through it.

1. Confidentiality Clause (Agreement)

When dealing with sensitive information, it’s a good idea to be clear from the start to protect your business’s information from being stolen by anyone who comes into contact with your business. This is important whether you bring in:

New employees
Contractors
Service providers
Suppliers
Customers onboard

This can be done through a Confidentiality Clause or otherwise known as a Confidentiality Agreement.

A Confidentiality Agreement is a legal document that you can use to disclose private or sensitive information to another party while legally forbidding the other receiving party from disclosing that information to any other person or entity.

This document is only enforceable if it is signed by you and the other party and places an obligation on one or both parties to keep specific information confidential.

Due to this, this document must be signed and dated before sharing or receiving confidential information. So you can use a Confidential Agreement if:

You would like to (or need to) disclose confidential information
You would like to stop confidential information (such as trade secrets) from falling into the wrong hands
You would like to protect your confidential information
You would like to have legal options available if your confidential information is compromised or disclosed

So if you’ve been reluctant to hire new employees or enter into contracts with other businesses because you don’t have a Confidentiality Agreement, why not create your own customisable Confidentiality Agreement ready for use in under 5 minutes.

2. Privacy Policy

You must use a Privacy Policy if your business or company collects personal information and data online or directly from your customers.

A Privacy Policy is required by law if your business falls within one of the criteria set out in the Privacy Act mentioned above.

A Privacy Policy is a document that states how your business will deal with the personal information and data it collects.

Your Privacy Policy will inform your consumers about when your business or company will collect information, what the personal information is used for and how that information will be stored and managed.

It must also include provisions relating to when personal information can be accessed, transferred, shared and kept.

No matter what type of business you run, a Privacy Policy can be integral for legal compliance.

Still not convinced why you need a privacy policy? Here are a few extra reasons

You would like to inform your consumers, suppliers or contractors how you collect, use and respect information data;
You would like to comply with Australian Federal laws on privacy; and
You have created a website and require a Privacy Policy.

It is always recommended that a lawyer review your Privacy Policy before its implementation. This ensures that your Privacy Policy contains accurate wording and the relevant laws are being complied with. One of our lawyers would be happy to help.

3. Mandatory restorative injunction

Injunctions are another way or remedy provided by the discretion of courts to protect your business confidential information. It is a way to prevent someone from doing something or make someone do something.

A mandatory injunction is a positive injunction and falls into the latter category. This means that the courts will require someone, for example, to fix something or restore something to its natural state.

More specifically, related to confidential information, a mandatory restorative injunction forces the defendant, such as an employee, to fix the damage committed by them.

For example, an employee will be required to remove information posted online if it is confidential information from your business. This is as they would have breached their Confidentiality Agreement.

4. Implement a Confidentiality Policy

Another great way to ensure that new, current and leaving employees understand their obligations to keep their confidential information secure is by implementing a Confidentiality Policy.

A Confidentiality Policy is a document that forms part of a business’s Human Resources Policies. It sets out:

The responsibilities and obligations that an employee must follow when dealing with a business’s confidential information
How employees and employers can deal with privacy complaints
Reasonable steps to take in case sensitive information is lost/stolen (e.g. a Data Breach Plan)

Your employees must be informed about such a policy if you decide to enact it. The wording of your confidentiality policy must be precise if you intend it to form part of your employment contract.

Use words such as “abide by” and “comply with” to ensure your employees know that this policy is a promise.

If you need some help reviewing your Confidentiality policy, hire Lawpath lawyers who are certified legal practitioners or create your own customisable Confidentiality Policy.

5. Non-Disclosure Agreements/ Confidentiality Agreements

Depending on your business’s direction this year, you may also want to consider adding or updating your businesses Non-disclosure Agreement or a Non-compete Agreement for any of your employees.

Non-Disclosure Agreements are two-way legal documents that your business can use to disclose confidential information to a receiving party while legally forbidding either party from disclosing that information to any third parties, be it a person or entity.

Non-Compete Agreements are similar legal documents that will protect your business from having its information exploited by an employee seeking a competitive advantage.

Reasons why you should implement or update your Non-Disclosure or Non-Compete legal documents:

Prevent a situation where employees with access to your business’ private information use the information to start their own competing business in the same industry;
You want to disclose new confidential information in negotiation and want it not to be in the public domain;
You want to place new restrictions on the use of confidential information;
You want to access new confidential information from a new business you want to join forces with; or
You want to protect confidential information, including customer lists and trade secrets.

If you don’t want to worry about your employees possibly using your confidential information for their own purposes, consider adding or revising your existing Non-Disclosure or Non-Compete agreement to protect your private information.

6. IP Assignment Deeds

The freelance market has seen steady growth in recent years. Hiring freelancers has many advantages, including lower costs for outsourcing and hiring someone who is a specialist in their field of work.

However, you need to be careful when hiring contractors to produce creative assets.

This is mainly because of issues surrounding intellectual property and who owns it. When someone designs a creative asset, they are the owner. However, the creator of intellectual property will not always be the intended owner, as they may wish to sell or transfer their ownership rights to another person or persons.

This is where an Intellectual Property Agreement, otherwise known as an IP Assignment Agreement, will come into handy.

An IP Assignment Agreement transfers ownership of IP from one party to another, usually for a price. Apart from setting out the transfer in a legally binding contract, it also dictates the rights and obligations of both parties, along with relevant warranties and indemnities.

If an owner of a registered patent, trademark, design, or plant breed wishes to transfer their intellectual property ownership rights to another person, they can do so.

If you want to steer clear from any potential disputes and ensure your IP is protected so your business’s logo belongs to your business, an IP Assignment Agreement will do just that.

If this is something you haven’t done or considering, look at our IP Agreement to get started.

7. Employee Contracts

New Employees

Confidentiality clauses in new employment agreements can educate new employees about your workplaces regulations surrounding confidential information.

These clauses ensure that new employees understand that they can’t use confidential information gained outside their employment.

Ensure your employees employment contracts are clear and precise to ensure your new employees understand these obligations and duties.

During employment

To protect your confidential information, you can take several practical steps during a worker’s employment. For example:

Password-protecting all emails and folders;
Allowing access only to confidential information that is relevant; and
You should not allow employees to take files home without permission
Have a clear policy regarding employee use of personal devices to access confidential information
Monitor potential wrongdoing using a legally compliant surveillance policy. You may be able to monitor an employee’s work emails or monitor the printer usage of an employee.

Termination of Employment

When an employee decides to resign, their employment contract may contain provisions to protect confidential information.

This generally relates to the handing over any confidential information, accounts or company property.

A popular confidentiality clause relating to resigning employees is the Non-compete Clause. A non-compete clause will prevent a former employee from using confidential information, such as:

Trade secrets
Other intellectual property
To start their own competing business
Disclosure of such information to other competitors

Now, Non-compete Clauses are only enforceable if the court considers them necessary for the protection of your businesses interests, so it’s best to get them reviewed by a lawyer.

Post-Employment Breach of Confidentiality

A letter of demand can be sent to an employee if they have violated their confidentiality obligations after employment ends, asking that they:

Do not use any confidential information
An undertaking to delete or return relevant confidential information. A legal undertaking is a promise to do something or not do something.

You can apply for an interlocutory injunction with the help of a lawyer if the employee refuses to stop using your confidential information. It is a court order that can temporarily stop someone from doing something until the full case is resolved.

Our lawyers can help you decide whether to file a lawsuit for an injunction or breach of confidentiality in less urgent circumstances.

Conclusion

Understanding the differences between privacy and confidentiality is an integral part of your business’s growth and development.

You must protect your business information at all costs. There are various ways your business can maintain and strengthen its position on confidentiality.

For instance, having strong and clear employment contracts, implementing non-compete clauses or having a confidentiality policy.

If you suspect a former employee, contractor or supplier is using your business confidential information; you can ask them to stop or may wish to hire a lawyer.

Find the perfect lawyer to help your business today!

Get a fixed-fee quote from Australia's largest lawyer marketplace.

Get the latest news

By clicking on 'Sign up to our newsletter' you are agreeing to the Lawpath Terms & Conditions

Price of Justice: Paying the Right Price for Legal Expertise

12:00pm AEDT
Tuesday 30th April 2024

By clicking on 'Register for webinar' you are agreeing to the Lawpath Terms & Conditions

What Is A Full-Time Employment Agreement?

This article goes into everything you need to know about full-time employment agreements.

Blog, Editor's Pick, Legal guides, Small Business & Companies

What Is a Shipping Policy?

This article dives into everything you need to know about a shipping policy, ranging from key components of shipping policies to issues associates with such policies.

Blog, Legal guides, Personal Legal, Product Updates, Small Business & Companies, Startup

Legal Documents You Need For Your Online Business in 2024

This article is a guide to all legal documents your online business needs in 2024.