Products & Services
|
Technology
|
Locations
|
OFW in Action
|
Client Support
|
Contact OFW
|
About OFW
  Client Support
> Business Issues
  Web Resources
Check Usage
Webmail
 
 

Business Issues > Privacy Obligations

Do you know about your privacy obligations?

The Privacy Act 1988 regulates the way that personal information must be collected for business related purposes. Advances in information technologies, including the growing use of the Internet, have brought new potentially intrusive ways of generating, using and disseminating personal information. The privacy legislation aims at providing solutions that the Australian community and businesses confidence.

The Privacy Act provisions centre around 10 National Privacy Principles (the NPPs) that set out how private sector organisations should collect, use, keep secure and disclose personal information. The principles give individuals a right to know what information an organisation holds about them and a right to correct that information if it is wrong.

Organisations and businesses need to consider whether the obligations apply to them and if so what practices and procedures need to be put in place.

Does the Act apply to your business?

The private sector provisions of the Privacy Act apply to organisations (including not-for-profits) with an annual turnover of more than $3 million.

The provisions also apply to all health service providers and businesses which are in the business of collecting personal information regardless of turnover.

What are the National Privacy Principles?

The NPPs set out the minimum standards for the collection and handling of personal information by businesses and other private sector organisations. Examples of the NPPs include the following:

  • An organisation must not collect personal information unless it is necessary to its business activities.
  • Information must be collected lawfully and fairly.
  • An organisation must not use or disclose personal information about an individual for a purpose other than that for which it was collected unless such use of disclosure would be reasonably expected.
  • Certain information can be used for direct marketing but only if it is impractical to seek the individual's consent beforehand.
  • An organisation must take reasonable steps to ensure that the personal information it holds is accurate, complete and up-to-date.
  • Reasonable steps must be taken to protect personal information from misuse.
  • An organisation must take reasonable steps to let a person know what sort of personal information it holds.
  • With some exceptions, an organisation must provide an individual with access to personal information held in relation to that individual.
  • With some exceptions, personal information may only be transferred to someone in a foreign country if that country has privacy laws similar to the NPPs.
  • Sensitive information" – that is information relating to matters such as an individual's political opinions, religious beliefs, professional or trade association membership, sexual preferences or health - may generally not be collected without the consent of the individual. One obvious exception relates to the situation in which the organisation is a health service provider.

How do I find out more?

The Federal Privacy Commissioner's website includes Guidelines to the National Privacy Principles and Information sheets aimed at assisting organisations to meet their obligations in the handling of personal information. www.privacy.gov.au
   
|
|
|