Privacy is important. But there are many situations in which it is necessary to share or collect personal information. The nature of that information can vary, but most of it falls within the sphere of one statute: the Privacy Act. The Privacy Act is a piece of federal legislation that governs the management of private information in Australia. It is not the only legislative instrument that deals with privacy, but it is one of the most prominent. The Privacy Act extends to businesses and governments alike, and it regulates things like information collection, information storage, information sharing, and data security.
What sort of information is regulated under the Privacy Act?
The Privacy Act has a limited scope. That means it doesn’t apply to all the information you collect in a commercial context. Instead, it only applies to personal information. However, personal information is defined a certain way in the Act. Essentially, according to the Act, personal information is information that identifies an individual. That means personal information can include things that we wouldn’t ordinarily consider sensitive, such as a name or date of birth. But it also means that highly sensitive information is included, like bank account information, photographs, and family information. In fact, the Privacy Act has quite a broad definition of personal information. According to the Act, personal information is information or opinions about an identified, or reasonably identifiable individual. Even if the information or opinion is not true, it still classifies as personal information under the Act.
There are thirteen Australian privacy principles: here’s an overview
Given the broad scope of information that is covered by the Privacy Act, it’s easy to see why it affects almost all businesses. Effectively, any business that collects data is likely to be affected. The exact nature of your obligations under the Act can still vary, though. Usually, your obligations will depend on the type of information you collect, and the reasons for which you collect it. That is why the Act outlines thirteen privacy principles, to which all who possess personal information must adhere. The principles are outlined in Schedule 1 of the Privacy Act, which you can reach by following the hyperlink. Here’s an overview:
- Open and transparent management of personal information;
- Anonymity and pseudonymity;
- Collection of solicited personal information;
- Dealing with unsolicited personal information;
- Notification of the collection of personal information;
- Use or disclosure of personal information;
- Direct marketing;
- Cross-border disclosure of personal information;
- Adoption, use, or disclosure of government-issued identifiers;
- Quality of personal information;
- Security of personal information;
- Access to personal information; and
- Correction of personal information.
As you can see, the list covers the various ways in which we use and collect personal information. It also covers the reasons for which we collect information in commercial contexts, as well as how we manage it once it’s been collected. But there’s one principle in particular that can present some complex problems: security of personal information. Here’s why.
Now that almost all data is stored digitally, privacy obligations are changing
Digital data storage has drastically changed not only how we store data, but also how much data we store. As technological systems become more effective at storing and indexing vast quantities of data, we are able to gather more and more. Even smaller businesses are starting to build significant databases that relate to customers, clients, and suppliers alike. A lot of the information collected is personal information, as well. That affects our compliance with the privacy principles in different ways. But the security of personal information is one principle that is becoming harder to meet.
As technology advances, data storage systems quickly become obsolete if they’re not regularly updated. And once they’re obsolete, they are at risk of being insecure. However, regular software and hardware updates are expensive. As a result, it’s easy to fall into a position where your data storage is susceptible to compromise. Data breaches are becoming more common for that reason, and that is having an impact on our abilities to comply with the privacy principles.
Here’s how you can adhere to the Australian privacy principles
The information provided by Kafrouni Lawyers is intended to provide general information and is not legal advice or a substitute for it. Business people should always consult their own legal advisors to discuss their particular circumstances. Kafrouni Lawyers makes no warranties or representations regarding the information and exclude any liability which may arise as a result of the use of this information. This information is the copyright of Kafrouni Lawyers.
Liability limited by a scheme approved under professional standards legislation.