Small business owners work hard and have enough worries without adding privacy to the burden.
But you should be aware that customers are getting very concerned about how organisations handle their personal information. They are even more
anxious about how information regarding their health and children is handled.
The Privacy Act, which includes the Australian Privacy Principles (APPs), is a federal government law which specifies the way all companies must deal with personal information.
In future articles, we will explain these obligations. Today we cover whether the Privacy Act applies to your business and, even if it does not, some of the business benefits of adhering to the APPs.
Do I have to comply with the Privacy Act and the APPs?
The Privacy Act and the APPs apply to APP entities which are private sector and not-for-profit organisations with an annual turnover of more than $3,000,000 in any financial year since 2002.
Small businesses, including sole traders, with a turnover less than $3,000,000 are also caught if they:
- Trade in personal information.
- Are Commonwealth contracted service providers. You are a contracted service provider if you:
- provide services to Australian government agencies under a Commonwealth contract or subcontract; or
- provide services on behalf of Australian government agencies under a Commonwealth contract or subcontract.
- Operate a residential tenancy database.
- Carry on a credit reporting business.
- Are related to (e.g. owned by) another body corporate that is subject to the Privacy Act.
They also apply to private health service providers which includes those dealing with physical, emotional, psychological and mental health – including:
- Traditional health service providers (like private hospitals, doctors and pharmacists).
- Other health professionals (like physiotherapists and counsellors).
- Complementary therapists.
This category also covers child care centres, private schools and private tertiary educational institutions.
Other organisations may also be APP entities. The Privacy Commissionerʼs website includes a checklist for you to work through to see if you are required to comply with the APPs.
The business benefits of privacy compliance
Even if your business isnʼt caught by the Privacy Act, there are good business reasons why you should comply with it and the APPs.
Legal obligations for businesses surrounding privacy will only increase. As itʼs best to be prepared, we recommend that organisations adopt good privacy practices – even if they are not caught by the Privacy Act.
Here are some of the benefits of taking privacy seriously:
- Show you care: Customers expect organisations to protect their personal information. It may be legally correct to say that your business does not have to comply with privacy laws but thatʼs like saying to your customers that you donʼt care about their privacy.
- Save time later: You want your business to grow. Plan now for when your turnover hits $3,000,000 to save a last minute compliance rush or being caught out.
- Donʼt miss out on contracts: Corporate customers often demand that their suppliers meet minimum standards of privacy compliance. Some corporate customers have internal policies that prevent them from awarding contracts to companies which do not.
- Protect your reputation: Your reputation is one of your greatest assets. Reputation is the first casualty of a data breach involving the disclosure of personal information. Maintaining good privacy practices and a plan to deal with data loss can help limit the damage.
Privacy compliance doesnʼt have to be expensive or too time consuming. We suggest you do it now.
About the Author
Ted Ringrose is a Partner of Ringrose Siganto, a law firm specialising in privacy law. Ted read history and law at the University of Queensland and has a Master of Public Affairs from the University of Sydney. He specialises in privacy law and telecommunications law.
— Note: This does not constitute legal advice and is for general information only.