I am not sure if many businesses realise there have been changes to the privacy laws and these changes affect everyone in business who collects information from their customers.
The privacy act now includes 13 new harmonising Privacy Principles, known as the 13 APP (13 Australian Privacy Principles).
The first thing you need to know about these principles is, if you breach them you may be up for a very hefty fine, the privacy commissioner has the power to seek civil penalties of up to $1.7million. Not only that, if there is a breach and a civil penalty is imposed by the commissioner the individual who has been affected can seek compensation. This compensation could include a recompense for hurt feelings.
Hey, Nichola! Did you say ‘hurt feelings’... Yes, I said hurt feelings.
What does that mean?
OK, from now on make sure you do not put anything into your notes that are derogatory, nasty or makes the person look or feel bad in their eyes or the eyes of someone else.
The privacy principles are about protecting personal information, this is the information on individual people.
So who is an individual person in the context of your business?
- Individual consumer
- Sole trader
- Personal Guarantor
Basically, any information that you collect about a human being is now protected by the privacy laws and there are two types of information.
- Normal information, this is collected for the natural use of your business such as addresses, names of directors or consumers.
- Sensitive information, this is information about an individual in regards to cultural differences, race, sexual orientation or religious beliefs etcetera.
The difference between these two is, now you cannot collect sensitive information on an individual. This also means that you cannot write in your notes any information about a customer that is sensitive. You can only write information, that is relevant to your business that would be required in the ordinary cause of your day to day activities.
The information you collect must be relevant, you cannot keep information in case you may use it later, it must be relevant to the moment. Not only that, you must make sure that the information you collect is correct at all times and if a customer supplies you with any changes you must make those changes.
The areas of our clientele that may be affected by this are
- If you are in the Health Care Industry
- Your business turns over 3 million dollars per year
- If you provide credit to your customer ie: a trade creditor
Plus you are in this bracket if you give seven-day accounts
Also, the Privacy Law warrants that if an individual request to see the information you have collected on them, you must give them access to it. They also have the right to correct their information.
Moving Forward: When it comes to handling personal information over to a third party you now must have expressed permission from your customers.
Expressed permission means that your customer must sign off on and agree to you passing their information on.
Then your customers must sign that document.
There is more info at http://www.oaic.gov.au/