A guide to privacy laws for small business

The handling of personal information is an important issue for both large and small businesses in Australia. In December 2002, the Commonwealth Government introduced privacy legislation that now applies to some small businesses. This was introduced so that consumers can be confident that their personal information is being handled appropriately.

If your business turns over $3 million or less, it may be covered by the Privacy Act if it:

trades in personal information such as buying or selling mailing lists
is related to a larger business
is a health service provider and holds health records
is a contractor that provides services under a Commonwealth contract. 

The small business operators which fall under the Act are required to review how they collect, use, keep secure and dispose of personal information.

Personal information includes information that can identify someone. Examples include a person’s name, address, financial details, marital status or their billing details. It can also include sensitive information such as religion, ethnicity and health.

Complying with the Privacy Act

Having a privacy policy in place makes good business sense as it allows both your customers and staff to understand what personal information your business collects and why. This includes information collected on forms, directly from the individual or from someone else.

The Act is based on the National Privacy Principles (NPPs) which outline the minimum standards you need to meet when handling personal information. The more open your business is in the way it collects, uses and discloses personal information, the less likely it is to receive a privacy complaint from a customer.

Tips for complying with the privacy laws

· Make someone in your business responsible for privacy issues.

· Be familiar with the NPPs.

· Avoid collecting more information from an individual than you actually need. 

· Get an individual’s consent before sending them any of your marketing material. If you can’t to do this, make sure you give them the opportunity to opt-out. Remember to include your contact details so they can reach you.

· Don’t disclose someone’s personal information to another organisation without their permission.

· Have a complaints handling process in place so that you’re prepared if you do receive a privacy complaint.

For more information, contact the Office of the Federal Privacy Commissioner or seek legal advice. You can also visit www.privacy.gov.au or phone the Privacy Hotline 1300 363 992.

Published: 10 December 2007