What is the big deal about privacy? Everyone gives all their personal information to companies like Facebook and Google, so why not give it to your business? Data privacy is a big deal, particularly in Europe and Cyber-crime is on the increase, or at least awareness of it is. If you collect information, then you are obliged to provide at least minimum protection against disclosure.
So who is covered? If you collect the contact details of your customers, you are collecting personal information which is protected under privacy laws. If you are a small business, you may not have to comply with privacy laws, but if you want your customers to feel secure in giving you their information, it is advisable to comply.
Even as a small business you will have to comply with privacy laws if you operate in the health industry (this can include life coaching where an element of mental health or wellbeing is involved) or you offer potential customers something in exchange for their information, like a sample or free report.
The Australian Privacy Principals can be summarised as follows:
1. Manage personal information in an open and transparent way
2. Give people the chance to remain anonymous
3. Only collect the information that is necessary to provide your product or service
4. There are categories of sensitive information that have higher standards of protection, like health information or information protected under anti-discrimination laws
5. If you collect information other than from the person it is about, let people know
6. Let people know what you do with the information you collect and whether or not you share it with others
7. Tell people if you use their information for direct marketing
8. If you store information in the Cloud and it is overseas, or you use outsource workers overseas who have access to that information, let people know
9. Don’t use government allocated identifiers for storing personal information eg. Medicare number
10. Take reasonable steps to ensure that personal information remains accurate, up to date and complete
11. Take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure
12. Give people access to their personal information
13. Correct personal information if it is inaccurate
Privacy protection doesn’t have to be complicated; just understood. Make sure you review your policy and procedures annually to ensure that you are meeting you privacy obligations and feel confident that the processes you have in place work.
About the author
Jeanette Jifkins is the founder and Principal of Onyx Online Law, an Australian based law firm with the focus of supporting businesses with an online presence. She has extensive experience with a broad variety of corporate and commercial issues including contracts, mergers and acquisitions, business structures, employment and governance.