Privacy Is Your Business

Privacy is a major issue which many businesses don’t take seriously. With the Privacy Law Reform Act passed in November 2012, business owners need to get up to speed on the changes that come into effect on March 12, 2014.

Many business owners think that just adding a standard ‘Privacy Statement’ to their website will satisfy the legal requirements of the 13 Australian Privacy Principles (APPs), however, this is not the case. Businesses should be looking at their information handling procedures, policies and systems now. The Privacy Commissioner will have powers to conduct performance assessments on private sector organisations to examine their handling of personal information in line with the new rules. The Commissioner will have the power to impose civil penalties of up to $220,000 for individuals or $1.1 million for companies who commit ‘serious and repetitive’ breaches.

Businesses need to look at the information they collect from clients, customers and prospects and ensure they aren’t keeping personal information just for the sake of it. If you don’t actually need the information to run your business, don’t collect or store it. Credit card details should be securely stored or destroyed if no longer required. There would be many examples of unnecessary information being collected, such as licensed clubs that scan driver’s licenses for temporary memberships. Are the time-savings of this scan worth the time and effort required to protect this information from identity thieves?

A recent survey found that 11% of commercial rubbish bins in Sydney contained personal information easily accessible by passing foot traffic. Businesses need to ensure their staff are trained as 80% of data loss is caused by human error. It is very common for employees to put sensitive documents into general recycling bins instead of the shredding bin. Too often they send out confidential or sensitive material in an unsecured way or they send it to the wrong people.

Many businesses may find a ‘shred-all’ policy the safest option with the secure document shredding companies gearing up to cater for the increased demand as the changes come into place. Other aspects to consider are adequacy of virus protection, firewalls, software encryption and computer passwords as well as physical locks and use of mobile technology off-site. Cloud computing also has the potential for security leaks with many employees saving data to share in such applications as Dropbox or YouSendIt. As these services can be accessed from personal computers as well as company computers, the security risk increases.

Small businesses are just as much at risk from computer hackers as the larger companies. More so in fact as they present an easier target due to their limited IT sources.

Employees need:-

  • Training on the security requirements of your organisation
  • Written guidelines on protecting customers’ sensitive/personal information
  • Guidelines on creating strong passwords and regularly changing them
  • Guidelines on proper usage of company computers, including internet usage
  • Education on emails including opening and forwarding
  • A point of contact for questions on the policy or other general computer security issues

A summary of the requirements and changes are outlined in the Australian Privacy Principles (APPs) in the

Privacy Act. The APPs are reproduced in Fact Sheet 17 - Australian Privacy Principles available on the OAIC website (

Click HERE to download the full edition of The Business Accelerator Magazine for September 2013.

Other articles in this edition:

IMPORTANT DISCLAIMER:This newsletter is issued as a guide to clients and for their private information. This newsletter does not constitute advice. Clients should not act solely on the basis of the material contained in this newsletter. Items herein are general comments only and do not convey advice per se. Also changes in legislation may occur quickly. We therefore recommend that our formal advice be sought before acting in any of these areas.