Most businesses think that being privacy compliant means having an up-to-date privacy policy. It goes further than this. Understanding the privacy requirements and how they apply to your business is the first step to ensuring compliance.
Does your organisation have a turnover of greater than $3 million? | Subject to some important exceptions, $3 million is the threshold for compliance with the Privacy Act. Entities that are required to comply with the Privacy Act are called APP Entities. |
Has your privacy policy been reviewed or updated since 2014? | If not, it will most likely not comply with the Commonwealth Privacy Act and the Australian Privacy Principles. |
Does your privacy policy refer to the NPPs? | If yes, it is outdated and must be reviewed. |
Is your organisation customer-focused and does it handle a lot of personal information about your customers? | The Australian Privacy Principles impose an additional requirement on entities that collect personal information to take reasonable steps to notify the individual of certain matters about the collection at the time the personal information is collected. APP Entities must have a Collection Notice. |
Do you provide a health service or otherwise handle sensitive information (such as health information about an individual)? | Your organisation must comply with the Privacy Act, regardless of its turnover.
Your employees need to know the difference between personal and sensitive information (and why it matters). |
Do you understand how the requirements of the new Notifiable Data Breaches (NDB) scheme apply to your organisation and what you should be doing to comply? | The NDB scheme requires APP Entities to report certain privacy breaches to the Privacy Commissioner and affected individuals. Your organisation must be prepared to act quickly if it is faced with a breach, or suspects that a breach has occurred. |
Your business may be at risk of non-compliance with the Privacy Act 1988 (Cth), the associated Australian Privacy Principles (APPs) and other state based privacy laws.