data breach, personal information, Privacy Week, Working From Home, Myths V Facts, Data Breach, Personal information

Myth v Fact – We don’t collect sensitive information, so we don’t need to worry

14 May 2020

It is a common misconception that ‘personal information’ is a reference to sensitive information like health, medical or financial information. This is not true. Personal information captures any information about an identifiable person. 

This means that personal information covers basic information like a name, address, telephone number, place of work and photographs (for example a driver’s licence).

Even if your business deals with corporate customers, it probably holds more personal information than you think. If your business is required to comply with the Privacy Act, all personal information must be held and used in accordance with the Privacy Act and the Australian Privacy Principles (APPs).

The APPs set out the 13 “rules” about privacy in Australia, including:

  • how personal information may be collected, used and disclosed;
  • when personal information must be destroyed or deidentified (in many cases it cannot be kept forever);
  • the rights of individuals to access their personal information; and
  • how personal information must be held and secured.

Talk to our Privacy and Data Protection team to properly understand your obligations.

Disclaimer: This publication contains comments of a general nature only and is provided as an information service. It is not intended to be relied upon as, nor is it a substitute for specific professional advice. No responsibility can be accepted by Rigby Cooke Lawyers or the authors for loss occasioned to any person doing anything as a result of any material in this publication.

Liability limited by a scheme approved under Professional Standards Legislation.

©2020 Rigby Cooke Lawyers