Small Business and the Privacy Act

The Privacy Act 1988 (Cth) is a piece of Australian law that determines how personal information should be collected and used. If you are a business, you might end up collecting personal information about your clients. If that is the case then you might be required to comply with the Privacy Act. Even if you are not required to comply with the Privacy Act, it’s still a good idea to consider whether you should put business processes in place to ensure compliance with the Privacy Act.

Generally speaking, personal information is information or an opinion about an individual, who may be identified from the information. That’s a broad definition!

The Privacy Act establishes a set of National Privacy Principles. These set out, for example:

  • How personal information is collected
  • How personal information is used or disclosed
  • What steps are being taken to ensure that the information is accurate and up to date
  • How the personal information is managed
  • How clients can access and update the personal information

If you are a small business who has an annual turnover of less than $3 million, you do not need to comply with the Privacy Act, unless you are:

  • A health provider
  • Trading in personal information
  • Related to a larger business
  • Contracting for the Australian Federal Government
  • An operator of a residential tenancy database
  • Obliged to report matters under the Anti-Money Laundering Act

Even though you are a small business that the Privacy Act does not apply to, it still might be a good idea to put into place business processes to comply with the Privacy Act. After all, clients may be reassured that you are doing something to ensure their privacy, even where you are not required to.

If you need to comply with the Privacy Act or would like to voluntarily comply with the Privacy Act – give us a call, and we can help you sort things out.