Privacy Talk

With Census Night just around the corner everyone is suddenly talking about Privacy. And so they should be. One of my pet hates is being interrupted midway through Friday Night Football to take a call from some company, usually the bank complaining I haven’t paid my credit card on time, and then being asked, for PRIVACY REASONS, a long list of questions to make sure I’m the person THEY CALLED!!! ARGHHHH!!!

Is this really necessary? Well, to tell the truth it probably is, but that doesn’t make it any less annoying. So with that in mind, let me tell you a few elementary things you really need to know about Privacy, and the harvesting of information by corporate Australia.

Australian legislation recognises 13 official Australian Privacy Principles (“APPs”) which must be complied with by any company with an annual turnover of more than $3 Million in the past financial year. Failure to honour those principles will attract serious penalties. Under the legislation Personal Information (or PI as the jargonistas call it) is defined as any information or opinion (including information or opinion on a database), whether true or not, and whether recorded in a material form or not, about any person whose identity is apparent from, or can reasonably be ascertained from the information or opinion.


Any business to which the APPs apply must have an up to date privacy policy (the APPs were introduced in March 2014) that is published free of charge and in an appropriate form (for example, by publishing it on the business’ website).

The prescribed matters the privacy policy must address include:

  • the kind of personal information that is collected and held;
  • how that personal information is collected and held;
  • the purposes for which the information is collected, held, used and disclosed;
  • how somebody may access and, if necessary, correct the information;
  • how somebody can complain about the use of the information; and
  • whether the information is likely to be disclosed to overseas recipients, and if so, the countries in which such recipients are likely to be located.

If any business collects its customers’ or staff’s government-related identifier, such as their Medicare number or Tax File number, it is not permitted to use them as its own identifier unless that is expressly required by law, or it is reasonably justifiable to do so. Where government-related identifiers are collected, they may not be stored unless a very good reason to do so can be demonstrated. For example, it is ok for a business to store its staff’s Tax File numbers for taxation purposes, but that doesn’t entitle it to store a customer’s Tax File number.

Of course that’s just the tip of the iceberg, and today more than ever before, Corporate Australia needs to educate itself on Privacy. With computer fraud and identity theft the new news of the 21st century, both businesses and individuals need to know precisely where their rights and obligations start and finish.

Read more on the Nyst Legal blog