THE OFFICE OF THE PRIVACY COMMISSIONER
Spacer GifHOME > Business > A Snapshot of the Privacy Act for Small Business Spacer Gif Spacer Gif Spacer Gif Spacer Gif
Spacer Gif
Spacer Gif Business
Spacer Gif Bullet Codes
Spacer Gif Bullet Guidelines
Spacer Gif Bullet Small Business
Spacer Gif Bullet Opting-in to Privacy Act coverage
Spacer Gif Bullet Anti-Money Laundering
Spacer Gif Bullet Credit Reporting
Spacer Gif Bullet Tax File Numbers
Spacer Gif Bullet Information Sheets
Spacer Gif Bullet 10 Steps Guides
Spacer Gif Bullet Research
Spacer Gif Bullet Privacy Connections Network
Spacer Gif Bullet Consultations
Spacer Gif SPECIFIC PRIVACY
INFORMATION FOR:
Spacer Gif > Individuals
Spacer Gif > Business
Spacer Gif > Health
Spacer Gif > Government
Horizontal Rule
Spacer Gif > Federal Privacy Law
Spacer Gif > About the Office
Spacer Gif > Frequently Asked Questions
Spacer Gif > IT and Internet Issues
Spacer Gif > Media and Speeches
Spacer Gif > Publications
Spacer Gif > Privacy Links
Spacer Gif > International
Spacer Gif > Contact us

Spacer Gif

A Snapshot of the Privacy Act for Small Business

View printable version of this page

**NOTE: updated with minor amendments 27 November 2007.

The Federal Privacy Act 1988 sets rules for businesses handling personal information. It also allows individuals to make a complaint if personal information is mishandled.

Some small businesses, including those that are non-profit bodies or unincorporated associations, need to comply with the Privacy Act.

Small businesses that collect personal information (other than their own employees' information) may need to comply. Personal information is any information about an identifiable individual, e.g. a person's name and address, marital status or income.

If your business has an annual turnover of more than $3 million or is a health service provider, the Privacy Act applies to your business.

Does your small business need to comply with the Privacy Act?

Is your small business:

  • a health service provider?
  • trading in personal information (e.g. buying or selling a mailing list)?
  • related to a larger business (a related body corporate)?
  • a contractor that provides services under a Commonwealth contract?
  • a reporting entity for the purpose of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act)?
  • an operator of a residential tenancy database?

If you answered yes to any of these, your business may need to comply with the Privacy Act.

You may also need to comply if your business buys or sells business assets that include personal information (eg. a customer database).

The Privacy Commissioner's checklist, A Privacy Checklist for Small Business. can help you to work out whether your business may need to comply.

Compliance with the Privacy Act - the basics

For many small businesses, complying with the Privacy Act means that the key things to do are:

  • tell people when you collect personal information what you expect to do with it
  • use personal information only for the reason you collected it, or in ways people would think reasonable unless you have their consent, have given them an opportunity to opt-out or the use is authorised by another law
  • pass on personal information only for the reason you collected it, or in ways people would think reasonable, unless you have consent or the disclosure is authorised by another law
  • if people ask, give them a chance to see any information you hold about them
  • keep personal information secure, accurate and up-to-date.

These requirements are set out in the Act in 10 National Privacy Principles (NPPs).

See A Guide to Privacy for Small Business for more information.

Getting up to speed on the Privacy Act - the basics

When making a privacy plan, you should:

Have someone responsible for privacy

  • This could be you or your office manager or someone in another position depending on the size of your business.

Be familiar with the NPPs

  • They cover collection, use, disclosure, access and other matters.

Do a privacy stocktake

  • Look at how you handle personal information in your small business, from the time you collect the information to the time you dispose of it. See how your procedures measure up to the obligations in the NPPs.

Have a privacy complaint handling process

  • Think about who will handle complaints, timeframes, records you might need.

Train any staff in privacy

If you need to make changes, plan how you will do this

Some other tips for compliance with the Privacy Act

Keeping personal information secure

  • Check computers for personal information before you sell them.
  • Keep personal information away from those who do not need to see it - staff as well as customers.
  • Destroy information securely. Do not dump it in a street bin.

What to tell people when collecting information

  • The name of your business.
  • How the business can be contacted.
  • How you expect to use the personal information.
  • To whom you expect to pass on the personal information.
  • That they can see (access) personal information you hold about them.
  • Give an opportunity to opt-out of any direct marketing you do.

Some notes on how to tell people about the information you hold on them

  • You may give this on a form, on a separate brochure, by telephone or a website.
  • You may need to give this information even if you are collecting from someone else (rather than from the individual).

For more information contact the Office of the Privacy Commissioner.

The Office handles complaints and also provides information and advice about the Privacy Act. All publications mentioned in this brochure are available from the Office or on our website.

www.privacy.gov.au

Enquiries Line 1300 363 992 (local call charge)

GPO Box 5218 SYDNEY NSW 2001



Spacer Gif> Privacy Policy Spacer Gif> Copyright Spacer Gif> Site map Spacer Gif> Join Email List Spacer Gif> Glossary Spacer Gif> Calendar Spacer Gif> Newsletter