Small Business

	Business
		Codes
		Guidelines
		Small Business
		Opting-in to Privacy Act coverage
		Anti-Money Laundering
		Credit Reporting
		Tax File Numbers
		Information Sheets
		10 Steps Guides
		Research
		Privacy Connections Network
		Consultations
	SPECIFIC PRIVACY INFORMATION FOR:
		Individuals
		Business
		Health
		Government

		Federal Privacy Law
		About the Office
		Frequently Asked Questions
		IT and Internet Issues
		Media and Speeches
		Publications
		Privacy Links
		International
		Contact us

Small Business

View printable version of this page

Some small businesses with an annual turnover of $3m or less are covered by the Privacy Act.

Does your small business need to comply with the Privacy Act?

Is your small business:

a health service provider?
trading in personal information?
related to a larger business?
a contractor to Commonwealth agencies?
a reporting entity for the purpose of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act)?
an operator of a residential tenancy database?

If so, it may need to comply with the Privacy Act. Information Sheet 12 gives more information about coverage of the Privacy Act.

The majority of small businesses that do need to comply with the Privacy Act should find the requirements straightforward and not difficult or expensive to manage.

Small businesses covered by the Privacy Act will need to review how they handle personal information including how they collect, use, disclose personal information and how they keep it secure.

In practical terms complying with the Privacy Act is likely to mean:

Telling people you collect personal information and what you will do with it;
Only using personal information about people in ways that they might expect;
Not passing personal information on without telling people;
Giving people the chance to see any information you hold about them if they ask;
Keeping personal information safe; and
If people ask, telling them how you handle personal information in your small business.

These obligations are set out in the National Privacy Principles. As well, the Privacy Act exempts employment records where information about employees is only used for employment purposes. If employee information is the only personal information held then there are probably no obligations under the Privacy Act.

A Snapshot of the Privacy Act for Small Business

A Snapshot of the Privacy Act for Small Business - HTML, PDF, Word

A Privacy Checklist for Small Business

Step-by-step questions lead you through the Checklist to help you work out if your small business is covered by the Privacy Act. The Checklist also gives some helpful explanations about privacy terms and points you in the right direction for more useful information for small businesses.

A Privacy Checklist for Small Business - HTML, PDF, Word

A Guide to Privacy for Small Business

This guide is for those small businesses that need to comply with the Privacy Act. The guide includes an introduction to each of the ten National Privacy Principles (NPPs) and some useful tips to help small businesses comply with the Privacy Act such as making a privacy plan.

The guide does not describe the law in detail but is a useful starting point for understanding how to apply privacy in your small business. It also gives you links to more information which you may find useful.

A Guide to Privacy for Small Business - HTML, PDF, Word

The National Privacy Principles

Schedule 3 - National Privacy Principles - HTML, PDF, Word

Note: please refer to the Guidelines to the National Privacy Principles, for more information about how the NPPs apply. Within the NPP Guidelines, there is a short summary of the NPP obligations. The Business FAQs page offers some useful Q's & A's.

More information
Information Sheet 1:	Overview of the Private Sector Provisions
Information Sheet 2:	Preparing for 21 December 2001
Information Sheet 12:	Coverage and Exemptions
Information Sheet 13:	Privacy Commissioner's approach to compliance

Small businesses can choose to be covered by the Privacy Act

A small business not covered for any other reason can opt-in or choose to have the business covered by the Privacy Act. Businesses opting to be covered by the Privacy Act are making a public commitment to good privacy practice. This has the business benefit of assuring current and prospective customers that the business is accountable for the way it handles their personal information. Businesses may also opt-in, if they are not sure if the Privacy Act applies, to be certain about their obligations.

Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act)

Small businesses that are reporting entities as defined by the AML/CTF Act will be treated as organisations for the purposes of compliance with the Privacy Act and the National Privacy Principles (NPPs) in respect of the activities they carry out to comply with their AML/CTF obligations.

It may be beneficial for some reporting entities to consider whether to apply the NPP obligations to all their business activities.

The Office’s Privacy and AML/CTF page has further information designed to help small businesses with their Privacy Act obligations.

Is Your Small Business Exempt? - Private Sector Privacy Legislation brochure

This privacy brochure was developed by the Office of Small Business.

Privacy Brochure in PDF format