Site Changes
- Note 1: Major changes to the Privacy Act 1988 will come into effect in March 2014. Agencies, businesses and not for profits need to start preparing for these changes. For more information go to our privacy law reform page at www.oaic.gov.au
- Note 2: From 12 March 2013 content is no longer being added to, or amended, on this site, consequently some information may be out of date. For new privacy content visit the www.oaic.gov.au website.
When is business information covered by the Privacy Act?
If an individual's identity can be determined from business information, then this information is also personal information. If the organisation handling such information is covered by the Privacy Act (see information sheet 12) they will have to comply with the National Privacy Principles. In most circumstances, the Privacy Act does not restrict the normal flow of personal information relating to individuals acting in their business capacity (see NPP 2.1(a)).
In some situations, however, organisations may need to give consideration as to how they handle personal information collected in the business context. If the information is sensitive information, and the employee record exemption does not apply, businesses will need to obtain consent before collecting such information.
Businesses may also need to exercise care when using and disclosing personal information about sole traders. This is because the distinction between personal information relating to sole traders' businesses and their personal lives is likely to be less clear. The business using and disclosing personal information about a sole trader should consider the purpose for which they collected the information, and what the sole trader would reasonably expect (see NPP 2.1(a)).
Personal information may be used for any lawful purpose if the individual has given their consent. In many cases consent could be implied from the context of the business transaction.



Get RSS feeds