- Advice Summaries
- Case Notes
- Codes of Conduct
- Compliance Notes
- Fact Sheets
10 Steps Guide to Protecting Your Personal Information
Don't Leave Privacy to Chance... Take Steps to Protect Personal Information
Steps for individuals
This document is designed to help you protect your personal information. It provides a broad overview of some of your rights and the obligations of organisations and Australian and ACT Government agencies set out in the Privacy Act 1988 (Cth). The information contained in this document is not comprehensive. If you have any queries about anything in this document, or any privacy related issue, please visit our website at www.privacy.gov.au or call our Privacy Enquiries Line on 1300 363 992.
- Read privacy policies.
- Ask why the information is required, what they will do with it and who will it be disclosed to.
- Only give out as much personal information as you need to.
- Request access to your personal information.
- Make sure the information an organisation or agency holds about you is accurate and up to date.
- Take steps to protect online privacy.
- Take steps to ensure your hard copy records are properly destroyed.
- You may wish to 'opt out' of further contact with an organisation when completing forms unless you know you want to be in further contact with them.
- Know your privacy rights.
- Exercise your privacy rights.
1. Read privacy policies.
Many organisations and each Australian and ACT Government agency have publicly available information on how they handle your personal information. This information sets out the privacy practices and obligations of the organisation or agency you are dealing with. The information may be in a written document or you may be told in person or over the phone. This information generally sets out the law that the organisation is bound by, any exemptions that may apply and details for obtaining further information about the way the organisation manages the personal information it holds. For information about personal information held by Australian and ACT Government agencies, please view the Personal Information Digest page available on our website at www.privacy.gov.au/government/digests/.
2. Ask why the information is required, what they will do with it and who will it be disclosed to.
There may be times when your information is requested but does not need to be collected. For example, very few businesses need information about your medical history. So, if you think the information being asked for by an organisation or agency is not required, consider asking why the information has been requested. Knowing why will allow you to remain informed about how your personal information is being used, and if it will be disclosed, who it will be disclosed to.
3. Only give out as much personal information as you need to.
There are many cases when you may not need to provide your personal information. For example, you may not need to disclose your marital status to a retail outlet. If you don't think you need to, consider whether you should hand the information over, ask more questions about why the information is required or seek advice from our Office about what else you can do.
4. Request access to your personal information.
You have a general right to be granted access to the personal information that organisations and agencies hold about you. There are some exceptions provided under the Privacy Act to deny access, but you should be told what the exception is and why the organisation or agency is relying on it. Knowing what personal information an organisation or agency holds about you is a good way of checking that the information that they hold is accurate and up to date.
5. Make sure the information an organisation or agency holds about you is accurate and up to date.
When your personal information changes, it's a good idea to inform organisations and agencies that hold your personal information of these changes particularly when you have an ongoing relationship with them. Organisations and Australian and ACT Government agencies are required to take steps to amend their records to reflect the changes to your personal information. They must do this so that the records they retain are accurate, complete and up to date. A good idea is to make a written request for your record to be amended and request confirmation in writing that the amendment has taken place.
6. Take steps to protect online privacy.
Protecting your privacy online will ensure that you are not leaving your personal information open to abuse. Good computer security includes installing reputable anti-spyware, anti-virus scanners and firewalls software and ensuring they are all up to date. Also, make sure you are visiting secure web sites when handing over personal information including banking and credit card details. For further information, visit our website at www.privacy.gov.au/topics/technologies/security/.
You should be mindful of the many email scams that are around. The Australian Competition and Consumer Commission has useful information on how to protect yourself against scams. For further information, please visit their website at www.accc.gov.au. State and Territory Departments of Fair Trading may also maintain lists of current scams.
7. Take steps to ensure your hard copy records are properly destroyed.
Don't leave your personal information lying around. Make sure you properly destroy personal information you don't want others to see when throwing it out. This may involve properly shredding documents or physically destroying expired banking and government issued cards. This is also a good way to protect yourself against potential identity theft. For further information, please see the following document: ID Theft Booklet.
8. You may wish to 'opt out' of further contact with an organisation when completing forms unless you know you want to be in further contact with them.
Opting out of further contact will ensure you do not receive unwanted direct marketing, such as promotions and spam emails, from the organisation or any of its subsidiaries. For further information about spam emails and SMS, please visit the Australian Communications and Media Authority website.
9. Know your privacy rights.
The more you know about your rights, the easier it will be for you to safeguard your privacy. For more information about your privacy rights, and the obligations that organisations and agencies have to protect your privacy, visit our website at www.privacy.gov.au or call our Privacy Enquiries Line on 1300 363 992.
10. Exercise your privacy rights.
If you believe that your personal information has been mishandled, you should first raise the matter with the organisation or agency in question and give them 30 days to adequately deal with your complaint. If you receive no response or are not satisfied with the response provided, you can then lodge a complaint with the Office of the Privacy Commissioner, which may be able to investigate the matter. For further information visit our website at www.privacy.gov.au or call our Privacy Enquiries Line on 1300 363 992.