11 December 2007

With the requirements of the Anti-Money Laundering/Counter-Terrorism FinancingAct (AML/CTF) coming into effect tomorrow, the Privacy Commissioner, Karen Curtis, has reminded businesses to carefully consider their privacy obligations when collecting personal information for AML/CTF purposes.

''While it is of course important for businesses to collect the required information from customers to meet AML/CTF requirements, they should be careful not to over-collect, as this may breach their customers'' privacy rights'' Ms Curtis said.

''Most importantly, businesses should adopt a sound risk-based approach to ensure that all information collected for AML/CTF reporting obligations is strictly necessary, and they should not try to apply an ''arbitrary standard'' to their collection processes.''

For example, in certain circumstances a business may only need to verify the customer''s basic details, such as name, address and date of birth.

While the Privacy Act generally applies only to some small businesses, Ms Curtis has also reminded those small businesses with obligations under AML/CTF that they will now have requirements under the Privacy Act.

''Small businesses that fall under the AML/CTF requirements also need to be mindful of their obligations under the Privacy Act, which covers the collection, storage, use, disclosure and disposal of their customer''s personal information,'' Ms Curtis said.

For further information, contact the Office of the Privacy Commissioner on 1300 363 992 or click here.