The Privacy act changes and what they mean to you

Have no fear though as the new legislation only affects Australian businesses with annual revenues greater than $3 million and who collect personal information from individuals.

However, there are some exceptions to that (for example if you are a health care provider) so if in doubt – seek legal advice. The good news is if you have already been sticking to the SPAM Act then all should be fine and dandy but some best practise guidelines on what you should do to manage your customer data and stay compliant are below.

In terms of the changes that could impact you as a Small Business then the main one is the 13 new Australian Privacy Principles (APP's) which look at how business collect, store and use personal information.

What you should start doing from now

Whilst the new law only applies to businesses with yearly revenues in excess of $3 million, there are still things you can start do as a business now (if you're not already):

1. Set up a privacy policy. What do we mean by this? Pull together a statement that outlines how you collect information and what you use it for. An example of what to include in your privacy statement can be found in the free download from the Association for Data driven Marketing & Advertising (ADMA) here.
2. Only collect information that you need from your customers. For example – there is no need to ask for sensitive information such as a Driver's License number from someone who has subscribed to your newsletter.
3. Don't keep hold of customer information for any longer than you need to and if you haven't been given consent to use data in the first place then discard it. Click here for more information on consent.
4. Make sure that your customers understand why you are collecting information from them and what you will be using it for. So, for example if a customer provides you with their name and email address and you intend to use it to send them a company newsletter then tell them that. You can include this information on your privacy policy or website terms and conditions.
5. If you send out any email marketing communications you need to give people the option to "unsubscribe". What does this mean? Basically it means that if a customer receives an email from you and no longer wants to continue receiving them in the future, they need to be able notify you of that wish. What's more, the "unsubscribe" option needs to appear in every single marketing communication regardless of the medium used. So, whether on a piece of mail in the post, an email, or a telephone call, people need to have the option to opt out at all times.
6. If you plan to use any of the information provided overseas then you need to take reasonable steps to ensure that there are no breaches to the data privacy principles overseas.
7. You should steer clear of collecting any sensitive information, such as political beliefs, race, religion etc. as consent is needed for gathering this kind of data and it has the potential to cause problems for you.
8. Try to keep on top of the latest legislations to ensure that you are on top of any changes to it and abreast of the implication of those changes for your business.

For more detailed information on the new APP's take a look at this quick reference tool from the Office of Australian Information Commissioner.