Privacy policies seem mundane and only add to the hoops a business or their website has to jump through to be compliant. However, these policies are becoming increasingly important as our Australian and international laws become more focussed on the protection of personal data received from clients, customers and users.
Personal information includes a broad range of information, or an opinion, that could identify an individual. What is considered personal information will vary, depending on whether a person can be identified or is reasonably identifiable in the circumstances. It includes a person’s telephone number.
Sensitive information is a subset of personal information and includes information or an opinion about an individual’s health information, which further includes information about the health service provided to an individual or an illness.
- a private-sector health service provider. This includes a private hospital, a day surgery, a medical practitioner, a pharmacist, an allied health professional, a complementary therapist (such as a naturopath and a chiropractor), a gym or weight loss clinic, a childcare centre, a private school and a private tertiary educational institution.
- a business that buys or sells personal information.
- a credit reporting body.
- a contracted service provider for the Australian Government.
- an employee association registered or recognised under the Fair Work (Registered Organisations) Act 2009.
- other businesses set out under the Privacy Regulation 2013.
Even if your business is not required to comply with the APP, you may be required to comply with other regulation regarding handling credit information and tax file numbers. Learn more here: https://www.oaic.gov.au/privacy/privacy-for-organisations/small-business/.