A business’s Privacy Policy is the business’s published outline of how they treat both their client’s and employee’s personal information.
Personal Information is information kept by the business including information on their employees and clients. Personal Information covers information such as Name, Address, Bank Account Details, DOB, Occupation, Tax File information, Electronic Contact Information, Credit Applications, Credit History, Pricing Details as well as other contact information.
Notifiable Data Breach Legislation was an amendment to the Privacy Legislation in 2017 which expands the Privacy Legislation requiring a business to notify the Office of the Australian Information Commissioner of any breaches to their information database both from external and internal sources.
Since the introduction of the NDB legislation, there is now a legal requirement for businesses to report any breaches of their information with huge potential penalties for non-compliance.
Yes, in essence the legal requirement is that any business with a single employee is required by law to have an up-to-date Privacy Policy.
The legislation outlines that a business needs to display their Privacy Policy where it is easiest for their clients to view. For most businesses that is their website.
General Data Protection Regulation Legislation is the European Union’s version of our Privacy Policy and needs to be adhered to by businesses storing or accessing information from the European Union.
Potential fines are determined by breaches to the privacy legislation and are outlined as Penalty Units. At the time of writing a penalty unit is currently valued at $222. Each breach can be a piece of information such as a client’s email address, phone number etc.
The current maximum civil penalty for an individual is 5 000 penalty units or $1,100,000, And for a company 50,000 penalty units or $11,100,000.
Generally yes, the requirement is that if you have any sort of Contact Us Form/Newsletter Subscription on your website where you ask for any personal information such as name or email address you are required by law to have a Privacy Policy for your website. This is generally called your Website Terms of Use.
Your website developer will have a standard pop-up that can ask visitors to agree to your Website Terms of Use. The trick is actually having an up-to-date Website Terms of Use that your visitors are agreeing to which meets the legislation requirements.