Privacy Policy

Personal information

Personal information is information or an opinion that identifies an individual or allows their identity to be readily worked out from the information. It includes information such as a person’s name, address, financial information, marital status or billing details. Some personal information is sensitive information. This includes information about ethnicity, religion and health. Sensitive information is explained further in Meaning of Terms.

NPPs

The NPPs are principles or rules about collecting, using and disclosing personal information.There are some special rules about handling sensitive information including health information.

Other Exemptions

As well as exemptions for most businesses the Privacy Act also has exemptions for the media and for political parties.The Privacy Act does not apply to employment records used for employment purposes in your business.

Privacy Act Enforcement

The Privacy Act gives individuals the right to complain if they think a business, including a business subject to the Act, has not complied with the NPPs in handling personal information about them.

Make a privacy plan

Making a privacy plan is a good place to start. A plan could include the following steps:

  1. Make someone responsible for privacy

    This could be you, your office manager or someone in another position depending on the size of your business.

  2. Become familiar with the NPPs

    Get to know and understand the NPPs. The NPPs set out the minimum standards for the way you must handle personal information in your business.

  3. Do a ‘privacy stocktake’ in your business

    Once you have a good idea of what happens to the personal information you collect and handle, plan any changes you need to make so that you comply with the NPPs. Some of these changes may just be minor improvements on the way you already handle personal information. In some cases, for example, where you already hold a stock of printed forms, the plan may be implemented over time.

  4. Develop or review your complaints handling process

    Generally, the more you understand about the way you collect personal information in your business and the more open you are about the way you collect, use and disclose that information the less likely it is you will get a privacy complaint.

  5. Train your staff

    Your staff need to know about privacy too. Often, they may be the first point of contact, dealing with the customers, collecting personal information and answering enquiries. Make your staff aware that the way you handle personal information in your business may change. Involve staff in the stocktake and review process. Start training.

Resources and Help

Contact details for the Office of the Privacy Commissioner

img-missing
img-missing
img-missing
img-missing
img-missing
img-missing
img-missing
img-missing
img-missing
img-missing