Personal information is information or an opinion that identifies an individual or allows their identity to be readily worked out from the information. It includes information such as a person’s name, address, financial information, marital status or billing details. Some personal information is sensitive information. This includes information about ethnicity, religion and health. Sensitive information is explained further in Meaning of Terms.
The NPPs are principles or rules about collecting, using and disclosing personal information.There are some special rules about handling sensitive information including health information.
As well as exemptions for most businesses the Privacy Act also has exemptions for the media and for political parties.The Privacy Act does not apply to employment records used for employment purposes in your business.
The Privacy Act gives individuals the right to complain if they think a business, including a business subject to the Act, has not complied with the NPPs in handling personal information about them.
Making a privacy plan is a good place to start. A plan could include the following steps:
This could be you, your office manager or someone in another position depending on the size of your business.
Get to know and understand the NPPs. The NPPs set out the minimum standards for the way you must handle personal information in your business.
Once you have a good idea of what happens to the personal information you collect and handle, plan any changes you need to make so that you comply with the NPPs. Some of these changes may just be minor improvements on the way you already handle personal information. In some cases, for example, where you already hold a stock of printed forms, the plan may be implemented over time.
Generally, the more you understand about the way you collect personal information in your business and the more open you are about the way you collect, use and disclose that information the less likely it is you will get a privacy complaint.
Your staff need to know about privacy too. Often, they may be the first point of contact, dealing with the customers, collecting personal information and answering enquiries. Make your staff aware that the way you handle personal information in your business may change. Involve staff in the stocktake and review process. Start training.
Contact details for the Office of the Privacy Commissioner