What is Business Sensitive Information
Most businesses produce and handle sensitive information as part of their daily operations.
According to the Privacy Act, sensitive information is all records containing commercial information, banks statements, financial and legal information about the business, associates, employees and customers.
Moreover, any record that identifies an individual is considered private and must be protected under Australian Laws.
This basic guide includes all the elements you must consider to protect your business and comply with the Law.
"Private information that identifies a person or business, such as names, addresses, phone numbers etc."
"Commercial information, bank statements, financial records, legal records etc."
1.0 DOES YOUR BUSINESS COLLECT PRIVATE INFORMATION?
Businesses in health care, real estate, financial and legal services collect private information. If your business is in one of these industries, you can be 100% sure you handle sensitive information, and your business needs to comply with the legislation.
Other industries may collect private information to operate. For example, to generate invoices. If your business collects names, e-mails, phone numbers, credit card details, your business is collecting private information.
Click here to check if your business must comply with the Privacy Act Laws.
2.0 WHAT ARE YOUR OBLIGATIONS?
If your business handles sensitive information and need to comply with the Privacy Act, you must:
- Implement reasonable measures to protect your digital information
- Take the reasonable steps to de identify records
- Securely destroy your records when you dont need them.
3.0 What are reasonable measures to protect your records
- Restrict access to records (Physical and Digital)
- Implement management of records policy
- Securely destroy your records when you dont need them.
The simplest way to protect your information is by implementing a policy to manage your records.
The policy must include: Who can access private information, Where is the information stored, When a record is no longer need it?, and How to destroy records no longer need it?.
For digital records, most software includes roles that have a different levels of permissions to access information.
For documents, you need to keep them inside lock shelves. You can track who can access the files in a physical spreadsheet that includes: who access, why and when.
Finally, choose a company to destroy your records securely. This step is important because each time you securely destroy your records, you will have a certificate of secure destruction.
For more information about your obligations:
You may also like
Secura Bags is your secure document destruction ally
