Most businesses produce and handle sensitive information as part of their daily operations.
According to the Privacy Act, sensitive information is all records containing commercial information, banks statements, financial and legal information about the business, associates, employees and customers.
Moreover, any record that identifies an individual is considered private and must be protected under Australian Laws.
This basic guide includes all the elements you must consider to protect your business and comply with the Law.
Businesses in health care, real estate, financial and legal services collect private information. If your business is in one of these industries, you can be 100% sure you handle sensitive information, and your business needs to comply with the legislation.
Other industries may collect private information to operate. For example, to generate invoices. If your business collects names, e-mails, phone numbers, credit card details, your business is collecting private information.
Click here to check if your business must comply with the Privacy Act Laws.
If your business handles sensitive information and need to comply with the Privacy Act, you must:
The simplest way to protect your information is by implementing a policy to manage your records.
The policy must include: Who can access private information, Where is the information stored, When a record is no longer need it?, and How to destroy records no longer need it?.
For digital records, most software includes roles that have a different levels of permissions to access information.
For documents, you need to keep them inside lock shelves. You can track who can access the files in a physical spreadsheet that includes: who access, why and when.
Finally, choose a company to destroy your records securely. This step is important because each time you securely destroy your records, you will have a certificate of secure destruction.
For more information about your obligations: