Data privacy – Tips for businesses

Oct 19, 2022

Data privacy is top of mind for most Australians at the moment.  What is your business doing to make your clients feel safe?

Important statistics published by the Office of the Australian Information Commissioner (OAIC) confirm that protection of privacy and data is becoming more and more important to Australians. According to the OAIC, individuals are increasingly questioning the privacy practices of businesses, to whom they are being asked to disclose their personal information, where it is not clear why the business is seeking to collect their personal information in the first place.

By implementing good privacy practices in your business, you can help build and maintain the trust of your customers in how you handle their personal information and, by extension, in your business generally.

Here are some tips to help your business achieve this:

Develop and maintain a privacy management plan for your business

This plan should include robust privacy practices and processes to help your business comply with its obligations at law, as well as avoid and/or respond to privacy related issues, such as:

  • how personal information will be collected, handled and stored, including the process for dealing with information once it is no longer needed;
  • how staff are required to handle personal information;
  • how privacy risks will be assessed and managed across your business; and
  • the process for responding to any privacy related enquiries.

If you are confident in how you plan to manage personal information and privacy related issues in your business, then your customers will have confidence too.

Create and maintain a privacy policy that is simple, clearly expressed and complies with the Privacy Act.

Many organisations are required to have a privacy policy, which must comply with the requirements of the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act). The Privacy Act and the APPs regulate the way in which an individual’s personal information may be collected, used and disclosed. Generally speaking, most organisations that are not small businesses are required to comply with the APPs.

Your customers are more likely to trust your business if they are able to easily read and understand your privacy policy. This could be achieved by ensuring that your privacy policy is written in plain English and has a clear structure by making use of simple headings to break up the information.

Given the ever-evolving nature of information, particularly in a digital world, it is important to frequently review and update your privacy policy (as well as your privacy management plan) to ensure that your business is meeting all its privacy obligations.

Communicate your businesses privacy plan and privacy policy internally

It is important to ensure that your business’ privacy policy and privacy management practices are well communicated and implemented across your business. This involves going above the minimum requirements of the Privacy Act and really making privacy an important part of the culture of your business.

Train your staff in your privacy policy and privacy management plan. If your staff know their privacy obligations and are proficient in your policies, your business is less likely to have internal breaches and can build its reputation for cohesive and effective privacy management practices, which will inspire trust and confidence in your business.

Assess new privacy risks

Risks to privacy are continually changing and emerging. Your privacy policy and privacy management plan should be able to recognise and account for these new risks as they emerge.

The Covid-19 lockdowns, for instance, resulted in millions of people needing to work from home, placing a heavy reliance on new technologies to facilitate this. While there were benefits for businesses who embraced this technology, doing so also exposed them to new privacy risks.

Enhance your responses to privacy issues

If your business is diligent, proactive and forward thinking in how it meets and manages its privacy obligations, it will be better placed to anticipate, assess and respond to new privacy risks as they arise. This in turn will give your customers the comfort and confidence to share their valuable personal information with your business, knowing that your business is in a strong position to respond appropriately in the unfortunate event that a privacy risk does arise.

You can build trust in your businesses through good privacy practices. For more information on good privacy practice, speak with Brighid Virtue in the KKI Commercial team, or head to