Tips for business
Good privacy practices will help your business build
and maintain the community’s trust in how you
handle their personal information.
These fundamentals will help you build a strong
privacy foundation.
Know your obligations
Ensure you understand your business’ obligations under the Privacy Act and keep up to date with developments in privacy and changing legal obligations.
Anticipate how your customers and the wider community expect you to handle their personal information and respond to their needs and concerns.
Have a privacy plan
Make sure you have a privacy management plan in place to embed a culture of privacy, establish robust privacy practices, evaluate your privacy processes and enhance your response to privacy issues.
Use our resources to assess your privacy practices and set goals and targets.
Appoint privacy champions
A strong privacy culture comes from the top so it’s a good idea to assign a senior staff member with overall responsibility for privacy. Also appoint staff responsible for managing privacy day-to-day.
Assess privacy risks
Assess privacy risks early. Undertake a privacy impact assessment for projects that involve new information handling practices, such as new technologies.
Build in privacy by design
It’s more effective and efficient to manage privacy risks proactively. Build good privacy practices into your products, services and internal systems and processes to eliminate, minimise or manage privacy risks.
Simplify your privacy policy
Australians are more likely to trust your website or service if they have read your privacy policy, but less than a third of us read them because they’re too long and complex. Make sure yours is written in plain English and includes a summary. Remember to include information about how individuals can contact you about privacy matters.
Secure personal information
Ensure secure systems are in place to protect personal information from misuse, loss and unauthorised access and disclosure.
Train your staff
Integrate privacy into staff training, conduct regular refreshers and ensure your whole team is aware of their privacy and security obligations. Make sure your staff also have all the information they need to protect their own privacy at work.
Prepare for data breaches
Have a clear and practical data breach response plan at hand so staff know what to do if there is a data breach. Treat all suspected data breaches seriously – it’s always best to be cautious.
Review your practices
Review your privacy practices and policy regularly. Make sure they meet community expectations, comply with the law, remain relevant to current practices and address new risks.
Did you know?
The Privacy Act covers organisations with an annual turnover of more than $3 million and some other organisations. If your business is not covered by the Privacy Act, you can opt in as a public commitment to good privacy practice.
Build on your foundation
Explore our training resources to help you build on your privacy knowledge.
Become a PAW supporter
Becoming a PAW supporter gives your organisation access to our supporter toolkit to help increase privacy awareness among your staff, customers and stakeholders. It shows your commitment to good privacy practice and advancing the privacy rights of individuals.