Skip to main content

Tips for business

Good privacy practices will help your business build
and maintain the community’s trust in how you
handle their personal information.

These fundamentals will help you build a strong
privacy foundation.

For Business
Know your obligations
Know your obligations

Know your obligations

Ensure you understand your business’ obligations under the Privacy Act and keep up to date with developments in privacy and changing legal obligations.

Anticipate how your customers and the wider community expect you to handle their personal information and respond to their needs and concerns.

Have a privacy plan
Have a privacy plan

Have a privacy plan

Make sure you have a privacy management plan in place to embed a culture of privacy, establish robust privacy practices, evaluate your privacy processes and enhance your response to privacy issues.

Use our resources to assess your privacy practices and set goals and targets.

Appoint privacy champions
Appoint privacy champions

Appoint privacy champions

A strong privacy culture comes from the top so it’s a good idea to assign a senior staff member with overall responsibility for privacy. Also appoint staff responsible for managing privacy day-to-day.

Assess privacy risks
Assess privacy risks

Assess privacy risks

Assess privacy risks early. Undertake a privacy impact assessment for projects that involve new information handling practices, such as new technologies.

Build in privacy by design
Build in privacy by design

Build in privacy by design

It’s more effective and efficient to manage privacy risks proactively. Build good privacy practices into your products, services and internal systems and processes to eliminate, minimise or manage privacy risks.

Simplify your privacy policy
Simplify your privacy policy

Simplify your privacy policy

Australians are more likely to trust your website or service if they have read your privacy policy, but less than a third of us read them because they’re too long and complex. Make sure yours is written in plain English and includes a summary. Remember to include information about how individuals can contact you about privacy matters.

Secure personal information
Secure personal information

Secure personal information

Ensure secure systems are in place to protect personal information from misuse, loss and unauthorised access and disclosure.

Train your staff
Train your staff

Train your staff

Integrate privacy into staff training, conduct regular refreshers and ensure your whole team is aware of their privacy and security obligations. Make sure your staff also have all the information they need to protect their own privacy at work.

Prepare for data breaches
Prepare for data breaches

Prepare for data breaches

Have a clear and practical data breach response plan at hand so staff know what to do if there is a data breach. Treat all suspected data breaches seriously – it’s always best to be cautious.

Review your practices
Review your practices

Review your practices

Review your privacy practices and policy regularly. Make sure they meet community expectations, comply with the law, remain relevant to current practices and address new risks.

Did you know?

The Privacy Act covers organisations with an annual turnover of more than $3 million and some other organisations. If your business is not covered by the Privacy Act, you can opt in as a public commitment to good privacy practice.

Opting in to the Privacy Act

Did you know?

Build on your foundation

Explore our training resources to help you build on your privacy knowledge.

Training resources

Build on the foundation

Become a PAW supporter

Becoming a PAW supporter gives your organisation access to our supporter toolkit to help increase privacy awareness among your staff, customers and stakeholders. It shows your commitment to good privacy practice and advancing the privacy rights of individuals.

Sign up now