Do I need one?
The Australian privacy law is regulated by the Privacy Act 1988. The Act confers obligations to protect the privacy of customers and individuals to the following entities, except small business operators, registered political parties or state authorities:
- an individual, including a sole trader (though generally, the Privacy Act doesn’t apply to an individual acting in a personal capacity);
- a body corporate;
- a partnership;
- any other unincorporated association; or
- a trust.
In addition to the above, if you are a small business in the following sectors or have an annual turnover of $3 million or less, you are also required to comply with the Privacy Act:
- a private sector health service provider;
- a business that sells or purchases personal information;
- a credit reporting body;
- a contracted service providerfor a Australian Government contract;
- an employee association registered or recognised under the Fair Work Act;
- a business that holds accreditation under the Consumer Data RightSystem;
- a business that has opted-in to the Privacy Act;
- a business that is related to a business that is covered by the Privacy Act; and
- a business prescribed by the Privacy Regulation 2013.
Regardless of the categories above, if you are a business which collects or handles personal information, including, amongst others, any phone numbers, names or addresses, including through a website, you must comply with the Australian Privacy Principles.
For information on whether you have obligations under the Privacy Act as a small business see here.
Contact Coutts today.
This blog is merely general and non-specific information on the subject matter and is not and should not be considered or relied on as legal advice. Coutts is not responsible for any cost, expense, loss or liability whatsoever to this blog, including all or any reliance on this blog or use or application of this blog by you.