According to the Privacy Act 1988 (Cth), “personal information” means the information or opinion about an identified individual or an individual who is reasonably identifiable. It includes name, date of birth, telephone number, address, bank account details and any opinion about a person. Personal information does not include sensitive information, which is information regarding a person’s racial or ethnic origin, political opinions, religious beliefs or affiliations, etc.
Data Collection and Personal Information
In your disclosure statement, you must include:
The purposes for which your company collects the personal information;
Any other organisation, entity, body or person to which your company usually discloses personal information of the kind collected;
How customers may access the personal information of themselves that is held by your company and how to seek the correction of such information;
How customers may complain about a breach of the Australian Privacy Principles and how your company will deal with such complaints;
Whether your company is likely to disclose the personal information to overseas recipients.
Key Points to Note
If the information you are collecting includes sensitive information, consent from customers is required;
Ensure that you or whoever is drafting your privacy statements complies with the Australian Privacy Law and not the American model (which is not compliant with Australian legislation).