More than two thirds of consumers worry about businesses sending their personal information outside Australia. Reassure them with a great privacy policy.
When news emerged late last year that the private information of more than 550,000 Australians who’d donated blood to the Australian Red Cross Blood Service was readily available on a public-facing website late last year, it no doubt sent shudders down the spines of privacy officers around the country.
As the organisation leapt into action to rectify the problem, it was revealed that the data breach, happened after the company’s web developer accidently placed the information, including names, gender, addresses, blood type, and phone numbers, on the Red Cross’s website.
The importance of trust
How businesses handle and protect customers’ private information is more important than ever, with the recent Deloitte Australian Privacy Index 2016 finding that 94% of consumers believe trust, including how a business manages personal information, is more important than convenience.
The survey also found that more than 67% of respondents are concerned with organisations sending personal information outside Australia, 21% of consumers want detailed information if organisations send their information to third parties, including to whom and why, and 14% want to know how their personal information is protected.
Transparency is the best policy
Having a good Privacy Policy in place is one of the most important things you can do to ensure that you don’t end up a newspaper headline.
“A Privacy Policy is a legal document that describes how your company manages personal information, putting in place practices and procedures to ensure information is handled in an open, transparent manner,” says Suzie Leask, Senior Associate, Australian Business Lawyers & Advisors.
How organisations with an annual turnover of more than $3 million (and some small businesses) handle, use and manage personal information is governed by
Australian Privacy Principles (APPs)
“In terms of privacy policy content, there are a number of requirements under the APPs that are compulsory and must be addressed, while also ensuring that the policy is appropriately tailored to suit the nature of your business,” she says.
"Things to consider include how personal information collected by your organisation can be used and disclosed (including disclosure overseas, whether overtly or simply via your IT servers and cloud based storage facilities), whether you use information for the purpose of direct marketing, maintaining the quality of personal information, keeping personal information secure and the right for individuals to access and correct their personal information. You may also need to consider the extent to which customer consent is required for use or disclosure in certain circumstances."
More stringent obligations apply to organisations which handle information deemed to be “sensitive” such as information about a person’s health, racial or ethnic origin, political opinions, religious beliefs or affiliations, criminal record, or sexual orientation or practices.