Does your Business fall within the Requirements of the Privacy Act?

Depending on your business’ annual turnover and how it deals with ‘personal information’, your business may be covered by the Privacy Act 1988 (Cth) (“the Act”) and need to also comply with the 13 Australian Privacy Principles.

Whilst the requirement to have a Privacy Policy are not applied across the board, as business’ increasingly grow an online presence and gain access to personal information, it is risk adverse to ‘opt in’ and provide a Privacy Policy to your clients/and or customers. 

 A Privacy Policy is also increasingly expected by consumers unaware of the thresholds and not having one may deter them from engaging your business. 

Does my business need a Privacy Policy?

If your business has an annual turnover greater than $3 million it will need to comply with the Australian Privacy Principles and have a Privacy Policy.

The Act also covers some specific types of business with turnover below $3 million, including: 

  • Private sector health service providers (this applies to a broad range of businesses, including hospitals, gyms, and schools).
  • Employee associations, as defined in the Fair Work Act 2009.
  • Contracted service providers for a Commonwealth contract. 
  • Businesses that sell or purchase personal information.
  • Credit reporting bodies.
  • Businesses related to a business that is covered by the Act (such as a subsidiary of a company covered by the Act). 
  • Other types of business prescribed by regulations.

What are the Penalties for Breaches of the Privacy Law?

The penalties for the misuse of personal information by entities covered by the Act are severe. Infringement notices of up to $63,000 for companies, or $12,600 for individuals may be issued. 

The maximum penalties for serious breaches range from $2.1 million for serious or repeated breaches, to the greatest of: 

  • $10 million,
  • Three times the value of any benefit obtained through the misuse of information, or
  • 10% of a company’s annual domestic turnover.

At Roberts Legal we can provide an initial free case evaluation advising if your business falls under the requirements of the Privacy Act and if required, provide you with a comprehensive Privacy Policy, tailored to your business. 

By Angus Ferguson,
Associate Solicitor

Call or email me today for a free case evaluation.