To get to the root of the matter, let’s start at the beginning: what’s privacy?
At its most fundamental, “privacy” refers to the idea that we can restrict access to information about ourselves as individuals. It can refer to information about our bodies, our thoughts, speech and opinions, our relationships, our communications, or specific environments (like our homes).
The right to privacy is acknowledged as a human right both locally, in Australia, and internationally in agreements like the UN’s International Covenant on Civil and Political Rights.
What is data privacy?
Data privacy is the application of this principle to data that is about an individual. This might include information like health data, sensitive data like our political views or religion, financial data like credit history, transactions or payment card information, or other personally identifiable information.
Why is data privacy important?
For individuals, data privacy underpins our right to avoid harms associated with the exposure of information which we would otherwise restrict. These harms might be identity-related harms like fraud, financial losses, reputation damage, harassment, discrimination or just plain embarrassment.
There are regulations that safeguard the privacy of individuals in Australia. Because legislation is built through an iterative process, evolving with our culture and technologies, privacy legislation in Australia is famously (or infamously) complicated, but the most significant piece of legislation relating to privacy is the Privacy Act 1988. This Act lays out the Australian Privacy Principles as well as who needs to comply. It refers mostly to personally identifiable information, which is information that can be used to learn who you are or how to find you.
Why is data privacy important for organisations?
For companies or non-profit organisations, data privacy is just as important as it is for individuals — but in a different way.
Firstly, when we hold data about our donors, customers, or service recipients, we are being trusted with information that could be used to cause harm, were it exposed. That means such organisations have a positive ethical duty to ensure any data we’re holding is stewarded with due care.
Secondly, there are significant legal penalties associated with cavalier treatment of others’ personal information. The Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022, in particular, sharply raised the cost of a privacy breach in Australia — an act that lifted the penalty for corporate interference with privacy from a cap of $2.2 million up to $50 million.
News media and political parties are often exempt from specific privacy regulations in Australia. However, non-profit organisations, including registered charities, don’t enjoy these exemptions. Given that non-profits often use third party organisations for face-to-face data collection and fundraising, that can put them in a complicated position with regard to their privacy obligations.
How can we safeguard individuals’ data to ensure data privacy is maintained?
In short, the only way to safeguard people’s data is good data governance.
Your organisation’s data strategy and policies, as well as its processes regarding oversight, compliance and data quality, are the foundational elements of data governance.
Good data governance means that you always know important information about the data you hold, like:
- Where and how your data is stored
- What data your organisation is holding and about whom
- What it’s used for, and how it’s used for those activities
- What your obligations are in safeguarding that data, and when, how, and how frequently you discharge them
A cavalier approach to data governance invites data breaches. Good data governance means having a unified, well-understood and coherent approach to how your organisation’s data assets are handled. This protects the people about whom you hold data, and it protects your business.
Where can I find out more?
If you’re looking for specific information about your data privacy obligations, the Office of the Australian Information Commissioner is always a good place to start. Or, if you’d like to improve your own data governance practices, you can always contact our data specialists for a free, no-strings chat about your data.
