What is data privacy, and why does it matter?

When we interact with other people and organisations in the world, we reveal information about ourselves. This could be our names, what we look like, where we’re from, or other, more specific information. This is our personally identifiable information. The idea of privacy concerns all aspects of the collection, storage, dissemination and use of that information.

Although all information is data, when we use the term “data privacy,” we mean that the information is being processed or stored digitally. Today, analogue data collection and storage are the exception and not the rule.

Why is data privacy important?

Privacy is a fundamental human right. Information is a valuable resource, and personally identifiable information can be highly sensitive. Personal information is used for marketing and advertising across businesses and non-profit or political organisations, and for record-keeping among employers, estate agents, health and government services and the criminal justice system.

Lax data privacy can have serious consequences. Worst case scenarios include physical endangerment, fraud or identity theft. But there are other reasons for enforcing data privacy, too. For example, a donor may not wish for a charity to pass their contact information on to other charities because they are only interested in supporting the one particular cause.

Regardless of their specific reasons, most people in Australia agree that individuals have a right to the protection of their personally identifiable information. This is why there are specific laws in place to ensure that organisations handle data respectfully.

How does data privacy affect Australian organisations?

All organisations operating within Australia need to be mindful of their collection and use of data. Different kinds of organisations have different privacy obligations — for example, health services are often held to different standards because of the sensitivity of the data they manage.

There are exemptions for small businesses engaged in non-sensitive data collection, and there are concerns that may be specific to organisations like non-profits, who often outsource their data collection.

In Australia, data privacy obligations are primarily controlled by the Privacy Act 1988, with some specific uses of data covered by additional regulations like the Spam Act 2003. But Australia’s privacy legislation is not static. The Privacy and Other Legislation Amendment Act 2024 became law at the end of 2024, and represents one of a series of upcoming changes to the Privacy Act. It included changes to how we manage international data flows, security obligations and automated decision making, among others.

A data breach can be a costly mistake for any organisation, with far-reaching consequences. In the search for specific information about your data privacy obligations, the Office of the Australian Information Commissioner is always a good place to start.

For more information about best practice data management, contact us for a no-obligation chat with one of our data experts.

Blog Categories