When we interact with other people and organisations in the world, we reveal information about ourselves. This could be our names, what we look like, where we’re from, or other, more specific information. This is our personally identifiable information. The idea of privacy concerns all aspects of the collection, storage, dissemination and use of that information.
Although all information is data, when we use the term “data privacy,” we mean that the information is being processed or held digitally. Today, analogue data collection and storage are the exception and not the rule.
Why is data privacy important?
Privacy is a fundamental human right. Information is a valuable resource, and personally identifiable information can be highly sensitive. Personal information is used for marketing and advertising across businesses and non-profit or political organisations, and for records-keeping among employers, estate agents, health and government services and the criminal justice system.
Lax data privacy can have serious consequences. Worst case scenarios include dire outcomes like physical endangerment, fraud or identity theft. But there are other reasons for enforcing data privacy, too. For example, a donor may not wish for a charity to pass their contact information on to other charities because they are only interested in supporting the one particular cause.
Regardless of their specific reasons, most people in Australia agree that individuals have a right to the protection of their personally identifiable information. This is why there are specific laws in place to ensure that organisations handle data respectfully.
How does data privacy affect Australian organisations?
All organisations operating within Australia need to be mindful of their collection and use of data. Different kinds of organisations have different privacy obligations—for example, health services are often held to different standards because of the sensitivity of the data they manage.
There are exemptions for small businesses engaged in non-sensitive data collection, and there are concerns that may be specific to organisations like non-profits, who often outsource their data collection.
In Australia, data privacy obligations are primarily controlled by the Privacy Act 1988, with some specific uses of data covered by additional regulations like the Spam Act 2003. However, as cloud services and off-shore processing of data are now the norm, it’s very possible to be affected by the data privacy regulations that apply in other geographic areas, such as the GDPR that covers all of Europe. It’s important to know where and how data is processed, and to what standard of security.
A data breach can be a costly mistake for an organisation, with far-reaching consequences. In the search for specific information about your data privacy obligations, the Office of the Australian Information Commissioner is always a good place to start.
For more information about best practice data management, contact us for a no-obligation chat with one of our data experts.