The Australian Privacy Act 1988 (Cth) contains provisions that deal with the following:
Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Sensitive information means:
- information or an opinion about an individual’s:
- racial or ethnic origin; or
- political opinions; or
- membership of a political association; or
- religious beliefs or affiliations; or
- philosophical beliefs; or
- membership of a professional or trade association; or
- membership of a trade union; or
- sexual preferences or practices; or
- criminal record;
- that is also personal information; or
- health information about an individual; or
- genetic information about an individual that is not otherwise health information.
Australian Privacy Law states businesses must ‘take reasonable steps to destroy or de-identify personal information that is no longer required.’* Not only does the careless discarding of confidential information put your business and your customer’s identities at risk, you become vulnerable to significant fines.
The Office of the Australian Information Commissioner (OAIC) has produced a guide on how to protect personal information. The OAIC will refer to this guide when assessing whether an entity has compiled with its information security obligations in the Privacy Act.