Protecting privacy, building trust, block by block

Protecting privacy, building trust, block by block

Privacy Awareness Week is about the simple foundations we can put in place to protect our personal information. Good privacy practices will help your business build and maintain the community’s trust in how you handle their personal information.

These fundamentals provided by the Office of the Australian Information Commissioner (OAIC) will help you build a strong privacy foundation.

Know your obligations

Ensure you understand your business’ obligations under the Privacy Act and keep up to date with developments in privacy and changing legal obligations. Anticipate how your customers and the wider community expect you to handle their personal information and respond to their needs and concerns.

The Privacy Act


Have a privacy plan

Make sure you have a privacy management plan in place to embed a culture of privacy, establish robust privacy practices, evaluate your privacy processes and enhance your response to privacy issues. Use our resources to assess your privacy practices and set goals and targets.

Privacy management framework


Appoint privacy champions

A strong privacy culture comes from the top so it’s a good idea to assign a senior staff member with overall responsibility for privacy. Also appoint staff responsible for managing privacy day-to-day.

Assess privacy risks

Assess privacy risks early. Undertake a privacy impact assessment for projects that involve new information handling practices, such as new technologies.

Build in privacy by design

It’s more effective and efficient to manage privacy risks proactively. Build good privacy practices into your products, services and internal systems and processes to eliminate, minimise or manage privacy risks.

Simplify your privacy policy

Australians are more likely to trust your website or service if they have read your privacy policy, but less than a third of us read them because they’re too long and complex. Make sure yours is written in plain English and includes a summary. Remember to include information about how individuals can contact you about privacy matters.

Secure personal information

Ensure secure systems are in place to protect personal information from misuse, loss and unauthorised access and disclosure.

Train your staff

Integrate privacy into staff training, conduct regular refreshers and ensure your whole team is aware of their privacy and security obligations. Make sure your staff also have all the information they need to protect their own privacy at work.

Prepare for data breaches

Have a clear and practical data breach response plan at hand so staff know what to do if there is a data breach. Treat all suspected data breaches seriously – it’s always best to be cautious.

Review your practices

Review your privacy practices and policy regularly. Make sure they meet community expectations, comply with the law, remain relevant to current practices and address new risks.

Did you know?

The Privacy Act covers organisations with an annual turnover of more than $3 million and some other organisations. If your business is not covered by the Privacy Act, you can opt in as a public commitment to good privacy practice.

Opting in to the Privacy Act




Important Notice

This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.

Information is current as at the date the article is written as specified within it but is subject to change. CRM Brokers make no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of CRM Brokers.