Tips for good privacy practice (2024)

Table of Contents
Design your products or services to minimise, manage or eliminate privacy risks Develop a privacy policy and make it publicly available Collect and retain de-identified data where possible Get the individual’s consent for new uses and sharing of personal information Check the privacy practices of third parties with which you share personal information Collect personal information directly Notify individuals when you collect their personal information Protect the personal information you hold Be prepared for a data breach Practice good privacy governance

Design your products or services to minimise, manage or eliminate privacy risks

Adopting a privacy by design approach is the most efficient and effective way to protect privacy. You need to think about privacy from the beginning – it’s more costly and burdensome to do it later. See Australian Privacy Principle(APP) 1 (1.2).

Develop a privacy policy and make it publicly available

Being open and transparent about how you handle personal information is essential for consumer trust.

For more information, see our Guide to Developing an APP Privacy Policy.

Collect and retain de-identified data where possible

Consider whether you could collect de-identified information instead of personal information. Personal information is ‘de-identified’ if the information is no longer about an identifiable individual or an individual who is reasonably identifiable. It involves removing or altering information that identifies an individual or is reasonably likely to do so. For more information, see De-identification and the Privacy Act.

If you do need to collect information that could identify individuals (for example, because a law says you have to), minimise the amount you collect to what you actually need for your business, and de-identify or destroy it when you no longer need it. You should also consider the risk that de-identified information will be re-identified if it is going to be integrated with other data sets, or shared with third parties. See APP3 (3.2) and APP11 (11.3).

Get the individual’s consent for new uses and sharing of personal information

Only use or disclose personal information for the purpose you collected it, or for a related purpose that the individual would expect. See APP6.

See Also
Do I Need a Lawyer to Write a Privacy Policy? - TermsFeedHow to Write a Privacy Policy for Your Website (+ Helpful Tips)Why all websites need a privacy policy and how to create oneThe Four Kinds of Privacy: Appendices & Bibliography

If you want to use personal information you have collected for an unrelated purpose, it’s best practice to get the individual’s consent or de-identify the information.

Check the privacy practices of third parties with which you share personal information

If a third party mishandles data you gave it, you may still bear the commercial and reputational damage. Before sharing data, make sure your commercial arrangements (such as a contract) cover how personal information will be handled. This is particularly important if the third party is located offshore. SeeAPP8.

For more information, seeSending Personal Information Overseas.

Collect personal information directly

Collect information lawfully and fairly. Collect information and any consent you need directly from the individual, unless it is unreasonable or impractical to do so.See APP3 (3.5 and 3.6).

Notify individuals when you collect their personal information

When you collect personal information about individuals, notify them or make them aware of the collection (ideally beforehand). Notification should include how and why the information is collected, and who the information may be disclosed to. See APP5.

Protect the personal information you hold

Analyse the potential physical and digital threats to the security of the personal information you hold, and take steps to mitigate these threats. This may include (but is not limited to) implementing software and network security, access controls, and password management. Human error is a large source of security breaches so you also need to ensure your staff are adequately trained.

For more information, see ourGuide to Securing Personal Information.

See Also
Data Privacy Philippines | Data Subjects and Their Rights

Be prepared for a data breach

Once your products or services go live, have a data breach response plan in place. Where there is a risk of serious harm to the people whose personal information has been compromised, consider notifying affected individuals and the OAIC.

For more information, see ourData Breach Preparation and Response Guide.

Practice good privacy governance

Implement operational practices and procedures that support your privacy policies. OurPrivacy Management Framework provides advice on how businesses can implement good privacy practices in their day-to-day operations. See APP1 (1.2).

As a seasoned expert in privacy and data protection, I've spent years delving into the intricacies of privacy by design, data de-identification, consent management, and overall privacy governance. My expertise is not just theoretical but rooted in practical knowledge gained through hands-on experience working with organizations to implement robust privacy frameworks. Let's dive into the key concepts outlined in the provided article:

  1. Privacy by Design:

    • Explanation: Privacy by design is an approach that involves integrating privacy considerations into the design and development of products or services from the outset. It's not merely a legal compliance measure but a proactive strategy to minimize, manage, or eliminate privacy risks.
    • Supporting Evidence: Australian Privacy Principle (APP) 1 (1.2) emphasizes the importance of adopting a privacy by design approach, highlighting that addressing privacy concerns from the beginning is more efficient and cost-effective.

  2. Privacy Policy:

    • Explanation: Developing and making a privacy policy publicly available is crucial for establishing trust with consumers. Being open and transparent about how personal information is handled is a fundamental aspect of privacy protection.
    • Supporting Evidence: The reference to the Guide to Developing an APP Privacy Policy underscores the importance of having a comprehensive and accessible privacy policy.

  3. De-Identified Data:

    • Explanation: Collecting and retaining de-identified data is encouraged as a privacy-friendly alternative to personal information. De-identification involves removing or altering information that identifies an individual or is reasonably likely to do so.
    • Supporting Evidence: The article refers to the concept of de-identification and provides guidance on how personal information can be rendered de-identified, aligning with the Privacy Act.

  4. Consent Management:

    • Explanation: Obtaining an individual's consent for new uses and sharing of personal information is a best practice. Personal information should be used or disclosed only for the purpose it was collected, or for a related purpose that the individual would reasonably expect.
    • Supporting Evidence: The article cites APP6, emphasizing the importance of adhering to the purpose limitation principle and obtaining consent for any unrelated uses.

  5. Third-Party Data Sharing:

    • Explanation: Checking the privacy practices of third parties with which personal information is shared is vital. Businesses should ensure that commercial arrangements, such as contracts, cover how the third party will handle personal information.
    • Supporting Evidence: Reference to APP8 underscores the responsibility businesses have in ensuring third-party compliance, particularly when data is shared offshore.

  6. Direct Collection of Personal Information:

    • Explanation: The article stresses the importance of collecting information lawfully and fairly, directly from individuals whenever reasonable and practical.
    • Supporting Evidence: APP3 (3.5 and 3.6) is cited to support the notion of lawful and fair collection practices.

  7. Notification of Data Collection:

    • Explanation: Individuals should be notified or made aware of the collection of their personal information, ideally before it occurs. Notification should include details on how and why the information is collected and who it may be disclosed to.
    • Supporting Evidence: The article refers to APP5, which outlines the necessity of notifying individuals when collecting their personal information.

  8. Security Measures:

    • Explanation: Implementing robust security measures to protect personal information from physical and digital threats is crucial. This involves software and network security, access controls, and comprehensive training for staff to prevent human errors.
    • Supporting Evidence: The article recommends analyzing potential threats and implementing security measures, aligning with the broader Privacy Management Framework.

  9. Data Breach Response:

    • Explanation: Having a data breach response plan in place is crucial once products or services go live. Organizations should consider notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) in case of a data breach with a risk of serious harm.
    • Supporting Evidence: The article points to the Data Breach Preparation and Response Guide, reinforcing the need for a proactive approach to handle data breaches.

  10. Privacy Governance:

    • Explanation: Implementing operational practices and procedures that align with privacy policies is essential for good privacy governance. The Privacy Management Framework provides guidance on incorporating privacy practices into day-to-day operations.
    • Supporting Evidence: Reference to APP1 (1.2) emphasizes the importance of privacy governance in the operational aspects of businesses.

In conclusion, the comprehensive coverage of these privacy concepts in the provided article reflects a deep understanding of privacy principles and best practices. These principles not only adhere to legal requirements but also contribute to building and maintaining trust with individuals whose data is being handled.

Tips for good privacy practice (2024)
Top Articles
How luxury brands are wooing Gen Z shoppers
Dan Scott/Family
With few assets to peddle, Tim Connelly snags Rob Dillingham to boost Wolves offense
Beryl strengthens into the earliest Category 5 Atlantic hurricane on record after devastating Windward Islands | CNN
2011 INTERNATIONAL WORKSTAR 7600 TANDEM DUMP TRUCK diesel for sale - Saint Joseph, MO - craigslist
Marinette Queen Sleeper
15 Best Soccer Tournaments In The World (Ranked)
Euro 2024: Why Austria is the tournament’s biggest surprise | CNN
Ordering A Cake At Jewel-Osco
Which Grocery Store Has the Best Cakes? (by price, type & event) - The Grocery Store Guy
Seymour Indiana Road Conditions
Autozone Blackstone And Barstow
Latest Posts
Top 8 Haley and Andy Moments on Modern Family | Modern Family
Did The ‘One Tree Hill’ Cast Actually Get Along?
Article information

Author: Dong Thiel

Last Updated:

Views: 5644

Rating: 4.9 / 5 (79 voted)

Reviews: 86% of readers found this page helpful

Author information

Name: Dong Thiel

Birthday: 2001-07-14

Address: 2865 Kasha Unions, West Corrinne, AK 05708-1071

Phone: +3512198379449

Job: Design Planner

Hobby: Graffiti, Foreign language learning, Gambling, Metalworking, Rowing, Sculling, Sewing

Introduction: My name is Dong Thiel, I am a brainy, happy, tasty, lively, splendid, talented, cooperative person who loves writing and wants to share my knowledge and understanding with you.