Privacy For Business

The privacy and technology landscape is changing – now is a critical time for your organisation to get privacy right.

The OAIC is urging Australian businesses and other organisations to ‘power up’ on privacy. 

With privacy reform on the way, make sure you are well positioned to meet the privacy standards your customers will expect.


Transparency: Clarity matters

The best privacy practice starts with transparency. If your business or organisation is collecting personal information from people, you must be open and transparent about how you will handle it. 

Transparency needs to apply both within your organisation – so staff know the parameters and requirements they work within – and outside it.

Most critically, the people whose information you hold need to be clear on what you will use their information for, and give their informed consent where required.

If you are thinking of doing something new – whether that’s developing or deploying new technology such as generative AI or biometrics, or a new tool or process, make sure privacy requirements are front and centre. 


Accountability: Show your privacy leadership – in good times and bad

Privacy is a human right and it’s one Australians value highly. Maintaining strong privacy practices should be a foundation of your business.

A strong privacy posture and culture across your organisation supports customer and consumer trust, as well as protecting against harms. 

It also helps position your organisation for the future – particularly with privacy reforms on the way. 

Good privacy practices include how you deal with problems and breaches, so be prepared to act quickly, openly and thoughtfully.

And remember that outsourcing services or activities doesn’t mean outsourcing responsibility: be vigilant when using third-party providers.

By making sure privacy is firmly on the leadership agenda, and empowering staff to be strong custodians of privacy in day-to-day practice, you will have a stronger, more secure and privacy-aware organisation.  


Security: Protect personal data

Power up the security of personal information in your organisation by using the right tools and guarding against known and emerging threats.

Having the right processes in place will help you keep your customers’ (and other) personal information safe. 

That means strong data governance, and reviewing and strengthening access security and ICT security measures, including to detect and respond to threats – particularly with a view to emerging threats, such as the increasing use of credential stuffing.

Look at additional authentication requirements, such as multi-factor authentication, to secure systems containing sensitive personal information. And shore up human risks with regular, clear and accessible staff training.

Ensure processes to detect and respond to cyber threats in a timely manner – and report cybercrimes, cyber security incidents or vulnerabilities to the Australian Signals Directorate’s Australian Cyber Security Centre.

You can power up your organisation’s privacy settings with the help of the resources on our website – find out more below.

<< Go back to the previous page