Privacy Awareness Week 2017


Monday 15 May to Friday 19 May 2017 is Privacy Awareness Week. With consumers being more conscious than ever before with where and how they hand over personal data, and what it's used for, both consumers and businesses need to be accountable for their actions in relation to handling of such data. 

According to Australian Information and Privacy Commissioner, Timothy Pilgrim, "the theme for Privacy Awareness Week is 'trust and transparency' which speaks to the importance of organisations handling personal information with care. Personal data can travel through numerous transactions, media and organisations — but it’s always personal — so it’s important that we take care at every step."

From the consumer view point, privacy concerns especially when talking about eCommerce, can impact on decisions in regards to where we shop, what we download and what personal information we actually handover. Despite these concerns, 65% of consumers don't always read the privacy policies of those businesses they are interacting with. 

Businesses, upon receipt of consumer information, have a responsibility to keep consumer details safe. As a business owner you must:

  • Protect personal information from misuse, interference, loss, and from unauthorised access, modification or disclosure.
  • Take reasonable steps to destroy or de-identify personal information when it’s no longer needed.

Personal information can include the below, but generally is considered to be any information where you can identify or reasonably identify the individual.

  • Name
  • Address
  • Medical records
  • Bank account details
  • Photos
  • Videos
  • Where they work
  • Information about their opinions

To learn more about Australian community attitudes to privacy you can view the most recent survey results at the below video. 

If you're a business owner, and are not sure if your business operations comply with the Privacy Act, Coutts can review and assist with drafting a handling process and privacy policy that fits your business. 

Drones, you and the law


Drones are becoming more common. Although used for some time for agribusiness, map making and by surveillance organisations and insurance companies, smaller drones are now readily available - in fact they seem to be one of the top Christmas gifts for 2016.

Be careful what type of drone you buy - drones that are 2 kgs or more, need to be registered with the Civil Aviation Safety Authority (CASA). Anyone piloting these drones also needs to obtain an Operator’s Certificate before they can start flying the drone in public airspace. Where public airspace begins is not straight forward, unfortunately there is no clear boundary. Serious drone operators should consider purchasing maps from CASA.

From 26 September 2016 onwards, if you are operating a drone that is less than 2 kgs, you will be permitted to pilot that drone during the day as long as it remains within your line of sight, rises no more than 400 feet from the ground and is more than 30 metres away from members of the public. By remaining within 400 feet from the ground, you should stay out of public air space, but bear in mind CASA can declare public airspace for particular events or for emergencies. However, there are quite a few circumstances that will effectively cancel out this ability, including:

  • If the flight is for commercial gain.
  • In a prohibited area.
  • In a populous area - which can include both residential areas, such as a city, but, also a crowed beach, a sporting event or any other once off events that cause an area to swell with people.
  • Within 5 kilometres of the movement area of an airport.
  • Anywhere where there is an emergency, police or fire operation being conducted.

Be aware that if anyone operating a drone commits any of the above breaches they can be fined up to $8,500.00 per offence.

Local Councils have the power to ban drones in public places such as parks. However, the Council will not generally be able to regulate the airspace in their area.

This is certainly an area of the law that is lagging behind technology, however after 26 September 2016 new laws will provide some comfort to members of the public who are concerned about the increased use of drones and the perceived invasion of privacy. Currently in Australia the “right” to privacy currently only extends to personal information.

The 2016 Census, your small business and privacy


The 2016 Census was meant to be to a seminal moment in our history. For the first time a snapshot of our society was to occur online.

However, instead of the excitement of something new, and kudos to the government for implementing a new system said to save tax payers around $100 million, all of the publicity related to our concerns about Privacy. We wanted to know how the information we had willing provided in years past was going to be used, accessed and stored. If anything, the 2016 Census showed how much people value their privacy and how any transaction online sets of alarm bells.

Privacy may not be a particularly interesting topic of conversation, but you can bet your bottom line that your customers are concerned about their personal information and what you are doing with it. If there is even a perception that you will not respect their privacy, they will vote with their feet.

Personal information is any detail about a person that allows that person to be identified - their name, address, date of birth, bank account details, medical records, photographs and even information about their shopping habits and where they work may be included. Much of this information is routinely collected by businesses. If your business collects personal information there are strict requirements about how you use it and store it. If you misuse this material, you are likely to lose customers and business partners. You may also risk a fine.

When you are collecting information, you should state what the information is used for and refer customers to your privacy policy. Consider if you actually need the information - “because it might be useful later on” is not a good enough reason to request it. A clear privacy policy will provide reassurance to your customers that you respect their privacy. If you collect any type of financial information from customers they will expect it to remain private, in fact they are entitled to have it protected from disclosure.

Next, consider how you store personal information. Have sophisticated passwords for your server, a firewall and don’t leave physical copies of information physically lying around where others can see it. You need a process in place to manage the information. If you have staff members, you will need to let them know about the process.  The process is an important tool to protect your business from fines, complaints and a loss of customers so it is worth getting the process right from the start.

If you will share the information with a third party, you must state this in your privacy policy.

A business with an annual turnover of more than $3,000,000.00 must comply with the Privacy Act. If your business has less turnover, it is still a good idea to demonstrate to your customers that you value their personal information, it's great PR. If your business provides health services you must comply with the Privacy Act and the Heath Records Information Act, irrespective of your annual turnover. If you have any contracts or funding from government, you are likely to have to comply with any privacy polices of that agency as part of your agreement.