If your organisation does direct marketing, handles any personal information (such as individuals’ names and addresses) or has a turnover of $3 million or more, your organisation may need to comply with the Privacy Act 1988 (Cth). The Act governs the collection, use, disclosure and storage of personal information, being information or opinion from which an individual’s identity is apparent or can reasonably be ascertained. Your organisation must comply with the 10 National Privacy Principles.

For a Summary of the 10 National Privacy Principles...

1. Collection
Your organisation should not collect personal information, unless it is necessary for one or more of its functions and activities. When your organisation collects personal information, it should ensure that the individual is aware of who your organisation is, that the individual has access to his or her personal information, why the information is being collected and who the information may be given to. This is the case whether your organisation collects information directly from the individual or from another person or entity.

2. Use and Disclosure
Your organisation must use and disclose the personal information only for the purpose for which it was collected unless it has the consent of the individual. If the personal information is used for direct marketing, your organisation must also inform the individual that they can refuse to receive any direct marketing communications from your organisation.

3. Quality
Your organisation must ensure that the personal information it holds is accurate, complete and up to date.

4. Security
Your organisation must secure the personal information it holds against loss and misuse and against unauthorised access, modification or disclosure. If your organisation no longer needs the personal information it holds for the purpose for which it was collected, it must be destroyed or de-identified.

5. Openness
Your organisation must be open about how it handles personal information. It should have a Privacy Policy which clearly expresses how it manages and handles personal information. This Privacy Policy should be available to anyone who asks for it.

6. Access
Individuals have a right to access the personal information your organisation holds about them. They also have a right to have that information corrected if it is incomplete, inaccurate or out of date.

7. Identifiers
Your organisation must not identify an individual by reference to an identification method used uniquely by an agency or Commonwealth agency (such as by reference to a tax file number). Such identification methods can only be used for the purpose for which they were issued.

8. Anonymity
Individuals dealing with your organisation should have the option to remain anonymous if they choose to.

9. Overseas Transfer
Your organisation may only transfer personal information overseas if the individual consents or the transfer is necessary for the performance of a contract between the individual and your organisation, or your organisation can ensure that the personal information will be handled in a manner consistent with the Act overseas.

10. Sensitive
Your organisation should not collect sensitive information (such as information regarding health, political or religious beliefs or memberships of associations) unless the individual has consented or the collection is required by law.

Kim Tunbridge is the CEO of Jungle Management Pty Ltd - a law firm that provides legal solutions for the Marketing & IT industries

www.jungle.com.au

Self-made millionaire and Personal Branding™ guru, Jason Hartman, sees today’s four tips - quality, consistency, competency and reliability - as essential to your brand’s personality. Here, we explore them with relevance to the online arena and help you answer: What is the personality of your brand? Is your e-newsletter delivering on its promise?