If you have customers — or employees — you almost certainly collect personal information. Get up to speed on your privacy responsibilities with a new 30-minute training module from the Privacy Commissioner.
Get it right and people will trust you. Get it wrong and you hurt your own reputation.
Protecting customer privacy should be a key part of your business strategy. A breach of privacy can result in a loss of consumer trust, and a blow to your reputation. You also may need to pay the person whose privacy you breached.
Luckily, understanding the Privacy Act is now as easy as A-B-C. The Privacy Commissioner’s new online training module — called Privacy ABC — covers privacy rights and obligations in 30 minutes or less.
Privacy e-learning tools(external link) — Privacy Commissioner
Privacy ABC is free and can be completed at your own pace. It gives practical tips to business owners who deal with personal information, but don’t need to know every single aspect of privacy law.
Topics covered include how businesses and other organisations:
It includes examples of how businesses and the self-employed manage personal information safely — using Bill, a fictional food truck owner, as one of the case studies — and quizzes so you can test your understanding along the way.
If Privacy ABC leaves you hungry to learn more, move on to Privacy 101, another online tool that delves deeper into the Privacy Act.
Bill owns a food truck, where he prepares and sells tacos. His phone number is on the side of his truck, and customers occasionally text him ahead of time with their orders.
He starts noting down their numbers. This counts as collecting personal information under the Privacy Act. Bill must make sure he’s collecting this information for a lawful purpose connected to his business.
This means he can use customers’ phone numbers to tell them about taco deals. But he can’t ask if they are in a relationship, or how many children they have, as this doesn’t have a clear connection to tacos.
Bill also must tell his customers:
When Bill’s meat supplier asks him for customer contact details, he refuses — his customers did not agree to this when they gave him their information.
But there are exceptions, eg if someone’s life or health is at risk.
So when his drinks supplier tells him a batch of lemonade is off — and anyone who drank it should go to the doctor immediately — Bill calls his customers. This is OK, as it’s necessary to stop people getting sick.
He’s also allowed to share information that doesn’t identify anyone.
So when a hospitality industry association asks how many customers he has, Bill can tell them. It doesn’t identify any one customer, so is in line with the Privacy Act. But if the association then asks for contact details to get in touch with repeat customers, Bill must say no.
This case study is based on the Privacy Commissioner’s Privacy ABC tool.
Privacy e-learning tools(external link) — Privacy Commissioner
Collecting and using information about people — even a phone number and invoicing address — is an everyday part of doing business. You must:
If you break any of these rules — even accidentally — a customer may make a complaint under the Privacy Act.
Information privacy principles(external link) — Privacy Commissioner
Create a plain English privacy statement with the online tool Priv-o-matic.
Priv-o-matic(external link) — Office of the Privacy Commissioner tool