Protect customer information: Free online training

If you have customers — or employees — you almost certainly collect personal information. Get up to speed on your privacy responsibilities with a new 30-minute training module from the Privacy Commissioner.

Get it right and people will trust you. Get it wrong and you hurt your own reputation.

Protecting customer privacy should be a key part of your business strategy. A breach of privacy can result in a loss of consumer trust, and a blow to your reputation. You also may need to pay the person whose privacy you breached.

Luckily, understanding the Privacy Act is now as easy as A-B-C. The Privacy Commissioner’s new online training module — called Privacy ABC — covers privacy rights and obligations in 30 minutes or less.

Privacy e-learning tools(external link) — Privacy Commissioner

Privacy ABC is free and can be completed at your own pace. It gives practical tips to business owners who deal with personal information, but don’t need to know every single aspect of privacy law.

Topics covered include how businesses and other organisations:

  • can collect and use personal information about customers and employees
  • should store and handle this information 
  • must check information and change anything that’s incorrect or out of date.

It includes examples of how businesses and the self-employed manage personal information safely — using Bill, a fictional food truck owner, as one of the case studies — and quizzes so you can test your understanding along the way.

If Privacy ABC leaves you hungry to learn more, move on to Privacy 101, another online tool that delves deeper into the Privacy Act.

Case study

Case study

Customer details and privacy rules

Bill owns a food truck, where he prepares and sells tacos. His phone number is on the side of his truck, and customers occasionally text him ahead of time with their orders.

He starts noting down their numbers. This counts as collecting personal information under the Privacy Act. Bill must make sure he’s collecting this information for a lawful purpose connected to his business.

This means he can use customers’ phone numbers to tell them about taco deals. But he can’t ask if they are in a relationship, or how many children they have, as this doesn’t have a clear connection to tacos.

Bill also must tell his customers:

  • what information he is collecting, eg names and phone numbers
  • why he is collecting it, eg so he can send updates about taco deals or new menu items.

When Bill’s meat supplier asks him for customer contact details, he refuses — his customers did not agree to this when they gave him their information.

But there are exceptions, eg if someone’s life or health is at risk.

So when his drinks supplier tells him a batch of lemonade is off — and anyone who drank it should go to the doctor immediately — Bill calls his customers. This is OK, as it’s necessary to stop people getting sick.

He’s also allowed to share information that doesn’t identify anyone.

So when a hospitality industry association asks how many customers he has, Bill can tell them. It doesn’t identify any one customer, so is in line with the Privacy Act. But if the association then asks for contact details to get in touch with repeat customers, Bill must say no.

This case study is based on the Privacy Commissioner’s Privacy ABC tool.

Privacy e-learning tools(external link) — Privacy Commissioner

Protecting customer data

Collecting and using information about people — even a phone number and invoicing address — is an everyday part of doing business. You must:

  • Keep that information safe and secure. 
  • Only ask for the personal details you need for business purposes, eg name and contact details.
  • Only use personal information, eg email or street address, after taking reasonable steps to make sure it’s accurate and up to date. 
  • Respect a customer’s right to view and edit their information.
  • Get permission before passing on email addresses to another organisation or business.

If you break any of these rules — even accidentally — a customer may make a complaint under the Privacy Act.

Information privacy principles(external link) — Privacy Commissioner

If you collect personal information from your website or social media, you must tell customers how, when and why.

If you collect personal information from your website or social media, you must tell customers how, when and why.

Create a plain English privacy statement with the online tool Priv-o-matic.

Priv-o-matic(external link) — Office of the Privacy Commissioner tool

Rating form

How useful did you find this article?

Rate this

"Rate this" is required