Since the introduction of the Australian Privacy Principles in early 2014, many businesses have introduced new processes to deal with the handling of personal information by their staff. However, to comply with the APPs, businesses must do more than simply update their privacy policy. Your business should be taking reasonable steps to make staff aware of your privacy obligations. In this article, we will discuss how your business can train staff on privacy related issues.

Training your staff

Privacy awareness should be a central focus in your business, given it encourages positive business practices and can also help to alleviate the risk of liability.

When providing staff training on your business' privacy obligations, a good starting point is to go through your business' privacy policy and spend time discussing the various obligations your business and staff are required to comply with.

Any internal training should also deal with issues such as:

  • handling privacy complaints, access to information requests and correction of information requests;
  • when staff should be providing privacy notification statements;
  • how your staff should deal with unsolicited personal information;
  • the circumstances under which your staff will have to de-identify or destroy personal information;
  • the importance of not accessing customers' personal information unnecessarily;
  • identity authentication procedures and the need to avoid inadvertent disclosures when verifying an individual's identity;
  • the importance of password protection (such as avoiding weak passwords, changing passwords regularly, not using the same password to access multiple systems and not providing passwords to others or sharing passwords);
  • logging out of computers when they are not in use; and
  • the need to report any privacy breaches or suspected privacy breaches to your business' privacy officer.

What resources are available?

The website of the Office of the Australian Information Commissioner has an array of factsheets, tools and information to assist your business to train your staff on privacy obligations and how to deal with them.

Cooper Grace Ward's privacy law team can also help your staff understand their responsibilities. We can work with you to develop or update your business' privacy policy and information handling procedures as well as provide advice and training to your employees.

Why does it matter?

Failure to comply with the APPs may lead to penalties of up to $1.7 million (for corporations) and up to $340,000 (for individuals) if they seriously or repeatedly interfere with a person's privacy.

If you do not think that your staff are currently aware of, and comply with, your privacy obligations, we recommend that you take reasonable steps to train them on privacy issues. The tips in this article are not exhaustive considerations and you should consult the APP guidelines or contact us for more information.

Privacy awareness week

This article is the final article in our series on handling personal information as part of Privacy Awareness Week. As an official partner of the Office of the Australian Information Commissioner's privacy awareness campaign, Cooper Grace Ward has published a series of articles that relate to:

  • how your business can collect personal information;
  • how your business can engage in direct marketing;
  • how your business should handle requests to access and correct personal information;
  • the importance of a social media policy; and
  • how your business can organise internal privacy awareness and training.

Winner – EOWA Employer of Choice for Women Citation 2009, 2010, 2011 and 2012
Winner – ALB Gold Employer of Choice 2011 and 2012
Finalist – ALB Australasian Law Awards 2008, 2010, 2011 and 2012 (Best Brisbane Firm)
Winner – BRW Client Choice Awards 2009 and 2010 - Best Australian Law Firm (revenue less than $50m)

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.