When you employ staff, and provide goods and services to customers, you collect personal information.
That may include their name and address, date of birth, bank account and credit card details, tax file number, driver’s license, superannuation fund and academic record.
Treating this information carefully and sensitively helps you maintain positive relationships with your employees and customers and comply with privacy laws.
Under the Privacy Act, the Australian Privacy Principles (APP) outline the requirements for collecting, storing, using and disclosing personal information.
Businesses that need to comply with the APP include:
- those with an annual turnover of $3million or more
- all private health service providers
- some small businesses
- all Australian government agencies.
Even if your business is not subject to privacy laws, you should still aim to follow privacy principles when dealing with employee and customer information.
You can also choose to opt in to be covered by the Privacy Act to boost your privacy credentials with your customers.
Australian law requires business owners to keep some employee records for at least seven years.
You can choose how you store your employee and customer records, for example hard copy files, electronically or in the cloud. Whichever option you choose, you need to ensure they are kept securely and maintain employee confidentiality and privacy. That might require password protection with strong passwords, keeping backup hard drives secure and encrypting cloud backup.