Small business and the Privacy Act

Date: May 02, 2009
Document Type: Newsletter

The month of May marks the start of Privacy Awareness Week, a program to promote awareness of privacy rights and responsibilities in the workplace. So how do privacy and the Privacy Act affect your small business?

The Privacy Act

The federal Privacy Act 1988 contains ten National Privacy Principles (NPPs) that apply to parts of the private business sector.

Small business and the Act

Generally, small businesses do not need to comply with the Privacy Act unless they have an annual turnover of more than $3 million.

However, some small businesses with an annual turnover of $3 million or less are required to comply with the Act's privacy principles.

Your small business may need to comply with the Act if it is:

  • A health service provider;
  • Trading in personal information (e.g. mailing lists);
  • Related to a larger business;
  • A contractor to Commonwealth agencies;
  • A reporting entity for the purpose of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act);
  • An operator of a residential tenancy database.

Small businesses covered by the Act will need to review how they handle personal information, including collection, use, disclosure and security.

How to comply with the Act

In practical terms complying with the Privacy Act is likely to mean:

  • Telling people you collect personal information and what you will do with it;
  • Only using personal information about people in ways that they might expect;
  • Not passing personal information on without telling people;
  • Giving people the chance to see any information you hold about them if they ask;
  • Keeping personal information safe; and
  • If people ask, telling them how you handle personal information in your small business.

These obligations are set out in the NPPs.

Personal Information Vs Employee Information

The Privacy Act exempts employment records where information about employees is only used for employment purposes. If employee information is the only personal information held then there are probably no obligations under the Privacy Act.


A small business that does not have to comply with the Act can choose to be bound by the Act.

Breaching the Privacy Act has serious consequences. To check if your small business needs to comply with the Act, check with your lawyer or industry association.

Applying for Business Loans
Date: Sep 02, 2010
Australian Consumer Law
Date: Apr 01, 2011
Being Sued
Date: Nov 02, 2010
Consideration in contract law
Date: Jun 10, 2015
Contract: the rules of the game
Date: Jun 15, 2015
Goods Shipping and the Law
Date: Oct 01, 2012
Insurance Basics
Date: Feb 03, 2011
PPSA Protection and Perfection
Date: May 25, 2015
Security for Costs
Date: Aug 08, 2010
Social Networking in Business
Date: Jul 05, 2011
Tax Time Record Keeping
Date: Aug 03, 2010
Trusts and family law disputes
Date: Jul 06, 2015
What is a guarantee?
Date: Nov 10, 2014
What is consideration?
Date: Sep 14, 2014
When should a warning be given?
Date: Sep 14, 2014
Working with Contracts
Date: Mar 02, 2011
Back to Publication List