Is Your Company Compliant with National Privacy Principles (NPP)?
According to the Office of the Australian Information Commissioner, the National Privacy Principles are ten principles that “regulate how private sector organisations manage personal information. They cover the collection, use and disclosure, and secure management of personal information. They also allow individuals to access that information and have it corrected if it is wrong.”
The NPP describes how businesses should conduct themselves with regard to:
- Collecting personal information
- Use and disclosure of that information
- Information quality and security
- Transparency with how they manage personal information
- Access and correction of information
- Preventing the adoption of Australian Government identifier by business
- Individuals having the option to conduct business anonymously
- How to protect information across borders
- Dealing with sensitive information
Why the NPP is important?
The NPP is important because it forces businesses to adopt practices that protect the personal data of their clients and themselves. Businesses now need to install processes – if they don’t already have them – to ensure proper dealing with things like privacy complaints. They also have to be accountable for any personal information disclosed and create security measures to prevent breaches to the system.
Many types of businesses collect a lot of personal information, so companies like finance and insurance businesses, communications companies, online businesses, retailers, healthcare providers and secure document disposal companies will be under tough scrutiny.
How to stay compliant
Is your business compliant with the NPP? Here’s how to get on the right track.
- Categorise the types of personal information you collect and hold, like contact details, tax file numbers, employment details, race, etc.
- Understand how you collect, hold, use and disclose the information, and why you collect and use it for your work.
- Determine, if possible, countries where recipients might be so you can understand the scope of cross-border disclosures.
- Constantly review and update the way in which you manage privacy risk during each stage of information collection, use, disclosure, storage and destruction.
- Install security measures, like IT systems and audit trails, to protect the information against any misuse, loss, unauthorised disclosure, etc.
- If there are any privacy breaches or complaints, make sure your company has procedures to identify, report and address them.
- Easily allow customers or clients to access and correct their personal information.
- Make sure you allow customers the option of doing business with you anonymously.
- Establish an order that ensures the ongoing governance of your company’s compliance with the APPs, such as appointing privacy officers or setting up regular secure document disposal.
The personal information of your company and the individuals who do business with you is incredibly important. It is vital that you do not cut any corners when it comes to the NPP. These regulations are in place because without them, personal information could fall into the wrong hands, causing catastrophic consequences not only for individuals involved, but also for your business and your business’s reputation.