Complying with the Australian Privacy Act means managing personal information responsibly. A critical part of this is keeping a detailed record of the data types your organization collects and handles. This article will guide you through the some key data types you should consider recording ensure compliance.
Please keep in mind that this article is general in nature only. Professional advice should be sought on specific matters, and with lawyers under Costs Agreement and to which Legal Professional Privilege (LPP) applies.
1. Personal Identification Information
This includes any information that can be used to identify an individual. Examples include:
Full names
Date of birth
Address (physical and email)
Phone numbers
Driver’s license, passport, or other government-issued IDs
Why record it?
Personal identification information is central to privacy compliance. Keeping accurate records helps ensure this data is collected, used, and stored properly.
2. Sensitive Information
Sensitive information is a special category under the Privacy Act and requires extra protection. This includes:
Health information
Racial or ethnic origin
Political opinions
Religious beliefs
Sexual orientation
Criminal records
Why record it?
Sensitive information has stricter requirements under the Privacy Act. Recording it ensures your organization applies the necessary safeguards.
3. Financial Information
This includes any data related to an individual’s financial status, such as:
Bank account details
Credit card numbers
Payment histories
Why record it?
Financial information is highly sensitive and a prime target for breaches. Properly recording this data helps ensure it's protected and used only for intended purposes.
4. Employment Information
For organisations handling employee data, this includes:
Employment history
Salary details
Tax file numbers
Superannuation details
Why record it?
Employment information is essential for managing HR functions but must be handled in compliance with the Privacy Act.
5. Contact Information
Apart from personal identification, other contact details might include:
Emergency contact numbers
Business addresses
Email subscriptions and preferences
Why record it?
Accurately recording contact information ensures you can manage communications in line with individual preferences and legal obligations.
6. Customer and Client Data
For businesses, this involves any data collected during transactions or service delivery, such as:
Purchase history
Service inquiries
Feedback and reviews
Why record it?
Maintaining a record of customer data helps in providing better services while ensuring compliance with privacy laws.
7. Location Data
Any data that shows the physical location of an individual, such as:
GPS coordinates
IP addresses
Billing addresses
Why record it?
Location data is personal information and must be handled with care to avoid privacy breaches.
8. Biometric Data
This includes unique physical characteristics used for identification, like:
Fingerprints
Facial recognition
Voice recognition
Why record it?
Biometric data is highly sensitive and requires strict controls under the Privacy Act.
Keeping a detailed record of these data types is essential for ensuring compliance with the Australian Privacy Act. Not only does it help you meet legal requirements, but it also strengthens your organisation's data management practices, safeguarding against potential breaches and maintaining trust with individuals whose data you handle.