In a digital era, more and more people are concerned about data breaches. This is serving to make consumers acutely aware of how their personal information is handled. Both regulators and customers have zero tolerance for companies and individuals who do not take reasonable steps to protect their customer’s personal information.
It is important to remember that everyone has a role to play in ensuring privacy is respected and protected.
The Privacy Act 1988 (Privacy Act) regulates the handling of personal information about individuals, including the collection, use, storage, disclosure, access to and correction of that information.
Given the volume of personal information held in your client files – like identification, date of birth, bank account information to name just a few - it is imperative that your business has appropriate processes in place for handling this personal information.
Other than the Privacy Act, there are a number of other Australian laws that relate to Privacy. Two examples are the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and the Telecommunications Act 1997.
Tax File Numbers (TFN)
Tax file numbers (TFN) are unique numbers issued by the Australian Taxation Office (ATO) to identify individuals, corporations and others who lodge income tax returns in Australia.
The Privacy (Tax File Number) Rule 2015 (TFN Rule) issued under section 17 of the Privacy Act regulates the collection, storage, use, disclosure, security and disposal of an individual’s TFN information. The TFN Rule only applies to the TFN information of individuals and does not apply to TFN information about other legal entities such as corporations, partnerships, superannuation funds and trusts.
The TFN Rule is legally binding. A breach of the TFN Rule is an interference with privacy under the Privacy Act. Individuals who consider that their TFN information has been mishandled may make a complaint to the Office of the Australian Information Commissioner (OAIC).
What is personal information
The Privacy Act regulates how personal information is handled. The Privacy Act defines personal information as:
“…information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual,
or an individual who is reasonably identifiable.”
Common examples are an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details and any commentary or opinion about a person.
Connective Privacy Requirements
- All client supporting documentation must be held in Mercury to ensure the security of this information
- All tax file numbers must be removed from supporting documentation held in Mercury Nexus before it is submitted to a lender
- Once you have uploaded all documentation into Mercury Nexus, any hard copy documents must be disposed of in a secure manner, such as shredding
- Ensure personal, confidential or sensitive information is secure and protected within the workplace
- Customer information should not be left on desks (implement a clean desk policy) to ensure that unauthorised access to the information does not occur
- Your computer and mobile devices should be password protected and passwords should be changed regularly
If you have any questions in regards to your email signature please email email@example.com