If your business collects information about customers or users and stores it electronically (almost all businesses do), you need to consider privacy law.
The storage and use of “personal information” is covered by the Privacy Act 1988 (Cth) (Act). The definition of personal information in the Act is very broad (and imprecise): personal information is any information that identifies a person or could be used to identify a person. This includes obvious categories of information like names and addresses, but reaches as far as information like dates of birth and post codes in circumstances where data can be cross-referenced to deduce someone’s identity.
The recent changes to Privacy Law make it a far more pressing consideration for Australian businesses – a regime that has been criticized as “toothless” now includes fines of up to $1.1 million for breaches.