One of the most important factors to keep in mind as a big company, small business or a sole trader, is protecting your business’ privacy and confidentiality. But privacy and confidentiality both sound similar, don’t they? In some instances, they are, but they do play different roles. This Business Kitz blog will walk you through the key differences between privacy and confidentiality, especially in relation to workplace policies.
What is the difference between privacy and confidentiality?
Privacy and confidentiality differ in the type of information they protect. Privacy laws protect personal information according to the respective legislation applicable in the respective state or territory, so they are hence enforced differently. On the contrary, ensuring information confidential is kept confidential within a company is defined by each company’s policy or the employee’s contract.
What is Privacy in Australia?
In Australia, privacy refers to the right of an individual to control their personal information and to protect it from unauthorised access or misuse. Key information that must be protected includes (but is not limited to):
- Phone number, Email
- Name, Date of birth
- Medical records, Healthcare information
- Bank details
- Photos and videos
- Family information and contact details
- IP address
This right is recognized in the Privacy Act 1988 (Cth), which sets out the privacy principles that govern the collection, storage, and use of personal information, and is applicable to individuals, government agencies and businesses.
What is the Privacy Act 1988?
The Privacy Act imposes obligations onto parties, unlike confidentiality. If your business has an annual turnover of more than $3 million you may have to comply with the Privacy Act depending on the business that you run. However, sometimes businesses that earn less than $3 million are also subject to the Privacy Act.
You will be required to comply with the Privacy Act if;
- your business is in the health sector (gyms, weight loss clinics, therapists, child care, etc)
- your business sells or purchases personal information
- you are a contractor providing services under a contract to the Australian Government
- you are a credit provider / reporting entity
- you are a residential tenancy database operator
As mentioned before, under this act, you may be required to protect your customer’s personal information from:
- Unauthorized access
You must destroy or de-identify your customer’s information when you no longer need it.
You can find out more about the Privacy Act at the Office of the Australian Information Commissioner (OAIC).
What is Confidentiality in Australia?
Confidentiality, on the other hand, refers to the obligation of an individual or organization to keep information secret and not to disclose it to unauthorized parties. Confidentiality may be established through express agreements, such as employment contracts, confidentiality agreements, or non-disclosure agreements.
Confidentiality is also more flexible than your privacy obligations as you have the power to decide what would be considered confidential in your business. Confidential information commonly outlined in employment contracts or business policies usually include;
- Disclosure of personal information
- Employee perks
- Trade secrets
- Sales numbers
- Customer Information
- Phone codes / computer passwords
What information is not considered as confidential?
Not all information will be considered confidential as there is a fine line between the two, and there are a number of exemptions;
- Information that has become common knowledge through public domain
- Disclosure of facts in legal proceedings and court documents
- Publication of information subject to personal confidence
- Publication of similar versions of the same information
- Disclosure required by law or to provide goods and service
- Information disclosed to a professional advisor
Because confidentiality is not explicitly regulated in Australia, it is critical for you to carefully draft a confidentiality clause appropriate for your business.
However, you can still take legal action if your business’s confidential information has been breached. There are specific requirements to establish this;
- the information cannot be in the public domain
- the relevant parties must have been aware of its confidential nature
- the information must have been received when importing an obligation of confidence, for example;
- written in employment contract
- inferred from the relation
- acquired by ears dropping
- an injunction may be granted against any third party who intentionally obtained the information
Maintaining Privacy and Confidentiality in the workplace
We’ve made a list of steps you can take to ensure your privacy and confidential information are protected.
2. Confidentiality Clause / Agreements – a document that you can use to disclose private or sensitive information to another party while forbidding them from disclosing that information to anyone else. It is only enforceable when it is signed and dated by you and the other party to keeping specific information confidential. It is a good idea to be clear from the start with your business’s sensitive information before bringing in or onboarding new employees, suppliers, customers etc..
3. Mandatory Restorative Injunction – injunctions are methods or remedies provided by the discretion of the courts to protect your business’s confidential information from someone doing something or making someone do something. This means that the court will require someone to fix or restore any damage to its natural / original state committed by them.
4. Intellectual Property Deeds – steer clear from any potential disputes and ensure that your IP is protected and that you have intellectual property ownership rights over your business.
The distinction between privacy and confidentiality is an important one, but ensuring that the appropriate protections are in place is critical. You should protect your business information at all costs from unauthorized access or misuse.