Privacy vs Confidentiality in Australia

One of the most important factors to keep in mind as a big company, small business or a sole trader, is protecting your business’ privacy and confidentiality. But privacy and confidentiality both sound similar, don’t they? In some instances, they are, but they do play different roles. This Business Kitz blog will walk you through the key differences between privacy and confidentiality, especially in relation to workplace policies.

What is the difference between privacy and confidentiality?

Privacy and confidentiality differ in the type of information they protect. Privacy laws protect personal information according to the respective legislation applicable in the respective state or territory, so they are hence enforced differently. On the contrary, ensuring information confidential is kept confidential within a company is defined by each company’s policy or the employee’s contract.

What is Privacy in Australia?

In Australia, privacy refers to the right of an individual to control their personal information and to protect it from unauthorised access or misuse. Key information that must be protected includes (but is not limited to):

  • Phone number, Email
  • Name, Date of birth
  • Signature
  • Address
  • Medical records, Healthcare information
  • Bank details
  • Photos and videos
  • Family information and contact details
  • IP address

This right is recognized in the Privacy Act 1988 (Cth), which sets out the privacy principles that govern the collection, storage, and use of personal information, and is applicable to individuals, government agencies and businesses.

What is the Privacy Act 1988?

The Privacy Act imposes obligations onto parties, unlike confidentiality. If your business has an annual turnover of more than $3 million you may have to comply with the Privacy Act depending on the business that you run. However, sometimes businesses that earn less than $3 million are also subject to the Privacy Act.

You will be required to comply with the Privacy Act if;

  • your business is in the health sector (gyms, weight loss clinics, therapists, child care, etc)
  • your business sells or purchases personal information
  • you are a contractor providing services under a contract to the Australian Government
  • you are a credit provider / reporting entity
  • you are a residential tenancy database operator

If this does not apply to your business, you will need to implement your own Privacy Policy that informs your customers on how you will be handling their personal information.

As mentioned before, under this act, you may be required to protect your customer’s personal information from:

  • Loss
  • Theft
  • Interference
  • Misuse
  • Modification
  • Unauthorized access
  • Disclosure

You must destroy or de-identify your customer’s information when you no longer need it.

You can find out more about the Privacy Act at the Office of the Australian Information Commissioner (OAIC).

What is Confidentiality in Australia?

Confidentiality, on the other hand, refers to the obligation of an individual or organization to keep information secret and not to disclose it to unauthorized parties. Confidentiality may be established through express agreements, such as employment contracts, confidentiality agreements, or non-disclosure agreements.

Confidentiality is also more flexible than your privacy obligations as you have the power to decide what would be considered confidential in your business. Confidential information commonly outlined in employment contracts or business policies usually include;

  • Disclosure of personal information
  • Salaries
  • Employee perks
  • Trade secrets
  • Sales numbers
  • Customer Information
  • Phone codes / computer passwords

What information is not considered as confidential?

Not all information will be considered confidential as there is a fine line between the two, and there are a number of exemptions;

  • Information that has become common knowledge through public domain
  • Disclosure of facts in legal proceedings and court documents
  • Publication of information subject to personal confidence
  • Publication of similar versions of the same information
  • Disclosure required by law or to provide goods and service
  • Information disclosed to a professional advisor

Because confidentiality is not explicitly regulated in Australia, it is critical for you to carefully draft a confidentiality clause appropriate for your business.

However, you can still take legal action if your business’s confidential information has been breached. There are specific requirements to establish this;

  • the information cannot be in the public domain
  • the relevant parties must have been aware of its confidential nature
  • the information must have been received when importing an obligation of confidence, for example;
    • written in employment contract
    • inferred from the relation
    • acquired by ears dropping
    • an injunction may be granted against any third party who intentionally obtained the information

Maintaining Privacy and Confidentiality in the workplace

We’ve made a list of steps you can take to ensure your privacy and confidential information are protected.

1. Privacy Policy – a document stating how your business will deal with the personal information and data it collects. If your business falls within the criteria mentioned above, a privacy policy is required. You privacy policy will also inform customers about when, what and how your business will be using and collecting and storing the information. Business Kitz’s subsciption service includes a high-quality template of a privacy policy for your business to implement.

2. Confidentiality Clause / Agreements – a document that you can use to disclose private or sensitive information to another party while forbidding them from disclosing that information to anyone else. It is only enforceable when it is signed and dated by you and the other party to keeping specific information confidential. It is a good idea to be clear from the start with your business’s sensitive information before bringing in or onboarding new employees, suppliers, customers etc..

3. Mandatory Restorative Injunction – injunctions are methods or remedies provided by the discretion of the courts to protect your business’s confidential information from someone doing something or making someone do something. This means that the court will require someone to fix or restore any damage to its natural / original state committed by them.

4. Intellectual Property Deeds – steer clear from any potential disputes and ensure that your IP is protected and that you have intellectual property ownership rights over your business.

Legal Advice:

The distinction between privacy and confidentiality is an important one, but ensuring that the appropriate protections are in place is critical. You should protect your business information at all costs from unauthorized access or misuse.

At our sister company, Legal Kitz, our highly experienced solicitors can assist you if you are unsure about how to best protect yourself. You can arrange a FREE consultation or contact us at or 1300 988 954. You can also check out our Business Kitz subscription service today to access our Privacy Policy, Confidentiality Policy and Workplace Privacy Policy to begin your business with a solid foundation that ensures compliance. 

We are currently onboarding our first 3,000 users to our new powerful AI-assisted software which will be live soon