One of the most important factors to keep in mind as a big company, small business or a sole trader, is protecting your business' privacy and confidentiality. But privacy and confidentiality both sound similar, don't they? In some instances, they are, but they do play different roles. This Business Kitz blog will walk you through the key differences between privacy and confidentiality, especially in relation to workplace policies.
Privacy and confidentiality differ in the type of information they protect. Privacy laws protect personal information according to the respective legislation applicable in the respective state or territory, so they are hence enforced differently. On the contrary, ensuring information confidential is kept confidential within a company is defined by each company's policy or the employee's contract.
In Australia, privacy refers to the right of an individual to control their personal information and to protect it from unauthorised access or misuse. Key information that must be protected includes (but is not limited to):
This right is recognized in the Privacy Act 1988 (Cth), which sets out the privacy principles that govern the collection, storage, and use of personal information, and is applicable to individuals, government agencies and businesses.
The Privacy Act imposes obligations onto parties, unlike confidentiality. If your business has an annual turnover of more than $3 million you may have to comply with the Privacy Act depending on the business that you run. However, sometimes businesses that earn less than $3 million are also subject to the Privacy Act.
You will be required to comply with the Privacy Act if;
If this does not apply to your business, you will need to implement your own Privacy Policy that informs your customers on how you will be handling their personal information.
As mentioned before, under this act, you may be required to protect your customer's personal information from:
You must destroy or de-identify your customer's information when you no longer need it.
You can find out more about the Privacy Act at the Office of the Australian Information Commissioner (OAIC).
Confidentiality, on the other hand, refers to the obligation of an individual or organization to keep information secret and not to disclose it to unauthorized parties. Confidentiality may be established through express agreements, such as employment contracts, confidentiality agreements, or non-disclosure agreements.
Confidentiality is also more flexible than your privacy obligations as you have the power to decide what would be considered confidential in your business. Confidential information commonly outlined in employment contracts or business policies usually include;
Not all information will be considered confidential as there is a fine line between the two, and there are a number of exemptions;
Because confidentiality is not explicitly regulated in Australia, it is critical for you to carefully draft a confidentiality clause appropriate for your business.
However, you can still take legal action if your business's confidential information has been breached. There are specific requirements to establish this;
We've made a list of steps you can take to ensure your privacy and confidential information are protected.
1. Privacy Policy - a document stating how your business will deal with the personal information and data it collects. If your business falls within the criteria mentioned above, a privacy policy is required. You privacy policy will also inform customers about when, what and how your business will be using and collecting and storing the information. Business Kitz's subsciption service includes a high-quality template of a privacy policy for your business to implement.
2. Confidentiality Clause / Agreements - a document that you can use to disclose private or sensitive information to another party while forbidding them from disclosing that information to anyone else. It is only enforceable when it is signed and dated by you and the other party to keeping specific information confidential. It is a good idea to be clear from the start with your business's sensitive information before bringing in or onboarding new employees, suppliers, customers etc..
3. Mandatory Restorative Injunction - injunctions are methods or remedies provided by the discretion of the courts to protect your business's confidential information from someone doing something or making someone do something. This means that the court will require someone to fix or restore any damage to its natural / original state committed by them.
4. Intellectual Property Deeds - steer clear from any potential disputes and ensure that your IP is protected and that you have intellectual property ownership rights over your business.
The distinction between privacy and confidentiality is an important one, but ensuring that the appropriate protections are in place is critical. You should protect your business information at all costs from unauthorized access or misuse.
At our sister company, Legal Kitz, our highly experienced solicitors can assist you if you are unsure about how to best protect yourself. You can arrange a FREE consultation or contact us at info@legalkitz.com.au or 1300 988 954. You can also check out our Business Kitz subscription service today to access our Privacy Policy, Confidentiality Policy and Workplace Privacy Policy to begin your business with a solid foundation that ensures compliance.