From time to time, Hot-Topix may collect, store, use and disclose personal information about an individual in its information management system and though its activities generally.
The FAQs below provide advice to frequently asked questions about privacy from individuals or about activities that may affect an individual's privacy. If you have a question you would like Hot-Topix to answer please refer your question to the Social Media Advocacy Supervisor, or email firstname.lastname@example.org.
1. What is privacy law?
Privacy law generally relates to the protection of an individual’s personal information.
In Australia, the Privacy Act 1988 (Cth) (Privacy Act) regulates the handling of personal information about individuals, such as the collection, use, storage and disclosure of personal information. Personal information is defined below.
2. Does the Privacy Law apply to Hot-Topix?
As of 12 March 2014, the Privacy Act has been amended to include 13 Australian Privacy Principles (APPs) which is a single set of privacy principles that applies to Australian government agencies and some private sector organisations, known as, “APP entities”. The APPs set out standards, rights and obligations for the handling, holding, accessing, and correction of personal information (including sensitive information).
A business is an APP entity if it has an annual turnover of $3 million or more for the previous financial year. An APP entity organisation may be an individual, a partnership, a body corporate, trust or other incorporated association. Where Hot-Topix operates through agents or contractors, the Privacy Law applies to the agent or contractor. The Privacy Act will apply even if a business operates in the B2B sector. Adopting the APPs is also best business practice.
3. What is personal information?'
Personal information is information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.
Common examples of personal information are an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details, credit card details, and commentary or opinion about a person.
4. What personal information can Hot-Topix collect?
A business can only collect personal information (other than sensitive information) if such information is reasonably necessary for one of its business functions or activities.
Hot-Topix may only collect personal information by lawful and fair means and only directly from the individual unless it is unreasonable or impracticable to do so. The Privacy Law applies to that information once collected, even if it is publicly available.
5. What if Hot-Topix receives personal information from someone other than the individual?
If Hot-Topix receives personal information that it did not ask for from someone other than the individual, this is unsolicited personal information. If Hot-Topix receives unsolicited personal information it needs to comply with the Privacy Law in relation to that Personal Information i.e. how it holds and uses it.
6. What limits are there on what Hot-Topix can do with personal information?
When Hot-Topix holds personal information about an individual that was collected for a particular purpose (primary purpose), it must not use or disclose that personal information for another purpose (secondary purpose) unless the individual has consented to the use or disclosure, or the individual would reasonably expect Hot-Topix to use or disclose the information for the secondary purpose that is related to the primary purpose.
Other exemptions to this limitation include:
- where it is required or authorised by or under an Australian law or court/tribunal; or
- where a permitted general situation or a permitted health situation exists.
There are also additional restrictions and obligations relating to disclosure for direct marketing purposes (as discussed below) and disclosure to overseas recipients.
7. Can personal information be disclosed?
In order to perform services, Hot-Topix can disclose personal information.
8. What about direct marketing?
Generally, businesses may only use or disclose personal information for direct marketing purposes where the individual has:
(a) consented to the personal information being so used; or
(b) has a “reasonable expectation” that the personal information may be used for this purpose; and
(c) there are sufficient opt-out mechanisms in place.
When direct marketing using personal information, businesses must provide a simple means by which the individual may easily request not to receive direct marketing communication and by drawing attention to the fact that the individual may make such a request.
9. What does ‘secure storage’ mean?
Secure storage of personal information places an obligation on businesses to use all reasonable endeavours to keep an individual’s personal information in a secure environment. This means that there are security measures in place to protect personal information from misuse, interference, loss and from unauthorised access, modification, or disclosure.
10. What does Hot-Topix do with personal information when it no longer needs it?
If Hot-Topix no longer needs any personal information which it has collected, it will take reasonable steps to destroy or de-identify the personal information (unless it is required under the Australian law or a court/tribunal order to retain it).
11. Does Hot-Topix have obligations to maintain personal information?
Yes. Hot-Topix must take reasonable steps to ensure the personal information collected is accurate, up-to-date, and complete.
There is also a positive obligation on organisations to take reasonable steps to correct any personal information that they perceive as inaccurate, out-of-date, incomplete, irrelevant or misleading or if it is requested to be corrected by an individual.
‘Reasonable steps’ may include careful auditing and careful identification in cataloguing that information, ensuring new updates are promptly added to existing records correctly.
12. Can Hot-Topix collect information that is “sensitive information”?
Personal information may also be “sensitive information” which is information generally relating to health, racial or ethnic background, political opinions or associations, sexual preferences or criminal records. Higher standards apply to the handling of sensitive information.
Hot-Topix must only collect sensitive information with the individual’s consent and if it is reasonably necessary for the businesses functions or activities. If such information is in the public domain, once it is collected it can only be used as set out at point 6 above.
This requirement is exempted if the collection of information is required or authorised under Australian law or court/tribunal order.
13. Is Hot-Topix required to grant access to personal information?
Yes. If a business holds personal information on record, it is obliged to grant access to the individual unless there is a ground of refusal as set out in the APPs.
If an individual requests access to his/her personal information held by Hot-Topix, Hot-Topix must give access to the information within a reasonable period after the request is made. This usually means within 30 days. Access to this information must be in the manner requested by the individual so long as it is reasonable and practicable to do so. This could include by email, phone, in person, hard copy, or electronic copy. You cannot charge for the request but you can make a reasonable charge for retrieving the information.
14. Who do I contact if I have privacy concerns?
If you have any concerns about meeting privacy obligations, please contact the Social Media Advocacy Supervisor:
If you would like further information relating to the Australian privacy laws and the Australian Privacy Principles, please visit: www.oaic.gov.au