Privacy as the foundation of trust
Our personal information is a core piece of our identity that must be protected. It reveals who we are, what we do, and our beliefs.
As individuals, we have a right to privacy and a choice to trust organisations with our personal information. When we see privacy practices and care demonstrated with protecting our personal information, we are more likely to trust organisations with our information and gain confidence in the services they provide us. Trust is a pillar of the digital economy and a key requirement for a sustainable society.
The key points from these tips are for not-for-profits to:
- Know your privacy obligations under the Privacy Act. Even if your organisation is not subject to the Privacy Act, adopt privacy principles as part of good governance practices.
- Have a privacy plan. Embed a culture of privacy, establish privacy practices, and enhance your response to privacy issues.
- Build in privacy by design. Build good privacy practices into your products, services, and internal systems to minimise or manage privacy risks
- Assess privacy risks. Assess your risks early. Undertake a privacy impact assessment to assess your information handling practices, or when you introduce new technologies
- Simplify your privacy policy. Ensure it is written in plain English and includes a summary. The Digital Transformation Hub has privacy guidelines for not-for-profits and a privacy policy template provided by PwC Australia that you can customise.
- Review your privacy practices and processes to ensure you comply with legal requirements and remain relevant to meet community expectations.
- Secure personal information to protect it from misuse, interference, and loss. Security considerations are a privacy principle encompassing governance and staff training, processes, and technology requirements to uphold protection.
- Train your staff. Integrate privacy into staff training, conduct regular refreshers.
- Prepare for data breaches by having a response plan. Organisations bound by the Privacy Act who may experience a data breach that could result in serious harm to individuals, must notify the OAIC and the affected individuals. This is a requirement under the Notifiable Data Breaches (NDB) scheme.
For individuals to maintain their privacy, the Office of the Australian Information Commissioner (OAIC) provides several tips including:
- Value your personal information and protect it
- Secure your online accounts using measures such as strong passphrases and multi-factor authentication
- Protect your devices by keeping them updated and performing regular data backups so that important personal information is not lost.
- Reviewing and updating your privacy settings
- If your privacy is impacted, take steps to reduce your risk of harm
Not-for-profits provide services to and assist those who are sometimes the most vulnerable members of our society and as such, have a profound duty of care to protect their information. The OAIC has some great tips for organisations to assist in building and maintaining the community’s trust in how their personal information is handled.
Privacy guidelines and template for not-for-profits
PwC Australia has developed the following privacy guidelines for NFPs, an excellent resource to guide the development of policies and processes for your organisation. It provides detailed guidance about:
- What is personal information?
- Your organisation's legal obligations
- An overview of Australian Privacy Principles
- The Notifiable Data Breaches Scheme
- Examples of breaches of Australian not-for-profit organisations
- Best practices to manage privacy
- Having a data breach response plan.
When you're ready to formulate your organisation's privacy policy, download this Privacy Policy Template, provided by PwC Australia, which you can customise to meet your needs.
Status message
Thanks for rating this guide.