Privacy as the foundation of trust

Not-for-profits provide services to and assist those who are sometimes the most vulnerable members of our society and as such, have a profound duty of care to protect their information.
Privacy is the foundation of trust

Our personal information is a core piece of our identity which must be protected: it reveals who we are, what we do and our beliefs.

As individuals, we have a right to privacy and a choice to trust organisations with our personal information. When we see privacy practices and care demonstrated with the protection of our personal information, we are more likely to trust organisations with our information and gain confidence in the services they provide to us. Trust is a pillar of the digital economy and a key requirement for a sustainable society.

For individuals to maintain their privacy, the Office of the Australian Information Commissioner (OAIC) provides several tips including:

Not-for-profits provide services to and assist those who are sometimes the most vulnerable members of our society and as such, have a profound duty of care to protect their information. The OAIC has some great tips for organisations to assist in building and maintaining the community’s trust in how their personal information is handled. 

The key points from these tips are for not-for-profits to:

  • Know their privacy obligations under the Privacy Act. Even if your organisation is not subject to the Privacy Act, adopt privacy principles as part of good governance practices.
  • Simplify their privacy policy. Ensure it is written in plain English and includes a summary. The Digital Transformation Hub has privacy guidelines for not-for-profits and a privacy policy template provided by PwC Australia that can be customised.
  • Review their privacy practices and processes to make sure they comply with legal requirements and remain relevant to meet community expectations.
  • Secure personal information to protect it from misuse, interference and loss. Security considerations are a privacy principle encompassing governance and staff training, processes and technology requirements to uphold protection.
  • Prepare for data breaches by having a response plan. Organisations bound by the Privacy Act who may experience a data breach that could result in serious harm to individuals, must notify the OAIC and the affected individuals. This is a requirement under the Notifiable Data Breaches (NDB) scheme

Visit the Office of the Australian Information Commissioner website for more information.

Rate this guide

No votes yet

Status message

Thanks for rating this guide.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.