There are some key changes to the privacy laws that will affect us all.
The Small Business Exemption Is Ending
For years, businesses with an annual turnover under $3 million were usually exempt from privacy laws. The exemption is about to end.
Soon, every business will be required to comply with Australian Privacy Laws. What it means is that if you record a person's email for receipts or a phone number for deliveries, it constitutes personal information. It must be protected. Whether the person was brought to you or not is not relevant. It is your business that has collected this information on that person.
Penalties are higher
The government is significantly increasing fines for privacy breaches. It's worth noting that legal costs will add even more to the overall expense.
Direct Lawsuits May Become Possible
Currently, customers must first complain to the Office of the Australian Information Commissioner. The proposed changes would let customers sue businesses directly for privacy breaches. It creates a higher financial risk if you mismanage data.
International Customer Complications
I have previously inquired numerous times without receiving a proper response: if your customer is an overseas citizen, we need to consider the legal regulations of their home country. Many countries also have privacy laws.
Considering these changes, let's take some practical steps to safeguard your retail business and ensure our compliance.
Practical Steps for your business
It is crucial that you:
Review what personal information you collect. Only gather what you actually need. If you do not need it, do not collect it. Then store all your information securely. If possible, use encryption, many backyp systems provide such a service. Delete any information you no longer need. This may be tough, as generally, all Australian businesses are required to retain business records for a minimum of seven years. I have clients who are required to retain certain information for 30 years.
Train your staff on privacy basics. Everyone should understand that customer data is confidential and protected.
Check who has access to your customer information and remove unnecessary people.
Handling Customer Privacy Complaints
If a customers complain about their privacy:
Step 1: Respond Immediately
It's a customer, and you want their goodwill, so send an immediate response.
Send a response, like: "We're sorry for any frustration this has caused. We're taking this matter seriously and are investigating now." This shows professionalism without admitting legal fault. If you admit fault here, your insurance policy may be voided. You may also be seen as admitting to a criminal act.
Step 2: Investigate Thoroughly
Review any records you have. Consult with your staff if relevant. Document everything you find.
Don't delete data immediately, as you might need it to resolve the complaint properly. I had one newsagency where the customer demanded to be present when his information was destroyed.
Keep detailed notes of your investigation process.
Step 3: Seek Expert Advice When Needed
If the complaint feels severe, don't guess. Seek external advice. Contact your industry association, a legal expert, or the OAIC for guidance. Be sure to note that you have documented this and note what instructions they provided.
Step 4: Provide a Clear Resolution
You must respond within 30 days. Do not be late. In your response, offer them a solution and apologise for the obvious distress this has caused your customer. It may involve correcting or deleting information. With me, it would be deleting it.
If customers are still unhappy with your solution, well, you must notify them about their right to file a complaint with the Office of the Australian Information Commissioner.
Preparing Your Business
It's essential to remember that customer data privacy extends beyond simply complying with the law. If customers think their information isn't safe, I doubt they'll stay with you.
This article provides general guidance and should not be considered legal advice. Consult privacy professionals for specific situations.
Written by:
Bernard Zimmermann is the founding director of POS Solutions, a leading point-of-sale system company with 45 years of industry experience, now retired and seeking new opportunities. He consults with various organisations, from small businesses to large retailers and government institutions. Bernard is passionate about helping companies optimise their operations through innovative POS technology and enabling seamless customer experiences through effective software solutions.
