Cash register systems, besides dealing with standard transactions data, can also get in the possession of customer information – that is why it is important to be familiar with the requirements on the protection of personal data.
Below we present to you the basic rules regarding personal data protection applicable in Australia.
If your business has an annual turnover of more than $3 million, you must comply with the Privacy Act.
If your business has an annual turnover of $3 million or less, you may still need to comply with the Privacy Act depending on what your business does. For example, you need to comply with the Act if you’re a:
- private sector health service provider. This includes complementary therapists, gyms, weight loss clinics, childcare centres and private education providers
- business that sells or buys personal information
- contractor providing services under a contract with the Australian Government
- credit provider or credit reporting body
- residential tenancy database operator.
Personal information might include your customers’:
- name
- signature
- address, email, telephone number and date of birth
- medical records
- bank details
- photos and videos
- IP address
- opinions which could be used to identify them.
If the Privacy Act covers your business, you need to comply with the Australian Privacy Principles (APPs). These outline how you must handle, use and manage personal information.
Even if the Privacy Act doesn’t cover your business, it’s important to handle your customers’ personal information appropriately.
If your business is covered by the Privacy Act, you need to comply with the Notifiable Data Breaches scheme. If a data breach involves personal information and is likely to cause serious harm to a person, you need to notify both the:
- person involved
- Office of the Australian Information Commissioner (OAIC).