1. Customer information to be kept secure
New privacy laws come into effect in December 2001 for most businesses and organisations. The new law establishes the National Privacy Principles (NPPs) as the minimum privacy standards for the private sector.
Under the NPPs, a business must:
(a) take reasonable steps to protect personal information it holds;
(b) not hold data longer than it needs;
(c) destroy personal information that is no longer used for the purpose for which it was originally collected; and
(d) take reasonable steps to prevent unauthorised access to the information it holds.
2. Who must keep customer information secure?
A business (includes a partnership, trust, organisation and individual operating a business) will not be covered by the new laws if it has an annual turnover of $3 million or less and:
(a) is not related to a business with an annual turnover of $3 million or more;
(b) does not provide a health service or hold health records;
(c) does not disclose personal information about an individual for a benefit, service or advantage; or
(d) does not provide a benefit, service or advantage to collect personal information.
3. Safe handling of customer credit card details
Many customers are concerned about the risks involved in using credit cards to purchase goods on the internet. Two main risks are:
(a) credit card details may be intercepted on the way to its destination and used by a third party; or
(b) the website / business uses credit card information improperly or fraudulently.
Security measures such as encryption help to ensure the safe handling of credit card information. See Secure Electronic Transactions Fact Sheet, Digital Signatures and Encryption of Data.
Other relevant Articles on this site:
Best practice model
Terms and conditions of website
Encryption of data
Digital signatures
Electronic communications policy
Other relevant Fact Sheets:
Electronic Payment Systems
Electronic Transactions Act
Keeping Electronic Records
Privacy
Secure Electronic Transactions
Workplace Net Control
End Notes