Privacy Awareness Week: Is Your NFP Privacy Compliant?
30 April 2012 at 11:03 am
Opinion: Many NFPs play an important role in providing support to some of the most vulnerable people in our community by delivering services to those in all kinds of need – from family violence to financial counselling and emotional support.
As a result, staff working in NFPs often come face to face with highly sensitive personal information about the health and financial circumstances of their clients.
NFPs that are subject to the Privacy Act will need to comply with the various requirements under the Act.
A key principle enshrined in the Privacy Act is that when you collect personal information from an individual you should tell them why you are collecting it and who else you may disclose it to.
As well as being required by the Privacy Act, these are important steps NFPs can take in building and maintaining the trust of their client base. If your clients know what you will do with their personal information and are confident you will handle it properly, they are more likely to be willing to work with you as it will engender greater trust in the relationship.
The OAIC recommends that you don't consider clients as fundraising targets unless they have explicitly opted in to receive such communications. Equally, donors who support fundraising campaigns should be offered a choice about receiving information on non-fundraising activities or new campaigns.
If you use your clients’ personal information in ways they don’t expect or haven’t consented to, you risk eroding the trust between your organisation and your clients. This can, in turn, impact on your ability to either deliver services to those people, or on your ability to rely on their good will during fundraising campaigns.
Always restrict file access to staff on a ‘need to know’ basis. For example, by ensuring that those involved with fundraising do not have routine access to personal information that may be kept on client databases and having checks and balances in place to protect the privacy of client’s personal information.
By ensuring that privacy is safe guarded and respected, you are not only fulfilling your obligations under the Privacy Act, but, more importantly, respecting the trust of those who share their personal details with you.
Quick privacy tips for NFPs:
- Provide donors, volunteers and service users with notice of how their personal information will be handled and used
- If your organisation has information about people and wishes to use it for a new purpose, contact them and give them the option of deciding whether or not they wish their information to be used for that new purpose
- If you share your donor lists with other organisations, make sure that you provide people with information about who their information will be passed to from the start. Always be open about how you will use donor information.
If you have any queries or concerns in relation to your obligations under the Privacy Act or how your organisation is collecting and handling personal information, contact the Office of the Australian Information Commissioner’s Enquiries Line on 1300 363 992 or www.oaic.gov.au
Like this story? Want more? Subscribe to our Online News Service – it’s FREE!