The short answer
- your businesses turnover is over $3m; or
- if your business provides health services and holds health information about individuals; or
- your business is in the business of selling personal information that you have collected, e.g. your business collects names and email addresses and then sells those detail to another company so that other company can market to the individuals.
So let’s go into a little more detail. There are Australian Privacy Principles that sit within the Privacy Act. They stipulate how personal information can be collected, stored and shared.
Australian Privacy Principle entities are organisations that have to abide by the Australian Privacy Principles (i.e. comply with the Privacy Act). There are several types of Australian Privacy Principle entities, such as businesses with an annual turnover of more than $3 million, businesses that provide health services and hold health information and all businesses that sell personal information collected through their mobile app to advertisers.
What is personal information?
For information to be personal, it needs to be information or an opinion about an identifiable individual. Examples of personal information that is commonly collected and used by mobile apps includes:
- Name and email address
- Internet Protocol (IP) addresses
- Unique Device Identifiers (UDIDs)
- Contact lists
- Social media account information
- Voice print and facial recognition biometrics
- Geographical location information
- What personal information will be collected
- How the personal information will be collected and stored
- How the personal information will be used by your business and any third party advertisers
- Whether the personal information will be disclosed in Australia or overseas, including to government organisations
- How users can access the personal information that has been collected by the app
- How users can have their personal information corrected if it is incorrect
There are different ways you can ensure that users to read and consider your policy before agreeing to it. For example, you can have the key points of your policy pop-up on a screen with a link to the whole policy. You can use infographics to help users understand your policy. You also might consider having different settings on your app that allows users to tailor the amount and type of personal information that the app accesses.