LexisNexis Practical Guidance®

Whether it is customer lists, customer preferences, patient medical records or customer financials, personal information and data are the all-important “DNA” of many organisations.

As data volumes increase at an exponential rate and the landscape becomes increasingly complex with the use of the third-party service providers, cloud enabled technology, personal profiling, sophisticated analytics and multijurisdictional data flows, tackling questions regarding privacy can be daunting.

Certain organisations are required to comply (APP entities) with the Privacy Act 1988 (Cth). Key obligations include that such organisations:

• manage personal information in an open and transparent way (APP 1 - Open and transparent management of personal information) (see Understanding the relationship between privacy, cybersecurity and data resilience);
• take reasonable steps to implement practices, procedures and systems that will

  View all Privacy by design guidance

In order to mitigate the risk of privacy issues, cyber security threats and achieve data resilience, it is important to take a proactive approach to privacy.

This means thinking critically about privacy during the planning and implementation stages of a project. As discussed in Implementing a privacy by design approach, privacy by design is essential to proactive management of privacy issues.

A privacy impact assessment (PIA) is an essential part of implementing new projects in order to achieve privacy by design.

A PIA is a systematic evaluation of a project that identifies the impact that the project might have on the privacy of individuals, and sets out recommendations for managing, minimising or eliminating that impact.

See Conducting a privacy impact assessment.

For any new project

View all Planning and implementing new projects guidance

At the most basic level, direct marketing involves the use of personal information to promote goods and services.

Direct marketing can occur via many different channels and take on many different forms, from:

• sophisticated targeted online campaigns;
• promoting a new product range via electronic message; or
• soliciting customer feedback (and gently spruiking a new service) via phone to good old-fashioned snail mail.

Whether you are advising a client on the launch of a new product range, or the organisation you work for is rolling out a global client feedback survey with an option to upgrade to the latest software service package, direct marketing is likely to be an issue you are going to have to tackle at some point.

The direct marketing landscape provided for under

View all Engaging in direct marketing guidance

Today, organisations have access to more data than ever before. “Big data” is the new normal as organisations collect data across a broad range of channels such as apps, email, and web browsing. That data is then harnessed to provide valuable business insight.

Online behavioural advertising describes a wide range of activities companies engage in to collect information about users’ online activity (such as webpages visited, links clicked and online transaction history) which is subsequently used to show more tailored or relevant content and advertisements.

See Identifying the form(s) of online behavioural advertising.

Sometimes the data collected is not personal information in the traditional sense (such as your name, phone and contact details), but rather generic information linked to an online identifier which

View all Using cookies and other emerging forms of online behavioural advertising guidance