If you’re an organisation covered by the Privacy Act, it is important to have a Privacy Complaint Handling Procedure.
An organisation will be covered by the Privacy Act if it is an Australian government agency, has an annual turnover of more than $3 million, or falls into one of these exceptions.
A Privacy Complaint Handling Procedure is a guideline which outlines the process for managing and resolving complaints individuals can make in regards to privacy matters and their personal information handling.
This procedure should outline how a complaint can be made, who in your organisation it can be made to, how it will be dealt with internally, and potential external measures.
What’s The Process?
If your business is covered by the Privacy Act, it is important that you give individuals’ complaints adequate time and attention.
Individuals are encouraged to come to your business first and solve the matter internally. It is important to have an effective and efficient method of handling complaints as it could save your business time and money in the long run.
If individuals are not satisfied with your business’ response, they may then complain to a relevant external dispute resolution scheme.
The individual can take their complaint to the OAIC (the Office of the Australian Information Commissioner; the body that regulates privacy matters).
If an individual’s complaint does escalate beyond your organisation, it could lead to reputation damage and impact the public’s trust in your organisation. This is becoming increasingly true as more and more people are concerned with how their data is being used and how secure it is.
Things To Consider When Handling Privacy Complaints
The OAIC recommends that businesses and organisations think about the following matters when drafting a Privacy Complaint Handling Procedure:
- How easy it is for individuals to make a complaint to your business (i.e. the contact details of who to make the complaint to must be easy to find)
- How readily feedback or complaints are available (both electronic and in print)
- Whether the staff members to whom privacy complaints are directed have the requisite knowledge of the Privacy Act
- Whether businesses make it possible to resolve privacy complaints informally through talking to them and providing an explanation and/or apology
- Whether there are regular internal reviews of complaint handling procedures
- Whether organisations have Data Breach Response Plans or policies
The OAIC has also published this checklist to ensure that your business is compliant in addressing privacy complaints.
Navigating privacy procedures such as Privacy Complaint Handling Procedures can be a daunting task, particularly as it could have adverse reputational impacts for your business.
To ensure that your business handles complaints in a uniform and efficient matter, it is important to have these guidelines in place.
Get in touch with us at firstname.lastname@example.org if you have any questions regarding Privacy Complaint Handling Procedures or your obligations under the Privacy Act.
Need legal help?
Get a free, fixed-fee quote.
We'll get back to you within 1 business day.