What does the Privacy Act mean for management rights?

By now, most of you may know the Federal government’s Privacy Act 1988 (the Act) has been amended. It applies to basically every business in Australia.

If you are caught by the amendments there are now 13 Privacy Principles which you must abide by. The amendments deal primarily with the collection, use and disclosure of personal information.

The Act only applies to personal information. This means names, street and email addresses, phone numbers, credit card details etc.  It also includes personal information of a sensitive nature such as health information.

It does not apply to you if you are a ‘small business operator’. You are one of these if your turnover is less than $3 million per financial year. Turnover is basically revenue or income from all sources and that number includes GST – so the threshold for ‘net’ turnover is roughly $2.7 million plus GST.

There are then exceptions which mean you must comply with the Act even if you are a small business operator whose turnover is less than $3 million.

Some of these exceptions include:

  • if you provide a health service or store health information (meaning all aged care operators and most retirement villages are caught if they collect, use or disclose health information);
  • if you are a related body corporate to someone that is not a small business operator (i.e. the big real estate franchises); or
  • if you provide services to the federal government.

None of these exceptions are likely to apply to management rights operators.

The exceptions that may apply relate to:

  • Disclosing personal information about another individual to anyone else for a benefit, service or advantage (i.e. the sale of  a customer database to a third party); or
  • Providing a benefit, service or advantage to collect personal information about another individual from anyone else (i.e. where you participate in a survey and the surveying company then gives that information back to its clients).

Both of these are really trading in personal information and therefore require compliance with the Privacy Principles and the Act.

So what does all this mean for management rights owners?

The vast bulk of management rights owners will not be caught as their turnover will be less than $3 million. The bigger players (Mantra etc), and those with group buildings with total revenue of more than $3 million will.

You can keep personal information and you can communicate to those people using it. However, If you give the information away to a third party or use that information to market the services of others to those people, then you may well be caught. It is a bit of an interpretative nightmare, but if you keep the information you hold private and use it only for your own purposes you will be compliant.

There is also a specific exemption for the sale of a business that includes personal information, so the sale of a management rights business with a customer database does not infringe the Act.

Even if you don’t have to comply, you can do so publicly by opting in. Some entities may choose to do this as a point of difference.

Some would suggest that a good practice, even if you do not have to comply, would be to opt-in in circumstances where you can easily do so. This can be achieved by adopting an appropriate privacy policy and including  a statement in your relevant documents that defines the purpose for which you collect personal information and that the person gives their consent for you to use it.

If you think you have to comply, or want assistance in how to comply if you opt in, let us know so we can help you.

Related Posts