The Privacy Act (1988) recognises the importance of privacy individuals and regulates the way the Australian government, large organisations (‘large’ is defined in the Act as any organisation which has an annual turnover greater than $3 million), and some small businesses handle personal information. Under the Act individuals have a right:
* to know why their information is being collected, how it will be used and with whom the information will be shared,
* to remain anonymous in certain circumstances,
* to have access to their personal information,
* to opt out of direct marketing,
* to correct information about themselves that is inaccurate, and
* to complain if they feel their private information has been mishandled.

As digital technology rapidly increases and as more businesses move exclusively to online platforms or shift databases and operations off-shore or to shared data storage centres it is imperative that businesses implement data protection processes. Ensuring privacy compliance is about much more than simply having a Privacy Policy. Privacy. Considerations should be integrated into every aspect of the business, and Privacy Impact Assessments (PIAs) should be a defined area within all projects. Taking this ‘bottom up’ approach will more rapidly ensure that privacy requirements are being met than simply instituting a company wide privacy policy.

This approach has the additional benefit of creating cultural change within organisations. Strong privacy awareness and culture will help to safeguard customer loyalty and retention, as well as stakeholder and will allow business to respond efficiently if there is a data breach. Setting in motion cultural change may create chaos in the short term but this risk is mitigated by an overall long term sense of direction (Dolan, Garcia, Diegoli, Auerbach, 2000), and there can be little doubt that strong privacy protection is critical to commercial success in the 21st century.