Is privacy a scary word in your NFP?

How do you manage your confidential, financial or personal information of your clients or members?

Did you know that legislation passed in 2014 under the Privacy Amendment Act 2012, individuals can now be fined up to $340,000 with penalties up to $1.7 million for an organisation.

While this legislation does not apply to all organisations it is important know whether it does apply to your organisation or you are exempt.  As such follow this link in relation to Privacy for more information.

Even if your organisation may actually be exempt you still have obligations in relation to how you handle credit card information when payments or donations are made, bank account details, information disclosed on enrolment, membership or application forms that can contain health, employment and home addresses.  At first you may think some of this information isn’t really confidential but that is not always the case as all the information listed above could be used in a negative way depending on who is using it.

Therefore, what controls or measure are in place that relate to management of this information.  For example, when the information is no longer required are they just thrown out in the rubbish, are records left on a desk or stored in filing cabinet that anyone can easily access. Even if you store records on a computer is it password protected and only known people can access the information.  What software and virus protection programs are used to prevent the information being unlawfully hacked into or unlawfully downloaded?  In addition, many of these issues relate to fraud control as there have many incidents reported recently where credit card details have been downloaded.

These are just some issues but what is highlighted is the need to be aware of your obligations and to ensure your have process and procedures in place to avoid the breach in confidentiality and that you actively manage the information.