Cleo operates a small business owned by Burn Black & White Pty Ltd (BB&W) in specialist motor racing parts. Cleo is sole director and CEO. The business currently operates out of the garage of her family home. As such, the business relies predominantly on online sales and she discourages customers from visiting the shop floor, although it is very tastefully fitted out as a small showroom.

Cleo’s daughter Ziggy is a QUT student (and member of the company) and she has been reviewing the company’s data policies for an assignment. She raises the following matters with Cleo for review.

Complete the blanks below.

After reading the practice identified by Ziggy, indicate in the first box with the word yes or no (use the whole word, not case-sensitive) whether you decide that the practice complies or violates Australian Privacy Principles (APP), and in the second box, nominate the relevant privacy principle (as a number) as reference. In the final box, insert the name or initials of the regulator.

PRIVACY PRINCIPLES

(a) Cleo operates a small business owned by Burn Black & White Pty Ltd (BB&W) in specialist motor racing parts. Cleo is sole director and CEO. The business currently operates out of the garage of her family home. As such, the business relies predominantly on online sales and she discourages customers from visiting the shop floor, although it is very tastefully fitted out as a small showroom.

Cleo’s daughter Ziggy is a QUT student (and member of the company) and she has been reviewing the company’s data policies for an assignment. She raises the following matters with Cleo for review.

Complete the blanks below.

After reading the practice identified by Ziggy, indicate in the first box with the word yes or no (use the whole word, not case-sensitive) whether you decide that the practice complies or violates Australian Privacy Principles (APP), and in the second box, nominate the relevant privacy principle (as a number) as reference. In the final box, insert the name or initials of the regulator.

Your answer for each box is worth 1 mark each.
HINTS: You can only have one answer per blank.
You only have limited information so make your best judgment.
You only need to nominate one privacy principle, although more than one may apply.

i. BB&W has a very loyal customer base, almost like a club. Online customers are asked if their details can be stored by the company, so they can be contacted about special events and promotions. All data are stored online in the company’s secure records.

Comply? APP:

ii. Cleo is concerned about her personal security. Customers who attend the showroom are discretely filmed on closed circuit TV. Cleo doesn’t destroy the footage until she is satisfied that she has identified every person who entered the showroom and she saves their image to their customer file.

Comply? :

APP:

iii. Cleo allows Ziggy access to the customer files.

Comply?:

APP:

iv. During the COVID-19 pandemic restrictions, Cleo was very careful with the government-mandated check-in procedures, which were not too onerous given most transactions were online. However, as she is quite familiar with those customers who transacted in person, she developed a habit of keeping a record of customers’ vaccination status in their customer files.

Comply? :

APP:

(b) Cleo asks: what government regulator should she approach for more information on Australian Privacy Principles for small businesses? (Answer in the box).