How Privacy Laws Apply to Your supermarket

As a small business, establishing trust and a maintainable level of transparency with your customers is essential to maintaining a favourable brand reputation. Part of this trust and transparency is achieved in ensuring that your supermarket is taking the steps necessary to be compliant with Australian Privacy Laws.

Though many laws detailed in the federal Privacy Act may not apply to supermarkets by nature of the business model, there are notable exceptions. Being aware of what steps to take to remain in compliance with Australian law is important not only to maintaining brand reputation, but ensuring your business does not face legal action as well.

From security recordings in your store to potential marketing or email campaigns, here’s how Australian Privacy Laws may affect your supermarket.

Security Cameras

Most supermarkets have a series of security cameras to record activity in and around the business. From car parks to the inside of your store, security cameras protect against theft, vandalism, and other crime common at supermarkets. However, recording images of your customers must be done with an awareness of privacy laws.

Customers should be made aware they are being recorded, and the information collected should not be used for undisclosed purposes. Recordings collected for training purposes should be disclosed to those recorded as well. Ensure cameras are not installed in private areas such as bathrooms or staff changing rooms.

It is also important to note that laws surrounding surveillance, call recording, and CCTV differ across Australia. Be sure to learn about what is required by your specific state or territory to avoid violating privacy law.

Marketing Campaigns

If your supermarket regularly runs marketing campaigns, giveaways, or promotions, it’s likely that your business has collected personal information and data from your customer base. This data must be collected under guidelines set by the Australian Privacy Act.

In order to safely collect data for campaigns, ensure that only what is necessary is stored by your business. Always notify the customer that their data is being collected, and for what purpose it’s being used. If your business is running promotional campaigns or newsletters which require input of an email address, additional measures should be taken.

Online data is subject to breach, and emails accessed by your business should be protected by technical security. Additionally, emails sent by your supermarket should include a note or disclaimer that allows individuals to opt out, or unsubscribe from receiving email from your supermarket in the future.

If a customer requests that they be unsubscribed, remove their information. Best practice is to never retain unnecessary personal information that could compromise customer security, or the security of your business.

Internal Customer Accounts

While supermarkets do not collect the same amount of confidential information seen in businesses such as healthcare or computer security, many of our members run supermarkets that provide customers with an opportunity to create personal or business accounts. These internal accounts may give rewards, benefits, or extended access to those who sign up. Most require some degree of personal information to be provided by the customer.

Much like information collected during email or marketing campaigns, it is important that your supermarket collect only the information necessary to run the internal account. Never ask for highly sensitive information, and keep customer information safe..

A data leak that grants access to personal information from your customer base is highly detrimental not only to your customers but to your business as a whole. Don’t take risks! If you are unsure of how to adequately protect data collected in internal accounts, reach out for assistance from a professional.

Protect Your Business and Your Customers

While Australian security law may not be as readily known as security standards presented by other countries, it is still crucial to know how the Australian Privacy Act applies to your business. While supermarkets handle less sensitive data and information than other businesses in question, they still are subject to several areas of the law.

From security recordings to email campaigns or memberships, taking the steps to ensure your supermarket is in compliance protects not only your customers data, but your business’s reputation as a whole.

IndiHub members are able to access our IndiHub Legal Helpdesk to get personalised help and advice with all legal related issues. If you require help please contact Matt Ritson on 0404 335 559 or [email protected]

Scroll to Top