Contractors with an annual group business turnover of more than $3 million must comply with privacy law.

Most importantly, the law requires contractors to treat their customer’s personal information as confidential.

Michael Leahy, an accredited specialist in business law with extensive AV industry experience, says that privacy law requires contractors to:

Prepare a privacy policy and publish it to customers – for example, on their website;

Provide a privacy notice to new individual customers when signing

The contractor can only use personal information for the purpose for which it was collected. So if your group is looking to ‘crosssell’ an unrelated product to your customers, your privacy policy needs to say so.

“What a contractor mustn’t do is sell a customer list to a separate company (outside the group) purely for marketing to your customers. Privacy law is very much against ‘trafficking’ in customer lists,” he says.

“A contractor must take reasonable steps to protect the information from misuse and loss and from unauthorised access, modifi cation or disclosure. This may mean checking to ensure that your in-house computer and document systems are secure from hacking and theft. Computers should be password protected and documents kept locked away when not being accessed.”

Further, a contractor must destroy or permanently de-identify customer’s personal information when it is no longer needed. Obviously a customer’s personal information can be retained by the contractor for as long as customer is still likely to need them for service calls, warranty issues, regular maintenance or even replacement products. A six year period is the typical period for which most customer information is stored, as a customer could make a claim for breach of contract or negligence within six years after an installation.

Michael says another interesting privacy issue in recent times is how source codes are dealt with when undertaking security installations.

“When installing security technology, many installers don’t provide the customer with the source codes that are necessary to make any modifications in the future. This is a serious breach of privacy law when the customer is an individual,” Michael says.

“If a home owner doesn’t have those codes they can effectively be locked out of their own house and be unable to access a system that opens the front door. Not only that, but if they ever sell the house, they need to have the codes to pass onto the new buyer.”

Michael believes the problem is not only that contractors are not supplying the codes, it’s that they are not informing the customer that they exist in the first place.

“Sometimes the installer wants to make sure that any future business isn’t undertaken by untrained professionals or doesn’t become overly expensive for the client. However, most of the time they withhold the information to guarantee themselves repeat business.”

Michael advises that the correct approach is for the contractor to inform the client the codes will be supplied when their bill has been paid in full.

As this privacy law has only been in place since 2000, the consequences for a breach are still not particularly severe, however Michael says this could be set to change in the future.

He adds that there have been proposals to bring in a legal tort (a wrongful act that results in injury to a person’s property or reputation, which entitles the injured party to compensation) which will allow a customer to sue an installer for a breach of a privacy law.