- Data about the kinds of personal information collected and held by the business,
- Information about how the business collects personal information – both directly and indirectly,
- How the business stores personal and sensitive information,
- Reasons for the collection, storage, usage and disposal of personal information,
- Instructions on how individuals may access personal information that is held by the business organisation and how they can correct their personal information,
- An outline of the complaint process,
- Information about whether the business is likely to disclose personal information to overseas organisations. This should outline, where reasonably possible, a list of the countries where the data may be disclosed.