“The right to be left alone is the most comprehensive of rights and the right most valued by civilised people.”
— Warren and Brandeis, The Right to Privacy (1890)

From online shopping to airport security to digital health records, most people now live with a level of monitoring and data collection that would have been unthinkable a generation ago. Personal information is routinely captured, stored and analysed by organisations we may never directly interact with.

Most individuals accept that these changes are part of modern life and, in many cases, bring genuine benefits — convenience, safety, efficiency and better services. What they do not accept is being reduced to “just a data point”. Privacy remains closely tied to human dignity, autonomy and trust, even in a highly digital world.

Privacy as a Matter of Human Dignity
Australian privacy law reflects this connection. The Privacy Act 1988 and the Australian Privacy Principles (APPs) set clear expectations that personal information — and especially sensitive information such as health data, biometrics or behavioural indicators — must be handled with care, transparency and restraint.

Beyond compliance, these obligations speak to a deeper principle: people have a legitimate interest in understanding and controlling how information about them is used. Privacy is not about secrecy; it is about respect.

For organisational leaders and HR professionals, this means treating personal data as information entrusted to the organisation, not a resource to be exploited. Collection and use should always be anchored in:

• Clear purpose — why is this data genuinely needed?
• Proportionality — is the level of data collected appropriate to the goal?
• Transparency — would a reasonable person understand and expect this use?

Transparency Builds Trust
Trust is built when people feel informed, respected and listened to. Privacy practices play a central role in shaping that experience at work and in customer relationships.

Recent Australian case law has reinforced this point. The appeal decision in Bunnings Group Ltd v Australian Information Commissioner highlighted that even where an organisation has legitimate objectives — such as safety or security — failures in transparency and notification can undermine compliance with the APPs.

The lesson for leaders is practical and clear:

• Privacy notices should explain what data is collected, why, and how it will be used.
• Language should be accessible and plain, not buried in dense legal text.
• Where sensitive information is involved, consent and meaningful choice should be taken seriously.
• Doing this well is not merely about avoiding regulatory risk. It signals respect for people’s agency and reinforces confidence in leadership decisions.

Balancing Safety, Security and Privacy
Organisations increasingly rely on data-driven tools to manage risk, improve performance‑driven tools to manage risk, improve performance and protect people. These goals are legitimate. However, the use of technologies such as surveillance systems or facial recognition requires careful judgement.

Australian regulators and tribunals have made it clear that the question is not simply whether a tool can be used, but whether its use is necessary, proportionate and well-governed‑governed. Leaders should be able to explain:

• Why this technology is needed rather than a less intrusive alternative
• How privacy risks have been assessed and mitigated
• What safeguards are in place to prevent misuse or function creep

This discipline strengthens decision-making and helps organisations maintain credibility when introducing change.

Embedding Privacy into Leadership and Culture
The bottom line is that privacy is most effective when it is built into everyday leadership practice rather than treated as a one-off compliance exercise. This includes:

• Assessing privacy impacts early when designing new processes or systems
• Equipping leaders and managers to make sound judgement calls about data use
• Reviewing privacy practices regularly as technologies and ways of working evolve

When leaders role-model thoughtful, people-centred decision‑making around data, it sets a clear tone for the organisation. It reinforces a culture where individuals feel respected, safe to speak up, and confident that change is being managed responsibly.

Public concern about data breaches and misuse of personal information remains high. How an organisation responds when things go wrong is as important as the controls it puts in place.

Effective responses are timely, transparent and focused on minimising harm. Clear communication, accountability and visible learning from incidents all contribute to rebuilding trust.

In an age of AI and pervasive data collection, privacy still matters — not as an obstacle to progress, but as a foundation for ethical leadership, inclusion and sustainable performance.