Every business that turns over more than $3 million is regulated by the Privacy Act 1988 (Cth). The Act and the Australian Privacy Principles set out rules for how you collect, use and store personal information.
A business lawyer can reduce your risk of a breach.
- the kind of personal information the business collects;
- how the personal information is collected and held;
- the purposes for which the personal information is collected, held, used and disclosed;
- how an individual may access personal information about themselves and seek the correction of such information;
- how an individual may complain about a breach of the Principles, or a registered Australian Privacy Principle code (if any) that the business is bound by, and how the business will deal with such a complaint;
- whether the personal information is likely to be disclosed to overseas recipients; and
- if the business is likely to disclose personal information to overseas recipients – the countries in which such recipients are likely to be located (if it is practicable to specify those countries in the policy).
- New Amendments to the Act
It’s not all that simple.
Prior to February 2018, the law did not require you to notify an individual who may be affected by there being a failure to take reasonable steps to protect personal information. The amendments now provide that you must report a data breach to the Commissioner and the harmed individual, if:
(i) there is unauthorised access to, or unauthorised disclosure of, information held by an entity; or
(ii) information is lost in circumstances where there is likely to be unauthorised access to or unauthorised disclosure of information; and
a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relies.
Need a business lawyer yet? Leave it to us!
For further information regarding the review, amendment and preparation of Privacy Policies and privacy procedures, please contact Alex Martin on 9481 2000 or firstname.lastname@example.org.