Most Read Contributor in Australia, September 2016
On 12 March 2014, new privacy laws came into effect. Under the
new laws, certain businesses may be liable to pay fines of up to
$1.7m for serious or repeated breaches. The new laws change the
credit reporting system and introduce a new set of binding privacy
principles which regulate the way in which 'personal
information' is handled.
'Personal information' includes an individual's
name, address, telephone number, date of birth, bank account
details, medical records and commentary or opinions about a person.
It does not matter whether this information is true or not, or if
it is recorded in a material form or not.
Other things you should consider:
personal information? Has the policy been updated to reflect the
new privacy laws?
Do you collect personal information? Is it reasonably necessary
for your business to collect all the personal information you
How do you notify your customers that you are collecting their
personal information? Do you notify them when it is collected?
For what purpose do you use and disclose the personal
information? Do you disclose personal information overseas to third
party providers? Where do your Australian technology providers
store and hold your business' personal information?
Have you made contractual arrangements with your technology
provider to ensure they comply with the new laws?
How do you secure your personal information? Do you have
sufficient physical and electronic security practices and
procedures to protect the personal information from misuse,
interference, loss, unauthorised access, modification or
Do any exceptions apply? How long does your business keep
personal information? Do you have a data retention policy?
Recently we have assisted our clients by:
Preparing and/or amending privacy policies, collection notices
and internal privacy procedure documents to comply with the new
Reviewing contractual arrangements with both onshore and
offshore cloud providers to determine their collection, storage,
management and destruction practices
Reviewing and/or drafting clauses in contracts to comply with
the new privacy law
Conducting privacy questionnaires to understand privacy
practices and procedures and
Providing privacy training to staff.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Those types of personal disclosure may still be permitted under the Privacy Act as long as your house is in order.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).