Most Read Contributor in Australia, September 2016
Earlier this year, significant changes to the Australian Privacy
Act - the primary legislation dealing with the handling of personal
information - came into operation.
The changes introduced a new rule limiting direct marketing
across all channels, not just spam, and gave the regulator
significant powers to impose fines of up to $1.7 million on
businesses, as well as the ability to impose sanctions such as
The changes to the Act were passed in late 2012 and since then
the regulator has issued a range of guidance notes and run a public
awareness campaign. As a consequence, Australians are very aware of
their rights and their ability to access their information and have
Australians are also concerned about their personal information
being sent overseas where regulations may not be so strong and they
may be subject to identity theft or credit card fraud. While this
can be managed under the law by obtaining the informed consent of
the individual, this may not be the case with certain
In line with this approach, many Australian government
departments and agencies strictly prohibit the transfer of personal
information about their staff being transferred overseas as a
matter of contract. They are particularly sensitive to Australian
personal information going to jurisdictions where it will be
subject to the US Patriot Act.
This is problematic as many companies use cloud based
communication and information storage systems which are located
If a business located outside of Australia has in place any
contracts with an Australian government department or agency, they
should review the requirements of their contract as they move to
the use of cloud based services.
A recent news item has highlighted the importance of this.
Australian optometry services provider OPSM is owned by foreign
conglomerate Luxottica. OPSM had been the sole provider of
optometry services to the Australian Defence Force (ADF) in a
contract worth $33.5 million.
The ADF cancelled that contract a month ago after it discovered
that since September 2012, Luxottica and OPSM had been storing
personal information of ADF personnel offshore. It is understood
that while the information was not disclosed to third parties
outside the Luxottica Group, the information was transferred
offshore as part of Luxottica's IT system, prompting some
security concerns from the ADF.
This is an issue that may apply to other companies who use cloud
based services and who do not adequately advise end users.
Dealing with the way a company internally handles personal
information - on a national and international level - is an area
that companies need to consider from a risk perspective.
This publication does not deal with every important topic or
change in law and is not intended to be relied upon as a substitute
for legal or other advice that may be relevant to the reader's
specific circumstances. If you have found this publication of
interest and would like to know more or wish to obtain legal advice
relevant to your circumstances please contact one of the named
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The legal rights and wrongs of taking photos can be confusing, so what does the law say about photos in a public place?
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).