Privacy – it’s a broad topic so save time and read the top 5 things we think you need to know.
By personal privacy, we mean the protection of a person’s private life. This is distinct from the protection of personal information, which is protected in part by various pieces of State and Commonwealth legislation.
The 1937 decision in Victoria Park Racing and Recreation Grounds Co Ltd –v– Taylor established that there was no general cause of action for breach of privacy in Australia. This was somewhat reinforced in ABC –v– Lenah Game Meats Pty Ltd [2001] HCA 63 when the judges noted that a cause of action for breach of privacy could exist but otherwise reasoned that personal privacy was currently protected sufficiently by the mixture of causes of action relating to trespass, nuisance, defamation and breach of confidence.
The Australian Privacy Principles are attached as a schedule to the Privacy Act 1988 (Cth) (“Privacy Act”). Before 12 March 2014, these principles were known as the National Privacy Principles. If your Privacy Policy refers to the National Privacy Principles, it’s a good indicator that they haven’t been updated to reflect the 12 March 2014 changes.
Before you rush out and change your Privacy Policy, it is worthwhile obtaining advice on whether you are even required to comply with the Privacy Act.
As a general rule, the Privacy Act will apply to you if you collect personal information and:
Sensitive information is information or an opinion about an individual’s racial or ethnic origin, political opinions, philosophical beliefs, sexual orientation or practices (among other things).
Health Information has a more complicated definition in the Privacy Act, but broadly speaking, means information or an opinion about the health or disability (at any time) of an individual; or an individual’s expressed wishes about the future provision of health services to him or her, or a health service provided, or to be provided, to an individual.
You should seek legal advice to ascertain whether or not you fall into those categories and whether or not the changes apply to your business.
Some businesses elect to comply with the Privacy Act on the basis that it creates consumer confidence in their services and the way they deal with their customer’s personal information. You can do this via the website: http://www.oaic.gov.au/privacy/applying-privacy-law/privacy-registers/opt-in-register.
Before you rush out and opt-in, we recommend that you seek legal advice on the full extent of your obligations under the Privacy Act.
You also might be liable if the company you provide the personal information to does not adequately protect the personal information.
This situation can easily arise if you input your customer’s personal information (name, email address) into an online (cloud based) email marketing database. Often, these cloud-based services store that personal information in databases overseas.
Australian Privacy Principle 8.1 states that before an APP entity (you, if you’re obliged to comply with the Privacy Act) discloses personal information overseas, it must “take such steps as is reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles.”
There are ways to become exempt from liability arising from a breach of personal information disclosed offshore.
We recommend you seek specific advice on how to protect yourself from an overseas third party breach of your customer’s personal information.
The Australian Information Privacy Commissioner has enhanced powers to investigate under the amended Privacy Act and a range of enforcement powers. Particularly, the Commissioner has the power to seek a civil penalty for serious or repeated breaches of an individual’s privacy. This penalty has increased to a maximum of $1.7 million for a corporation and $340,000 for an individual.
In summary, there are five important things you must know about Privacy in Australia and $1.7 million reasons to obtain further advice particular to your situation.
If you need legal advice about the application of the Privacy Act to your business, please contact Peter North (Senior Associate, Business Law) at petern@lewisholdway.com.au or on (03) 9629 9629.
Copyright © 2021 Lewis Holdway Lawyers. Website Design By LGT Digital