Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

A short guide to privacy law: Part 1

Guy Betar | July 16, 2015
In the first of a two part series, Guy Betar looks at your privacy obligations and why they should not be ignored.

There is a growing focus in the community on privacy and personal information, and that will no doubt continue as data becomes an increasingly valuable commodity in big business.

The Big Brother spectre is a real and growing perception, and business cannot afford to ignore the importance people place on the integrity of their privacy.

Privacy Commissioner, Timothy Pilgrim, has quite broad sweeping powers to act on complaints as well as instigating his own investigations.

The Commissioner recently worked with the Data Protection Commissioner of Ireland and Office and the Privacy Commissioner of Canada, to investigate the consequences of a major data breach involving Adobe's facilities in Ireland.

Part of Adobe's network in Ireland held some 1,700,000 records of Australian customers. The Australian Commissioner found that Adobe failed to take reasonable steps to protect all of the personal information it held.

So it's worth keeping in mind that although you may be liable for damages and other penalties for beaching the Privacy Act, the damage to reputation from the incident and the government's publicised investigation and findings, may have a far greater effect on your business and bottom line.

So, who is obliged to comply with the Privacy Act?

If your business collects personal information, and your annual turnover is greater than $3 million, then as a general rule you must comply with the Act's requirements. Even if you are well aware of this general obligation, with the changes to the Act that took place in 2014, chances are you need to review your compliance and your privacy policy to ensure you are up to date.

As a simple statement, the Act prohibits 'interfering' with the privacy of an individual. It also specifically provides that interfering with an individual's privacy occurs when conduct breaches an Australian Privacy Principle (APP).

The next important questions are: What is 'personal information', and how does the Act affect those that collect and handle it?

Personal information is information or an opinion about an individual who can be identified, or who is reasonably identifiable. The truth or correctness of the information or opinion is not relevant.

There is a sub-category of personal information called 'sensitive information', which is subject to more stringent controls under the Act. Sensitive information relates to race, ethnic origin, religious beliefs and related matters.

The principal obligations for the collection and handling of personal information are set out in the APPs. Some of the key obligations under the APPs are considered below.

You have to take reasonable steps to ensure you can deal with inquiries or complaints when you are collecting and handling personal information. You also have to have an up-to-date and readily available privacy policy. The APPs contain a list of specific matters that your privacy policy must include (APP1).

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.