Data and Privacy.
There is little doubt that in today’s technology-driven economy, the protection of data and privacy generally is a key business risk. Whether you are a startup with global ambitions or a global organisation with local issues, data and privacy protection should form a central element of any business strategy.
We are well placed to assist you with any issue you may have in relation to data and privacy protection. We seek to provide advice that is accurate yet commercially focussed.
We take the time to understand your risk profile and draw on our experience to shape solutions for you that conform to local regulations while allowing the flexibility you require to ensure your business grows. In times when your business may operate in one jurisdiction but store data in another, we work with you to ensure that your strategy is clear and that you understand both legal and regulatory issues.
Our understanding of the regulatory environment within which data and privacy protection operates in Australia is unparalleled and, where your business has global ambitions, we have a well-developed network of experts we can draw on to ensure that we add value to your business.
5 things you need to know about Data and Privacy
-
The principal privacy rules and regulations in Australia are contained in the Privacy Act 1988 (Cth) and what is known as the Australian Privacy Principles or APPs. The Office of the Australian Information Commissioner (OAIC) is the regulatory body responsible for compliance and enforcement of privacy laws in Australia. In short, the OAIC is the body to whom your business must answer in the event of a data breach, or the body to whom you may make a complaint about the handling of your personal information.
-
The term ‘personal information’ is defined under the Privacy Act to mean any information or opinion about an individual, or that may reasonably identify an individual. The guidance offered by the OAIC indicates that it does not matter whether this information or opinion is true or not, nor does it matter whether it is recorded in a material form.
-
The Privacy Act also distinguishes between the different ways of handling personal information (i.e. whether a business entity ‘collects’, ‘discloses’, ‘holds’ and/or ‘uses’ the personal information). Contexts such as direct marketing and cross border disclosure will also affect a business’ handling of personal information.
-
Data sovereignty is an issue that may arise when a business stores data in a foreign jurisdiction and the data stored is subject to the laws of that jurisdiction. Discussions around data sovereignty generally concern compliance with the laws of another jurisdiction or the intersection of that foreign law with the local laws of a user.
-
In Australia, there are now mandatory notification obligations following data breach. The obligations apply to any organisation that is subject to the Privacy Act - whether based in Australia or a foreign registered company that carries on business in Australia and which collects or transmits data.