7 May 2014

Many of our clients across diverse industry sectors have sought from us practical advice on the implications of the recent changes to The Privacy Act 1988 (Privacy Act).

 

These changes have:

 

  • placed new obligations on private businesses and organisations aimed at protecting individuals’ personal information; and
  • given new, wide ranging powers to the Office of the Australian Information Commissioner (OAIC).

 

Primarily, the amendments to the Privacy Act are responsive to community concerns regarding unsolicited direct marketing, credit reporting and general concern regarding the use of personal information. However their implications and impact are not limited to these issues.

 

Privacy Exposures

 

Breaching the Privacy Act and being subject to investigation and penalties by the OAIC are not the only potential exposures to consider in relation to potential privacy breaches. 

 

You may be liable:

 

  • for breach of contract; 
  • in negligence (for failing to maintain information);
  • for engaging in misleading conduct (if you make misleading representations regarding privacy or your businesses’ technology and information management systems);
  • for defamation (if a breach adversely affects someone’s reputation); and 
  • criminal prosecutions (for example unauthorised access to computers, electronic stalking & harassment or unauthorized surveillance).

 

Perhaps the most serious risk is damage to your organisation’s brand and reputation.  If your clients lose confidence in your ability to manage their personal information the damage is likely to be serious and in professions or industries, irreparable.

 

A pro-active approach to managing personal information carefully and using all practical means of protecting it from unauthorised disclosure is absolutely necessary not only to comply with the law but to protect and preserve your brand.

 

What can the OIAC do?

 

The new powers the OAIC have been given under the Privacy Act are based an escalation model:

 

Encouraging Compliance Ü Investigating Ü Enforcement / Punishment

 

Encouraging Compliance

 

The OAIC has powers to work with an entity to encourage compliance and best practice privacy protections.

 

The OAIC can request an entity, group of entities, body or association (for example insurance, credit providers, telecommunications etc) to develop an Australian Privacy Principles (APP) Code and apply to the Information Commissioner for the Code to be registered.

 

Once registered the Code becomes legally binding on all organisations it relates to.  This will allow industry groups to develop codes that consider their specific industry needs.  If an industry or entity fails to develop and register a code the OAIC has the power to impose a Code.  This power provides clear incentive for industries and groups to efficiently participate in development of an APP Code which adequately considers factors that affect management of personal information specific to their business type.

 

The OAIC can also monitor and assess whether personal information is being maintained and handled by an entity in accordance with relevant provisions of the Privacy Act.

 

Investigating Breaches/ Complaints

 

A breach of any of the provisions of the Privacy Act by an entity will be considered to be an ‘interference with privacy’. Where such an interference occurs, or is suspected the OAIC can investigate. 

 

The OAIC may undertake preliminary inquiries, hold a hearing or conference and require information to be produced or a person to attend before the Information Commissioner to answer questions under oath.  If necessary the OAIC can also refer the complaint to an alternative complaint body for further investigation.

 

Enforcement / Punishment

 

Where a complaint has been investigated the OAIC may accept an enforceable undertaking from an entity in relation to actions that will remedy or avoid interferences with privacy.  Such an undertaking can be accepted even where no clear breach of the Privacy Act has been established.

 

If the OAIC determines that an interference with privacy has occurred, or may be occuring it can seek an injunction to prevent further interference from occurring.  Where breaches are serious and/or repeated the OAIC can apply to the court for a civil penalty order which can result in fines of up to $34,000 for individuals and $1.7 million for body corporates.

 

Staying out of trouble with the OAIC

 

The OAIC has released a draft policy statement that outlines how it intends to apply its new powers. http://www.oaic.gov.au/privacy/privacy-engaging-with-you/previous-privacy-consultations/oaic-s-privacy-regulatory-action-policy/oaic-s-privacy-regulatory-action-policy-draft

 

The policy is at pains to underscore that the OAIC will encourage voluntary compliance and resort to enforcement only where conciliation and cooperation have failed. 

 

Best Efforts Defence

 

Before taking any actions the OAIC will “take into account the steps taken by an entity to comply with its privacy obligations”

 

A plan (even if not fully implemented) is a reasonable defence.  It is important that organisations can provide documentary evidence that all reasonable steps were taken in considering how to protect their clients’ privacy and plan for managing potential breaches.  This includes developing and publishing a privacy policy, considering what information is genuinely required to be collected and stored in order to deliver your services, planning for potential breaches of privacy, providing staff training and conducting checks and reviews of how personal information is being managed.

 

Report Your Own Breaches

 

If there is a data breach incident the OAIC will consider whether to launch a Commissioner Initiated Investigation (CII).  The OAIC may decide a CII is unnecessary where “an entity voluntarily and proactively notified the OAIC of the incident and can demonstrate that it is responding appropriately to the breach.”

 

Co-operate

 

Where there is a complaint, the OAIC will generally investigate – however the stated aim of their investigations is conciliation. 

 

If an entity is cooperative the conciliation ought to be successful relatively quickly. 

 

External Dispute Resolution Schemes (EDRS)

 

If your privacy policy establishes an EDRS the OAIC will usually not get involved and allow that process to deal with complaints.

 

Review and Appeal Rights

 

You can request the OAIC to review any decision it makes (internal review).

 

You can make a complaint to the Commonwealth Ombudsman who will consider whether there has been any unfair treatment and can recommend the OAIC reconsider or change its action.

 

It is possible to appeal to the Federal Court for judicial review where you feel you have not been accorded procedural fairness by the OAIC.

 

The Administrative Appeals Tribunal is only available to review orders relating to compensation to be paid by or to a government body.

 

This is general information only, and does not constitute specific legal advice. Murray Thornhill is the Director at HHG Legal Group with the Litigation/Commercial Law team. Nicole Young is a Criminal Solicitor with the Litigation/Commercial Law team at HHG Legal Group. If you would like further details in relation to this information, please contact Nicole on 9322 1966.

 

 

 

 

 

 

100 years of Supporting West Australians

"My family law experience with Mary Roubos has restored my faith in solicitors in general. She not only demonstrated her legal expertise and flair, but also showed a compassionate and understanding nature during the lengthy process. I felt that Mary went above and beyond her obligations as my solicitor, and really listened to me. I would highly recommend Mary and her assistant Debra Wilson, who also demonstrated professionalism and excellence on all levels."

Renee Frangiosa

"Always fast and thorough service. Thank you"

Sitka Pil

"I found Ben most helpful and always prompt to let me know where things were at. Will definately use Ben again and will recommend to others."

Gerrit and Mary Van Bralal

"We wish to express our thanks for your help in attending to our mother/ wife's will - Mrs Grace Margaret Vessey. Aimee was extremely helpful and easy to deal with. We are greatful for your help with our affairs."

Ms Rosalyn Norman, Mr Stephen Vessey

"Thank you ever so much for all your hard work on my case Nicole, I really appreciate everything you did for me."

Workers Compensation Client

"Thank you for such great assistance with the transaction of Flying Domestics on behalf of Lorna Good. It has been such such a pleasure to work with the HHG Legal Group and I look forward to working with you in the future."

Jim Goodwin

"Simon Creek and his team were at all times empathic, professional and confident.  My matter needed to be addressed within a pressing time frame, and their availability at short notice and contact after hours was much appreciated.  It caused me considerable stress, but having such a thoroughly reliable and competent team to call on helped me to feel in control. Although I hope not to need their services again in future, I would be confident in doing so!"

Dr Lana Bell

"A good outcome is what we can expect.  A great outcome is a sign of a company which does the very best for their clients. A very big thank you to Daniel Morris for showing empathy towards my small and much needed legal action.

To HHG Legal Group, thank you for a great outcome.  I would recommend your company to anyone seeking legal services."

Jan Atkinson

"Your support this morning was amazingly kind, not to mention your totally reassuring competence, knowledge and wisdom that you used on my behalf.  It was extremely reassuring to have your knowledgeable support, and I particularly appreciated your real and obvious kindness to me. It means so much at a very difficult time. I'm so grateful to you."

Family Law Client

"I highly recommend the services of HHG Legal Group for both personal and business needs. HHG is very up to date with legal advice and are in tune with the evolution of business."

Robert Forgione

"Sue and myself would like to thank HHG for the way in which our dispute was resolved. It is good to know that people who do not have an understanding of the legal system can rely on people like yourself and the company you represent. Without the assistance of HHG we could not have resolved the problems we were facing, not only have we resolved the issue but the outcome was more favourable then we would have thought possible. Thank-you and please pass on our thanks to all those who worked behind the scenes to achieve this outcome."

Rick and Sue Ashton

"Janene was very professional and we established a good rapport quickly. The subject of death and wills can be quite confronting to deal with, however Janene's approach was soft and accommodating."

Lynette Livesey

"A big thank you to HHG for their professional service, continued support, and wide range of legal knowledge. Our clients have given us nothing but kind words regarding HHG Legal Group and so we have no hesitation in referring and recommending Simon Creek and HHG Legal Group for their outstanding services and legal expertise."

Nigel Plowman, Director at McKinley Plowman & Associates

"Simon is a friendly and practical legal advisor. I have received great feedback from the clients I have referred to him and his team at HHG Legal Group."

Richard Beal, Director at BDO

"Over the last few years, I have been impressed by Simon’s legal ability, management skills, entrepreneurial spirit, personal integrity and people skills. He appears to be that rare breed of lawyer – both knowledgeable and commercial."

Michael Malone, Founder of iiNet

"Our family has been a client of HHG Legal Group over many years and most recently in 2013 and February 2014.  Business has included drawing up of wills for three generations and preparing of probate for my father in law.

I would have no hesitation in recommending HHG Legal Group to anyone requiring such services."

Bernice Climie

"You should be congratulated for the manner in which your staff address clients and we found our dealings with your company, once again a very pleasant experience and we would like to truly thank you for your efforts."

Steve Harvey and Jane Powell

"HHG Legal were absolutely fantastic. Extremely responsive and brought calm to our chaotic family situation through their knowledge and caring attitude. Extremely professional from our very first contact with them and they expertly guided our family though the required legal process over almost a 12 month period."

Amanda Williamson

"Fantastic team! They really care about their client. Tim Colcutt is a 'go that extra mile' guy who gives his client his all. I can't recommend HHG and Tim enough."

Kerry Samson

"Anne Hurley has been such a valuable resource of information and advice, her wealth of knowledge is truly impressive and her ability to explain things in a way that makes them easily understood is very much appreciated. Anne and the wider HHG Legal Group are always a pleasure to work with."

Giorgia Parham

"I had a fantastic lawyer in Anne Hurley. She helped me out a great deal with good, sound advice in a friendly , professional manner. First class, thanks Anne"

Graeme Hammond

"Marine Plant Systems has been working with HHG Legal Group for a few years now and they continually provide first class service. Their professional advice has been invaluable to our company."

Carolin Grimm

"We were kept up to date at all times. Pricing was always updated over the time period so we remained "in budget". Personal access to someone whenever I had questions. All in all a great experience without too much fuss."

Rosslyn Tasker - COO AltusQ Pty Ltd

"Good service you can count on."

Miles Lee

"HHG Legal Group have provided outstanding support as I have taken the journey of buying a business, their professionalism is beyound reproach. Their assistance throughout the Due Diligernce process have been invaluable, I would fully recommend them."

Mark Armitage

"I have experienced how good the HHG Legal Group team are over the last 6 years and highly recommend them."

Lyn Hawkins

"Very friendly and efficient service - what a pleasure working with Anne."

Jacques Taylor

"I highly recommend Daniel from HHG Legal Mandurah. When dealing with a complicated legal property matter recently I was extremely impressed by Daniel's honesty and integrity and the legal advice I received. I am very happy with the service from HHG Legal."

Tony Walker