7 May 2014

Many of our clients across diverse industry sectors have sought from us practical advice on the implications of the recent changes to The Privacy Act 1988 (Privacy Act).

 

These changes have:

 

  • placed new obligations on private businesses and organisations aimed at protecting individuals’ personal information; and
  • given new, wide ranging powers to the Office of the Australian Information Commissioner (OAIC).

 

Primarily, the amendments to the Privacy Act are responsive to community concerns regarding unsolicited direct marketing, credit reporting and general concern regarding the use of personal information. However their implications and impact are not limited to these issues.

 

Privacy Exposures

 

Breaching the Privacy Act and being subject to investigation and penalties by the OAIC are not the only potential exposures to consider in relation to potential privacy breaches. 

 

You may be liable:

 

  • for breach of contract; 
  • in negligence (for failing to maintain information);
  • for engaging in misleading conduct (if you make misleading representations regarding privacy or your businesses’ technology and information management systems);
  • for defamation (if a breach adversely affects someone’s reputation); and 
  • criminal prosecutions (for example unauthorised access to computers, electronic stalking & harassment or unauthorized surveillance).

 

Perhaps the most serious risk is damage to your organisation’s brand and reputation.  If your clients lose confidence in your ability to manage their personal information the damage is likely to be serious and in professions or industries, irreparable.

 

A pro-active approach to managing personal information carefully and using all practical means of protecting it from unauthorised disclosure is absolutely necessary not only to comply with the law but to protect and preserve your brand.

 

What can the OIAC do?

 

The new powers the OAIC have been given under the Privacy Act are based an escalation model:

 

Encouraging Compliance Ü Investigating Ü Enforcement / Punishment

 

Encouraging Compliance

 

The OAIC has powers to work with an entity to encourage compliance and best practice privacy protections.

 

The OAIC can request an entity, group of entities, body or association (for example insurance, credit providers, telecommunications etc) to develop an Australian Privacy Principles (APP) Code and apply to the Information Commissioner for the Code to be registered.

 

Once registered the Code becomes legally binding on all organisations it relates to.  This will allow industry groups to develop codes that consider their specific industry needs.  If an industry or entity fails to develop and register a code the OAIC has the power to impose a Code.  This power provides clear incentive for industries and groups to efficiently participate in development of an APP Code which adequately considers factors that affect management of personal information specific to their business type.

 

The OAIC can also monitor and assess whether personal information is being maintained and handled by an entity in accordance with relevant provisions of the Privacy Act.

 

Investigating Breaches/ Complaints

 

A breach of any of the provisions of the Privacy Act by an entity will be considered to be an ‘interference with privacy’. Where such an interference occurs, or is suspected the OAIC can investigate. 

 

The OAIC may undertake preliminary inquiries, hold a hearing or conference and require information to be produced or a person to attend before the Information Commissioner to answer questions under oath.  If necessary the OAIC can also refer the complaint to an alternative complaint body for further investigation.

 

Enforcement / Punishment

 

Where a complaint has been investigated the OAIC may accept an enforceable undertaking from an entity in relation to actions that will remedy or avoid interferences with privacy.  Such an undertaking can be accepted even where no clear breach of the Privacy Act has been established.

 

If the OAIC determines that an interference with privacy has occurred, or may be occuring it can seek an injunction to prevent further interference from occurring.  Where breaches are serious and/or repeated the OAIC can apply to the court for a civil penalty order which can result in fines of up to $34,000 for individuals and $1.7 million for body corporates.

 

Staying out of trouble with the OAIC

 

The OAIC has released a draft policy statement that outlines how it intends to apply its new powers. http://www.oaic.gov.au/privacy/privacy-engaging-with-you/previous-privacy-consultations/oaic-s-privacy-regulatory-action-policy/oaic-s-privacy-regulatory-action-policy-draft

 

The policy is at pains to underscore that the OAIC will encourage voluntary compliance and resort to enforcement only where conciliation and cooperation have failed. 

 

Best Efforts Defence

 

Before taking any actions the OAIC will “take into account the steps taken by an entity to comply with its privacy obligations”

 

A plan (even if not fully implemented) is a reasonable defence.  It is important that organisations can provide documentary evidence that all reasonable steps were taken in considering how to protect their clients’ privacy and plan for managing potential breaches.  This includes developing and publishing a privacy policy, considering what information is genuinely required to be collected and stored in order to deliver your services, planning for potential breaches of privacy, providing staff training and conducting checks and reviews of how personal information is being managed.

 

Report Your Own Breaches

 

If there is a data breach incident the OAIC will consider whether to launch a Commissioner Initiated Investigation (CII).  The OAIC may decide a CII is unnecessary where “an entity voluntarily and proactively notified the OAIC of the incident and can demonstrate that it is responding appropriately to the breach.”

 

Co-operate

 

Where there is a complaint, the OAIC will generally investigate – however the stated aim of their investigations is conciliation. 

 

If an entity is cooperative the conciliation ought to be successful relatively quickly. 

 

External Dispute Resolution Schemes (EDRS)

 

If your privacy policy establishes an EDRS the OAIC will usually not get involved and allow that process to deal with complaints.

 

Review and Appeal Rights

 

You can request the OAIC to review any decision it makes (internal review).

 

You can make a complaint to the Commonwealth Ombudsman who will consider whether there has been any unfair treatment and can recommend the OAIC reconsider or change its action.

 

It is possible to appeal to the Federal Court for judicial review where you feel you have not been accorded procedural fairness by the OAIC.

 

The Administrative Appeals Tribunal is only available to review orders relating to compensation to be paid by or to a government body.

 

This is general information only, and does not constitute specific legal advice. Murray Thornhill is the Director at HHG Legal Group with the Litigation/Commercial Law team. Nicole Young is a Criminal Solicitor with the Litigation/Commercial Law team at HHG Legal Group. If you would like further details in relation to this information, please contact Nicole on 9322 1966.

 

 

 

 

 

 

100 years of Supporting West Australians

"Always fast and thorough service. Thank you"

Sitka Pil

My circumstances at the time I made contact with HHG were dire following my argument being rejected by two no win no fee firms. Following my initial meeting with HHG's employment law team I was left feeling extremely positive by the response and concern shown by HHG in regards to their support of my argument along with their preparedness to pursue an outcome on my behalf.

I accept the fact that nobody really wins in these cases (mental health/ workplace) however the end result was what would be considered most favourable and far in excess of what would have been achieved had I not sought the advice from HHG.

I have no hesitation in recommending HHG to anyone caught up in the messy circumstances I found myself in at the time.

Great advice and five-star commitment to their client!!"

Nathan Lynch

"Thank you for such great assistance with the transaction of Flying Domestics on behalf of Lorna Good. It has been such a pleasure to work with the HHG Legal Group and I look forward to working with you in the future."

Jim Goodwin

"Simon Creek and his team were at all times empathic, professional and confident.  My matter needed to be addressed within a pressing time frame, and their availability at short notice and contact after hours was much appreciated.  It caused me considerable stress, but having such a thoroughly reliable and competent team to call on helped me to feel in control. Although I hope not to need their services again in future, I would be confident in doing so!"

Dr Lana Bell

"A good outcome is what we can expect.  A great outcome is a sign of a company which does the very best for their clients. A very big thank you to Daniel Morris for showing empathy towards my small and much needed legal action.

To HHG Legal Group, thank you for a great outcome.  I would recommend your company to anyone seeking legal services."

Jan Atkinson

"Your support this morning was amazingly kind, not to mention your totally reassuring competence, knowledge and wisdom that you used on my behalf.  It was extremely reassuring to have your knowledgeable support, and I particularly appreciated your real and obvious kindness to me. It means so much at a very difficult time. I'm so grateful to you."

Family Law Client

"Janene was very professional and we established a good rapport quickly. The subject of death and wills can be quite confronting to deal with, however, Janene's approach was soft and accommodating."

Lynette Livesey

"A big thank you to HHG for their professional service, continued support, and wide range of legal knowledge. Our clients have given us nothing but kind words regarding HHG Legal Group and so we have no hesitation in referring and recommending Simon Creek and HHG Legal Group for their outstanding services and legal expertise."

Nigel Plowman, Director at McKinley Plowman & Associates

"Simon is a friendly and practical legal advisor. I have received great feedback from the clients I have referred to him and his team at HHG Legal Group."

Richard Beal, Director at BDO

"Over the last few years, I have been impressed by Simon’s legal ability, management skills, entrepreneurial spirit, personal integrity and people skills. He appears to be that rare breed of lawyer – both knowledgeable and commercial."

Michael Malone, Founder of iiNet

"Our family has been a client of HHG Legal Group over many years.  Business has included drawing up of wills for three generations and preparing of probate for my father in law. I would have no hesitation in recommending HHG Legal Group to anyone requiring such services."

Bernice Climie

"You should be congratulated for the manner in which your staff address clients and we found our dealings with your company, once again a very pleasant experience and we would like to truly thank you for your efforts."

Steve Harvey and Jane Powell

"HHG Legal were absolutely fantastic. Extremely responsive and brought calm to our chaotic family situation through their knowledge and caring attitude. Extremely professional from our very first contact with them and they expertly guided our family though the required legal process over almost a 12 month period."

Amanda Williamson

"Fantastic team! They really care about their client. Tim Colcutt is a 'go that extra mile' guy who gives his client his all. I can't recommend HHG and Tim enough."

Kerry Samson

"I had a fantastic lawyer in Anne Hurley. She helped me out a great deal with good, sound advice in a friendly, professional manner. First class, thanks Anne"

Graeme Hammond

"Marine Plant Systems has been working with HHG Legal Group for a few years now and they continually provide first-class service. Their professional advice has been invaluable to our company."

Carolin Grimm - Marine Plant Systems

"We were kept up to date at all times. Pricing was always updated over the time period so we remained "in budget". Personal access to someone whenever I had questions. All in all a great experience without too much fuss."

Rosslyn Tasker - COO AltusQ Pty Ltd

"Good service you can count on."

Miles Lee

"HHG Legal Group has provided outstanding support as I have taken the journey of buying a business, their professionalism is beyond reproach. Their assistance throughout the Due Diligence process has been invaluable, I would fully recommend them."

Mark Armitage

"Very friendly and efficient service - what a pleasure working with Anne."

Jacques Taylor

"I highly recommend Daniel from HHG Legal Mandurah. When dealing with a complicated legal property matter recently I was extremely impressed by Daniel's honesty and integrity and the legal advice I received. I am very happy with the service from HHG Legal."

Tony Walker