Privacy Law

Privacy law in Australia is regulated by the Privacy Act 1988. Australian Privacy laws regulate the handling of ‘personal information’, which generally refers to any information or opinion about an individual. Examples of personal information include names, email addresses, addresses, employment details, credit card details, health information and sensitive information.

The Privacy Act imposes obligations on organisations in relation to the way in which they collect, hold, use, store and destroy personal information, including the requirement to:

  • Appoint a dedicated ‘privacy officer’
  • Have a clear and transparent privacy policy
  • Obtain consent to collect and use personal information
  • Have a policy to identify and respond to data breaches

Organisations and individuals will be required to comply with the Privacy Act if they:

  • have annual turnover of $3 million or more; OR
  • provide health services; OR
  • trade in personal information; OR
  • provide services to the government; OR
  • engage in credit reporting activities.

Businesses also have will also have mandatory reporting obligations, and in the event of an ‘eligible data breach’ will be required to notify the Australian Information Commissioner and any impacted individuals.

An ‘eligible data breach’ occurs if:

  • The personal information held by an entity has been lost, accessed or disclosed without authorisation; and
  • The access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.

How can Kalus Kenny Intelex help?

We can assist you with your Privacy Act compliance obligations, including to:

  • review and update your existing Privacy Policy;
  • draft a Privacy Policy specific to your organisation;
  • review and update your existing personal information handling practices;
  • provide advice, seminars and training sessions for your staff;
  • prepare a data breach response plan for your business;
  • assist you to identify the types of breaches you must report, and assist in the process of investigating, handling and reporting breaches.

Our Latest Insights

We did it!

We did it!

Well we did it. To get to the end of this remarkable year largely intact is enough to make me believe in miracles. But I don't believe in miracles. I believe in people. After a year which was terrifying some of the time and challenging all of the time, I am convinced...

Managing event risks

Managing event risks

As this year’s Bathurst 1000 has been run and won and the AFL and Rugby finals completed, our Commercial and Sports Law team reflect on the management of event risks.  Sven Burchartz, a long-time motorsport category manager, team owner and competitor, and Graham...