Privacy Law

Privacy law in Australia is regulated by the Privacy Act 1988. Australian Privacy laws regulate the handling of ‘personal information’, which generally refers to any information or opinion about an individual. Examples of personal information include names, email addresses, addresses, employment details, credit card details, health information and sensitive information.

The Privacy Act imposes obligations on organisations in relation to the way in which they collect, hold, use, store and destroy personal information, including the requirement to:

  • Appoint a dedicated ‘privacy officer’
  • Have a clear and transparent privacy policy
  • Obtain consent to collect and use personal information
  • Have a policy to identify and respond to data breaches

Organisations and individuals will be required to comply with the Privacy Act if they:

  • have annual turnover of $3 million or more; OR
  • provide health services; OR
  • trade in personal information; OR
  • provide services to the government; OR
  • engage in credit reporting activities.

Businesses also have will also have mandatory reporting obligations, and in the event of an ‘eligible data breach’ will be required to notify the Australian Information Commissioner and any impacted individuals.

An ‘eligible data breach’ occurs if:

  • The personal information held by an entity has been lost, accessed or disclosed without authorisation; and
  • The access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.

How can Kalus Kenny Intelex help?

We can assist you with your Privacy Act compliance obligations, including to:

  • review and update your existing Privacy Policy;
  • draft a Privacy Policy specific to your organisation;
  • review and update your existing personal information handling practices;
  • provide advice, seminars and training sessions for your staff;
  • prepare a data breach response plan for your business;
  • assist you to identify the types of breaches you must report, and assist in the process of investigating, handling and reporting breaches.

Our Latest Insights

How should employers manage the COVID-19 vaccination roll out?

How should employers manage the COVID-19 vaccination roll out?

With COVID-19 vaccinations rolling out in Australia, employers may be considering asking their employees whether they have been, or will be, vaccinated against the virus. They may also be wondering whether they can, or should, require that their employees get the...

Types of assets and estate planning

Types of assets and estate planning

A common misconception in estate planning is that all of your assets (no matter the capacity in which they are held) are ‘estate assets’ and governed by your Will. The distribution of an asset will depend on the type of asset and more specifically, how that asset is...

Sambucco: Revocation of a Will by marriage

Sambucco: Revocation of a Will by marriage

Many people are not aware that a marriage can revoke a Will. Similarly, a divorce can invalidate appointments and gifts in a Will to the spouse. Sambucco v Registrar of Births, Deaths and Marriages Victoria & Anor [2020] VSC 889 (Sambucco) is a recent proceeding...