Privacy Lawyer
Looking for a Privacy Lawyer to advise on privacy compliance, data breach notifications or privacy policies?
Privacy law is a rapidly changing field of law and is taking on an ever more global flavour. It’s not just the Australian Privacy Law which businesses need to consider, particularly if they are selling goods or services into Europe. The highly publicised release of the European Union’s General Data Protection Regulation (GDPR) brought to light the need to consider not just your country of origin but also the target consumers.
Want to find out more about GDPR for Australian Businesses? Follow this link for an overview of GDPR privacy compliance.
Our Privacy Lawyer has years of experience:
- advising companies on Privacy Law;
- assisting companies with privacy compliance;
- analysing data flows through enterprises;
- drafting Privacy Policies;
- advising during data breach events; and
- providing advice on bespoke privacy law related topics for specific industries including those subject to complex privacy regulations, including credit agencies and health service providers.
Looking for a Privacy Lawyer to draft a Privacy Policy?
Contact IT Lawyers Brisbane for an obligation free discussion regarding privacy compliance.
The Australian Privacy Principles are set out in Schedule 1 of the Privacy Act 1988 (Cth) (the Act). It states:
1.3 An APP entity must have a clearly expressed and up-to-date policy (the APP privacy policy ) about the management of personal information by the entity.
Working out whether or not your business is an APP entity can be a little complex. There are exceptions to the exceptions. If you need assistance working out if your business is an APP entity (that is not exempt) then contact our Privacy Lawyer.
Click here for more information about Privacy Policies.
Data breaches and Privacy Law
Have you had your systems hacked? Consider if that also resulted in an eligible data breach.
In February 2018 the notifiable data breach scheme was enacted through legislation which amended the Act. APP entities, including private companies which are not otherwise excluded from compliance, are required to notify the Office of the Australian Information Commissioner (OAIC) if they are affected by a notifiable data breach. In simple terms the Act states:
An eligible data breach happens if:
- there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity; and
- the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.
and
An entity must give a notification if:
- it has reasonable grounds to believe that an eligible data breach has happened; or
- it is directed to do so by the Commissioner.
The eligible data breach test imports the legal notion of what a “reasonable person” would conclude. While not expressed specifically in the act the memorandum of understanding delivered by the federal government does give us some indication about what is anticipated here. No doubt this area of law will continue to expand.
Check out our page on Data Breach Legal Obligations and if your business is affected by a data breach, including a hacking event, contact our Privacy Lawyer for advice on your notification obligations.
Privacy Lawyer for health service providers
Compliance with the Australian Privacy Principles is mandatory for health care providers who hold health information.
Privacy Law has become more complex for health service providers in recent years with the implementation of the ‘My Health Record’. Many health care providers will need to update their Privacy Policies to cater for the sharing of information with the government. Many policies state they do not share sensitive information with third parties, this is not true if a health practice is uploading data to a patient’s My Health Record. Contact us to speak to a Privacy Lawyer about drafting or reviewing a Privacy Policy for your health practice.
