Looking for a Privacy Lawyer to advise on privacy compliance, data breach notifications or privacy policies?
Privacy law is a rapidly changing field of law and is taking on an ever more global flavour. It’s not just the Australian Privacy Law which businesses need to consider, particularly if they are selling goods or services into Europe. The highly publicised release of the European Union’s General Data Protection Regulation (GDPR) brought to light the need to consider not just your country of origin but also the target consumers.
Our Privacy Lawyer has years of experience:
- advising companies on Privacy Law;
- assisting companies with privacy compliance;
- analysing data flows through enterprises;
- drafting Privacy Policies;
- advising during data breach events; and
- providing advice on bespoke privacy law related topics for specific industries including those subject to complex privacy regulations, including credit agencies and health service providers.
Contact IT Lawyers Brisbane for an obligation free discussion regarding privacy compliance.
The Australian Privacy Principles are set out in Schedule 1 of the Privacy Act 1988 (Cth) (the Act). It states:
Working out whether or not your business is an APP entity can be a little complex. There are exceptions to the exceptions. If you need assistance working out if your business is an APP entity (that is not exempt) then contact our Privacy Lawyer.
Click here for more information about Privacy Policies.
Data breaches and Privacy Law
Have you had your systems hacked? Consider if that also resulted in a data breach.
In February 2018 the notifiable data breach scheme was enacted through legislation which amended the Act. APP entities, including private companies which are not otherwise excluded from compliance, are required to notify the Office of the Australian Information Commissioner (OAIC) if they are affected by a notifiable data breach. In simple terms the Act states:
An eligible data breach happens if:
- there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity; and
- the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.
An entity must give a notification if:
- it has reasonable grounds to believe that an eligible data breach has happened; or
- it is directed to do so by the Commissioner.
The eligible data breach test imports the legal notion of what a “reasonable person” would conclude. While not expressed specifically in the act the memorandum of understanding delivered by the federal government does give us some indication about what is anticipated here. No doubt this area of law will continue to expand.
If your business is affected by a data breach, including a hacking event, contact our Privacy Lawyer for advice on your notification obligations.
Privacy Lawyer for health service providers
Compliance with the Australian Privacy Principles is mandatory for health care providers who hold health information.
- Tech Startup
- Technology Law
- Legal Documents