Privacy and Data Protection
The collection, storage and use of personal information is generally governed by the Privacy Act 1988.
With increasing scrutiny being placed on organisations that collect and hold personal information arising from a run of recent data breaches (a recent example includes the federal government’s sale of file cabinets containing confidential data), and with the February 2018 introduction of the mandatory reporting of data breaches - clients need to be aware of their obligations with regard to the storing of personal information, and how best to respond to an eligible data breach.
Penalties for non-compliance with the Privacy Act are significant, and range from $360,000 for individuals, to $1.8 million for corporations. It is therefore extremely important for organisations that do hold personal information as part of the everyday running of their business to be familiar with the new mandatory data breach notification laws, as well as their responsibilities surrounding eligible data breaches.
How can we help?
Coleman Greig’s Privacy and Data Protection team can advise you on your legal obligations under the Privacy Act, including your obligation to report certain types of data breaches to both the Office of the Australian Information Commissioner, and any person who may potentially face harm due to eligible data breaches.
We regularly work with clients on:
- Reviewing data protection plans and data breach response protocols;
- Reviewing IT contractor agreements to ensure they contain adequate protection of your data;
- Developing policies and programs to assist you in complying with the Privacy Act;
- Providing in-house training on privacy and data breach issues;
- Advising on related legislation including the Spam Act and the Electronic Transactions Act.
Contact our Commercial Law team for tailored, commercially-focused advice for your business or to make an appointment at one of our offices, please select from the below.