Minter Ellison's popular report on the fundamentals of doing business in Australia.
Minter Ellison’s privacy and data protection team advises clients across different industry sectors on local and international privacy and data protection issues. We regularly assist with the development of privacy compliance tools and privacy policies and statements, conduct privacy audits of organisations to assist with compliance, advise financial institutions in relation to privacy implications associated with credit reporting and providing financial services, advise on marketing and promotional strategies (including email spam and other direct marketing), assist multinational organisations in relation to trans-border data flows and advise and assist organisations in the event of data and information security breaches. In light of continuing proposals to change privacy laws in Australia, we keep abreast of developments and are able to advise clients on the possible future changes to the law.
We consider recent decisions issued by the Office of the Australian Information Commissioner involving organisations in the telecommunications, legal, insurance and financial sectors.
The Australian Communications and Media Authority has concluded that Vodafone Hutchison Australia's dealers who made unsolicited calls to numbers on the Do Not Call Register to promote its products contravened the Do Not Call Register Act 2006 (the Act). As a result, ACMA has accepted an enforceable undertaking from under the Telecommunications Act 1997 (Cth).
On 1 March 2012, Google launched a new privacy policy by consolidating over 60 of its global privacy policies into one document. Although most organisations will lack the vast user base and reach that Google has, the approach employed by Google may be indicative of a new approach to privacy notification which could come to be expected by both consumers and regulators alike.
On 25 January 2012, the European Commission published drafts of the two key documents implementing reform proposals for the EU data protection regime. If implemented, the reforms will have a significant impact on any organisation located in the EU or doing business with EU companies or citizens. We examine the proposed reforms and their practical implications.
In this edition of Privacy Update, we look at:
On 22 February 2012, there was a further key development in the proposed amendments to the Personal Data (Privacy) Ordinance when the Bills Committee for the Personal Data (Privacy) (Amendment) Bill 2011 published a paper revising proposed amendments to provisions on the use of personal data in direct marketing and the sale of personal data.
From July 2012, Australians will have the opportunity to access their health records in a single view, where and when needed, and irrespective of the location of the consumer, healthcare provider or record. This is the first time that this type of service has been made available in Australia and it is set to transform how healthcare is delivered nationally.
Under section 52 of the Privacy Act 1988 (Cth), the Privacy Commissioner has the power to make a determination after investigation and substantiation of a complaint, which directs how a privacy complaint should be resolved. This power includes declaring that the organisation take some remedial action or pay a specified amount of compensation for loss or damage suffered. Declarations can be enforced in the Federal Court.
In Public Interest Determination 12A, the Privacy Commissioner has applies powers granted in Section 73 of the Privacy Act to allow doctors to collect health information about a third party, without their consent, on teh grounds of being in the public interest.
On 28 November 2011, the European Commission announced that it would comprehensively reform European data protection laws. The proposed reforms, which are due in January 2012, aim to unify the existing legislation of member states and significantly reduce costs for businesses in complying with data protection laws.
The US Federal Trade Commission announced in late November that it had reached a proposed settlement with global social networking site Facebook. The case sounds a warning to companies that collect personal information that they should ensure they only deal with such information as promised or risk proceedings being brought against them for misleading and deceptive conduct.
On Thursday 6 October the Senate Finance and Public Administration Legislation Committee released its highly anticipated report on the credit reporting provisions of the Exposure Draft of the Australian Privacy Amendment Legislation. The report makes 30 recommendations, many of which are quite significant, in response to numerous submissions and particularly on five key matters: simplification and clarification of language and definitions, the treatments of serious credit infringements, identity theft, the use of hardship flags and complaints handling.