You web browser may not be properly supported. To use this site and all its features we recommend using the latest versions of Chrome, Safari or Firefox

Identify theft is becoming more prevalent as increasingly sophisticated fraudsters target businesses online. So what steps can you and your business take to ensure the information you receive from your clients or customers remains in safe hands?

Recent media reports have indicated that tax file numbers and bogus tax returns have been a focus for online fraudsters. Those reports indicate that more than 26,000 tax returns were delayed this year because they were suspected by the ATO to be the work of identity thieves. About 1,000 refunds have been cancelled. In addition, reports of online fraudsters harvesting the personal details of clients is increasing through online phishing scams.

No matter the size of your customer information database, it's important that you keep the personal information of your clients safe. In addition, many businesses have legal obligations to protect the private information of their clients.

The Privacy Act 1988 was amended in 2014 to reflect these increasing privacy risks. The Act creates a single set of Australian Privacy Principles (APPs) that apply to both Australian Government Agencies and the private sector. The APPs set out standards and obligations for collecting, handling, holding, accessing, using, disclosing and correcting personal information.

The type of privacy protected by the Act includes ‘information privacy’ – people’s personal or sensitive information. This includes, for example, personal information that identifies you or could reasonably identify you. Names, signatures, your address, your telephone number, medical records, bank account details, as well as commentary or an opinion about you can be covered.

Most Australian Government agencies and most businesses with an annual turnover more than $3 million will have responsibilities under the Act. If you're not covered directly, the APPs may still be relevant to you if you deal with government agencies on behalf of your clients to whom the APPs directly apply.

If the APP’s apply to your business, you are required to have a privacy policy in order to demonstrate that you have taken reasonable steps to ensure compliance with the APPs.

Your privacy policy needs to be publically accessible and must identify how you manage personal information.

You're also required to take reasonable steps to protect personal information. This includes protecting the personal information of your clients from interference, misuse or loss. What constitutes taking ‘reasonable steps’ can vary depending on your business, but would likely require protocols to be in place to make sure that only authorised persons have access to personal or sensitive client information.

The reforms strengthen the functions and powers of the Australian Information Commissioner (the Regulator) to resolve complaints where privacy has been breached. The Regulator has the power to handle complaints, conduct investigations and make determinations on complaints. The Regulator can even apply to the courts for an order that an entity pay the Commonwealth a civil penalty in some cases.

If you have lost or misused personal information you may also be subject to civil claims through the courts in the event that your actions are found to be negligent. Losses could be recoverable against you in those circumstances.

Given the risks and the increasing sophistication of online fraudsters, the privacy of client information should be at front of mind for every business. This is a new and evolving area of the law that deserves your attention.

The contents of this blog post are considered accurate as at the date of publication. However the applicable laws may be subject to change, thereby affecting the accuracy of the article. The information contained in this blog post is of a general nature only and is not specific to anyone’s personal circumstances. Please seek legal advice before acting on any of the information contained in this post.

Thank you for your feedback.

Related blog posts

Consumer and the Law
Liar loans: how mortgage brokers are putting clients at risk

The term ‘liar loans’ has been coined on the back of the Banking Royal Commission. This is because studies have shown almost 40 per cent of loan applications completed through mortgage brokers contained at least one factually incorrect statement. Whether mortgage brokers are providing lenders with incorrect information, or information that is out-of-date, they are putting themselves – and their clients – at risk. A recent study conducted by the Consumer Credit Legal Centre in New South Wales identified some mortgage brokers were breaking the law when filling out loan applications for their clients. Common examples included brokers suggesting their clients provide a different answer...

Planning desk close up documentresize
Consumer and the Law
How to lodge a complaint with Australian Financial Complaints Authority

The Australian Financial Complaints Authority (AFCA) acts as the middleperson between financial firms and consumers or small businesses, offering free and independent dispute resolution services. It deals with complaints about financial advice, insurance, banking and superannuation products and services. While the time limit to lodge a complaint to AFCA is usually between two and six years, the Australian Government recently created the opportunity for those with complaints up to 10 years old to come forward. This means consumers and small businesses have until 30 June 2020 to lodge complaints dating back to 1 January 2008. To lodge a complaint, you must follow AFCA’s process. It is...

How to lodge a complaint with Australian Financial Complaints Authority
Business Law
Proposed Changes to the Franchising Code of Conduct

Franchising is big business in Australia, with approximately 1,120 franchise systems and 79,000 franchise units operating nationally1. As franchising is a diverse sector with characteristics that are unique from other business models, franchises are governed by a mandatory Franchising Code of Conduct (Franchising Code).2 The Parliamentary Joint Committee on Corporations and Financial Services recently completed an inquiry into the operation and effectiveness of the Franchising Code and has released the Fairness in Franchising Report (Report).3 Some of the key findings and recommendations of the report are discussed below. The Committee recommends that the Australian Government establish an...

Waitress In Black Apron Upload

We're here to help

Start your online claim check now. Or, if you have a question, get in touch with our team.