×

We’ve noticed that you’re using an unsupported browser,
which may result in pages displaying incorrectly.

For a better viewing experience, we recommend upgrading to the latest browser version of:

Skip to main content
Are you in QLD?

Please select your location to view information that is specific to you.

Menu
Call Call 1800 555 777
1800 555 777
or let us call you

Let Us Call You

Close

Personal information: handle with care

in Business Law by James Naughton on

Identify theft is becoming more prevalent as increasingly sophisticated fraudsters target businesses online. So what steps can you and your business take to ensure the information you receive from your clients or customers remains in safe hands?

Recent media reports have indicated that tax file numbers and bogus tax returns have been a focus for online fraudsters. Those reports indicate that more than 26,000 tax returns were delayed this year because they were suspected by the ATO to be the work of identity thieves. About 1,000 refunds have been cancelled. In addition, reports of online fraudsters harvesting the personal details of clients is increasing through online phishing scams.

No matter the size of your customer information database, it's important that you keep the personal information of your clients safe. In addition, many businesses have legal obligations to protect the private information of their clients.

The Privacy Act 1988 was amended in 2014 to reflect these increasing privacy risks. The Act creates a single set of Australian Privacy Principles (APPs) that apply to both Australian Government Agencies and the private sector. The APPs set out standards and obligations for collecting, handling, holding, accessing, using, disclosing and correcting personal information.

The type of privacy protected by the Act includes ‘information privacy’ – people’s personal or sensitive information. This includes, for example, personal information that identifies you or could reasonably identify you. Names, signatures, your address, your telephone number, medical records, bank account details, as well as commentary or an opinion about you can be covered.

Most Australian Government agencies and most businesses with an annual turnover more than $3 million will have responsibilities under the Act. If you're not covered directly, the APPs may still be relevant to you if you deal with government agencies on behalf of your clients  to whom the APPs directly apply.

If the APP’s apply to your business, you are required to have a privacy policy in order to demonstrate that you have taken reasonable steps to ensure compliance with the APPs.

Your privacy policy needs to be publically accessible and must identify how you manage personal information.

You're also required to take reasonable steps to protect personal information. This includes protecting the personal information of your clients from interference, misuse or loss. What constitutes taking ‘reasonable steps’ can vary depending on your business, but would likely require protocols to be in place to make sure that only authorised persons have access to personal or sensitive client information.

The reforms strengthen the functions and powers of the Australian Information Commissioner (the Regulator) to resolve complaints where privacy has been breached. The Regulator has the power to handle complaints, conduct investigations and make determinations on complaints. The Regulator can even apply to the courts for an order that an entity pay the Commonwealth a civil penalty in some cases.

If you have lost or misused personal information you may also be subject to civil claims through the courts in the event that your actions are found to be negligent. Losses could be recoverable against you in those circumstances.

Given the risks and the increasing sophistication of online fraudsters, the privacy of client information should be at front of mind for every business. This is a new and evolving area of the law that deserves your attention.

Find out more about identity theft here, or you can get in touch.

Have your say