You web browser may not be properly supported. To use this site and all its features we recommend using the latest versions of Chrome, Safari or Firefox

Identify theft is becoming more prevalent as increasingly sophisticated fraudsters target businesses online. So what steps can you and your business take to ensure the information you receive from your clients or customers remains in safe hands?

Recent media reports have indicated that tax file numbers and bogus tax returns have been a focus for online fraudsters. Those reports indicate that more than 26,000 tax returns were delayed this year because they were suspected by the ATO to be the work of identity thieves. About 1,000 refunds have been cancelled. In addition, reports of online fraudsters harvesting the personal details of clients is increasing through online phishing scams.

No matter the size of your customer information database, it's important that you keep the personal information of your clients safe. In addition, many businesses have legal obligations to protect the private information of their clients.

The Privacy Act 1988 was amended in 2014 to reflect these increasing privacy risks. The Act creates a single set of Australian Privacy Principles (APPs) that apply to both Australian Government Agencies and the private sector. The APPs set out standards and obligations for collecting, handling, holding, accessing, using, disclosing and correcting personal information.

The type of privacy protected by the Act includes ‘information privacy’ – people’s personal or sensitive information. This includes, for example, personal information that identifies you or could reasonably identify you. Names, signatures, your address, your telephone number, medical records, bank account details, as well as commentary or an opinion about you can be covered.

Most Australian Government agencies and most businesses with an annual turnover more than $3 million will have responsibilities under the Act. If you're not covered directly, the APPs may still be relevant to you if you deal with government agencies on behalf of your clients to whom the APPs directly apply.

If the APP’s apply to your business, you are required to have a privacy policy in order to demonstrate that you have taken reasonable steps to ensure compliance with the APPs.

Your privacy policy needs to be publically accessible and must identify how you manage personal information.

You're also required to take reasonable steps to protect personal information. This includes protecting the personal information of your clients from interference, misuse or loss. What constitutes taking ‘reasonable steps’ can vary depending on your business, but would likely require protocols to be in place to make sure that only authorised persons have access to personal or sensitive client information.

The reforms strengthen the functions and powers of the Australian Information Commissioner (the Regulator) to resolve complaints where privacy has been breached. The Regulator has the power to handle complaints, conduct investigations and make determinations on complaints. The Regulator can even apply to the courts for an order that an entity pay the Commonwealth a civil penalty in some cases.

If you have lost or misused personal information you may also be subject to civil claims through the courts in the event that your actions are found to be negligent. Losses could be recoverable against you in those circumstances.

Given the risks and the increasing sophistication of online fraudsters, the privacy of client information should be at front of mind for every business. This is a new and evolving area of the law that deserves your attention.

Thank you for your feedback.

Related blog posts

Consumer and the Law
Liar loans: how mortgage brokers are putting clients at risk
Planning desk close up documentresize
Consumer and the Law
How to lodge a complaint with Australian Financial Complaints Authority
How to lodge a complaint with Australian Financial Complaints Authority
Business Law
Proposed Changes to the Franchising Code of Conduct
Waitress In Black Apron Upload

We're here to help. Make an enquiry now.

If you have a question, want some more information or would just like to speak to someone, make an enquiry now and we’ll be in touch with you as soon as possible.

Call us on 1800 444 141