We are also required to comply with any applicable registered APP code and with other legislation relating to privacy, such as the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).
1. What information is covered by the Act?
The Act covers ‘personal information’ and ‘sensitive information’. Personal information is information or an opinion (whether true or not) about an identified individual (or an individual who is reasonably identifiable) whether the information or opinion is recorded in a material form or not. Sensitive information includes personal information about an individual’s racial or ethnic origin, political opinions, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices and criminal record and also health and genetic information about an individual.
2. What kinds of information do we collect and hold?
Depending on the nature of your dealings with us, we collect and hold personal and sensitive information such as your name, address, contact details, date and place of birth, Medicare number, job title, employer details, financial details and all other information that you provide us or we collect during the course of your matter or in any other dealings with us and/or our clients. This may include information contained in allegations that you have made against another person, or in allegations that a person has made against you.
We only collect sensitive information about you where that information is reasonably necessary for us to carry on our functions or activities and you have consented or where we are required or permitted by law to do so.
3. How do we collect personal information?
We collect personal information from you in a number of ways, such as directly from you or from another source such as a third party. We collect personal information from you directly when you
personally provide that information to us, for example, in person, over the telephone, electronically or through written correspondence. You may provide that personal information in a number of ways such as when you:
a. are a client of the firm;
b. are involved in a matter on which we are working;
c. apply for a position of employment with us;
d. request that you are placed on our mailing list;
e. supply goods or services to us;
f. send us an inquiry;
g. use our online contact form;
h. provide us with feedback;
i. are involved in a dispute with our client; or
j. provide information by using our website.
The nature of our business is such that it is sometimes impractical or unreasonable to collect personal information from you directly. In such situations, we collect personal information about you when another person provides us with personal information or when we obtain personal information from other sources, for example, from another person who is our client (or related to our client) and who discloses information about you in the course of that retainer, social media, public registers and third party service providers including medical organisations such as doctors’ surgeries, recruitment agencies or past employers, regulatory bodies or government departments, credit reporting bodies and credit providers and surveillance cameras.
4. Direct marketing
If we are permitted by law, we may use your personal information to send you newsletters, updates, invitations, articles, other legal information and other material about our products and services. Where you have consented to receiving these communications, that consent will remain current until you advise us otherwise. You can opt out at any time by emailing firstname.lastname@example.org or phone (02) 6257 2999.
5. Overseas recipients
Unless we engage the services of an overseas recipient, we are not likely to disclose the information to an overseas recipient. However, we may disclose the information to an overseas recipient when we are required or permitted by law to disclose it if we have engaged that overseas recipient in order to enable us to properly look after your matter and to advance your interests. It is not practicable to specify in which countries the overseas recipients are likely to be located as this depends on the nature of your question or matter.
6. Security of your personal information
We take reasonable steps to protect your personal information. However, we are not liable for any unauthorised access to this information.
7. Data breach notification
The Privacy Amendment (Notifiable Data Breaches) Act 2017 requires us to conduct an assessment within 30 days of a potential ‘eligible data breach’ occurring. This occurs when there is unauthorised access to or unauthorised disclosure of your personal information, credit reporting information, credit eligibility information or tax file number information that is likely to have serious physical, psychological, economic or emotional harm to yourself, or serious harm to your reputation. In the instance that an eligible data breach is deemed to have occurred following mandatory assessment, we are required to provide a statement to you, including details as to the breach and the recommended course of action. Further, we are required to provide a copy of the statement to the Office of the Australian Information Commissioner (OAIC).
8. Can you access the information?
You are entitled to ask what information we hold about you. Within a reasonable time, we will inform you of the personal information and/or sensitive information that we hold about you. You may then ask us to show you the information so that you can check to ensure that it is accurate, complete and up to date. We will give you access to the information unless we are entitled to refuse access pursuant to APP 12.3, in which case we must provide you with a written notice setting out, among other things, the reasons for the refusal. You may ask us to amend the information if it is not accurate, complete or up to date and we will respond to that request within a reasonable time. If we refuse to amend the information, we will provide you with a written notice setting out, among other things, the reasons for that refusal. If we refuse to amend the information, you may ask us to attach a note to the information indicating that you think it is inaccurate, incomplete or out of date and we will respond to that request within a reasonable time.
9. Consequences if all or part of the information we request is not provided
You may choose not to provide us with some or all of the information that we request. If you choose to do this it may cause extensive delays in progressing your matter, and in some circumstances we may not be able to properly act for you, advance your interests or contact you to provide you with advice.
10. Complaints or queries