OFFSHORING Data the new privacy laws

Size: px
Start display at page:

Download "www.corrs.com.au OFFSHORING Data the new privacy laws"

Transcription

1 OFFSHORING Data the new privacy laws

2 OFFSHORING DATA THE NEW PRIVACY LAWS Transfer of data by Australian organisations to other jurisdictions is increasingly common. This is a result of IT service providers using personnel and infrastructure in low cost jurisdictions such as India to service Australian based clients. The cloud computing industry alone is now worth nearly $2 billion in Australia and about half of this is spent on public cloud services. Eighty six per cent of Australian businesses now report that they use cloud services. 1 While there are onshore data processing options available in the marketplace (including Australianonly clouds 2 ), these may not offer the customer the same benefits (e.g. economies of scale, affordability) as offshore options. There are a range of commercial risk and regulatory considerations that any customer or supplier considering offshoring data needs to assess. In particular, new laws govern the disclosure by Australian organisations 3 of personal information 4 to overseas recipients from 12 March This note addresses some of the relevant issues. What are the changes to privacy law? The new law replaces the National Privacy Principles (that applied to private organisations) and Information Privacy Principles (that applied to government agencies) with a single list of principles called the Australian Privacy Principles (APPs). 1 IDC. Cloud is now business as usual. (16 July 2013). 2 Australia-only cloud services are those where the provider commits to only storing or processing data in data centres located in Australia. 3 This includes entities with an Australian link in accordance with s 5B. 4 This is information or opinion about an identified individual or a person who is reasonably identifiable. It does not matter whether the information is true or actually recorded in a material form. 5 Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth). The new law gives the Privacy Commissioner more powers, including: the ability to seek enforceable undertakings from organisations that have breached the Privacy Act and enforce any such undertaking in the courts; the power to initiate own motion investigations whether or not a complaint from an affected individual has been made; and the power to apply to the Federal Court for a civil penalty order of up to $1.7 million for serious or repeated breaches. How do the APPs govern disclosures overseas? APP 8 requires that before disclosing personal information to a person that is outside Australia (an overseas recipient), an Australian organisation must: 1. take reasonable steps to make sure that the overseas recipient will not breach the APPs and the Australian organisation will be accountable for any such breach by the overseas recipient; or 2. alternatively: a. make it known to the relevant individual that his or her personal information will not be protected by the APPs after the disclosure to the overseas recipient and obtain the indvidual s consent to the disclosure ; or b. form a reasonable belief that the overseas recipient is subject to laws substantially similar to the APPs. Step One: is the data transfer a disclosure? APP 8 does not apply unless the personal information is disclosed to an overseas recipient. page 2

3 Is the transfer a disclosure or a use? The new law does not define what constitutes a disclosure. The NPPs regulate cross-border transfers of personal information, not disclosures. 6 Under the Explanatory Memorandum for the new law, Parliament explained that disclosure isn t intended to be as broad as transfer. 7 The Merriam Webster Dictionary defines a disclosure as the act of making something known. Accordingly, a transfer of personal information to an overseas recipient will not necessarily be a disclosure or subject to APP 8. The Office of the Australian Information Commissioner (OAIC) has suggested that a disclosure occurs when information is released from an entity s effective control. 8 In the context of cloud services, the OAIC is of the view that a transfer of personal information will not be a disclosure if the service provider is only storing the data and certain contractual protections are implemented: OAIC EXAMPLES 9 Where an APP entity provides personal information to a cloud service provider located overseas for the limited purpose of performing the services of storing and ensuring the entity may access the personal information, this [will not be a disclosure ] provided: 1. a binding contract is entered into requiring the provider to only handle the personal information for these limited purposes; 2. that contract requires any subcontractors to agree to the same obligations; and 3. that contract gives the entity effective control of how personal information is handled by overseas recipient. However, the OAIC has also given guidance that the following service provider arrangements will involve a disclosure : 6 NPP 9 (Transborder data flows) 7 Privacy Amendment (Enhancing Privacy Protection) Bill 2012 Explanatory Memorandum p 83 8 OAIC Guidance (APP 8) at [8.8] 9 OAIC Guidance (APP 8) at [8.14] outsourcing processing of online purchases through website to an overseas service provider (providing personal information on customers to the service provider in order to facilitate); sending information to an overseas service provider for the purposes of conducting reference checks on behalf of the Australian organisation; or an Australian organisation relying on a parent company offshore to supply billing support (providing the parent with access to its customer database in order to facilitate). The distinction between the cloud storage example and the other examples given doesn t appear to be justified in terms of control. For example, the online payment processing agreement could be subject to the same contractual controls as the OAIC stipulates in the cloud storage example. The distinction appears to be in the different levels of use or processing of the personal data required by the service provider in each example. In the cloud storage example, the service provider does not need to use, access or view the personal data, whereas in the other examples, the service provider does need to access or view the data in order to perform its services. It is interesting that neither the new law, nor the OAIC guidance, deals with encryption of personal data in the context of APP 8. Arguably, if a customer encrypts personal information before providing it to its service provider, no disclosure of the personal information will occur. Even if an Australian organisation can satisfy itself that a transfer of personal information to an overseas recipient is not a disclosure and therefore not subject to APP 8, the organisation may still be liable for any breach of the APPs by the overseas recipient on the basis that the overseas recipient is acting as the Australian organisation s agent and its acts or omissions may be taken to be acts or omissions of the Australian organisation for the purposes of the Privacy Act. It is important to recognise that OAIC guidance 10 in relation to disclosure is not legally binding. However, prudent organisations will take note of the regulator s guidance when implementing compliance procedures. 10 OAIC Australian Privacy Principles Guidelines (February 2014) page 3

4 OFFSHORING DATA THE NEW PRIVACY LAWS Based on the Explanatory Memorandum for the new law, we can be confident that the following acts will constitute a disclosure : publishing personal information on the internet; accidentally releasing personal information publicly; and sending information to a related company (for example, a parent or sister company). 11 Further, a transfer of personal information within the same corporate entity is not considered a disclosure, even if that transfer is to an overseas office of the same entity. 12 The diagram below is a visual representation of the acts that may constitute a disclosure to an overseas recipient. Transferring personal information outside Australia: use or disclosure? Received by parent company in Washington D.C. ( Disclosure ) Received by Houston office of Australian entity ( Use ) Received by cloud provider in London. Entity enters into binding contract with cloud provider to limit access to information, enforce security standards and restrict cloud provider to only providing storage services ( Use ) Received by contractor in New Delhi for purpose of reference checking applicants for a job ( Disclosure ) Received by individual customer in Buenos Aires who requested their own personal information ( Use ) Document sent from Sydney office via 11 OAIC Guidance (APP 8) at [8.13] 12 Privacy Amendment (Enhancing Privacy Protection) Bill 2012 Explanatory Memorandum p 83 page 4

5 Step two: taking reasonable steps to ensure the service provider does not breach the APPs Assuming that a disclosure has taken place and it is received by an overseas recipient, the consequence is that an Australian organisation must take reasonable steps to ensure that the overseas recipient does not breach the APPs. Parliament has suggested that reasonable steps will normally require that an entity enter into a contractual relationship with the recipient. 13 The OAIC has also gone a step further, specifying contractual conditions that it believes may be sufficient to satisfy the reasonable steps requirement: OAIC recommended contractual protections 14 Set out the types of personal information to be disclosed and the specific purposes of disclosure. Include obligation that overseas recipient complies with APPs in relation to: a. collection; b. use; c. disclosure; d. storage; and e. destruction/de-identification. Include obligation that subcontractors comply with same requirements as above. Include requirement that overseas recipient implement a data breach response plan (for notifying Australian entity of data breaches and required remedial action). Exceptions Exception 1: where consent is obtained An entity will not need to ensure the overseas recipient complies with the APPs if the entity obtains consent from 13 Privacy Amendment (Enhancing Privacy Protection) Bill 2012 Explanatory Memorandum p OAIC Guidance (APP 8) at [8.16] the individual whose information is being disclosed. Consent will only be valid where it is (a) expressly obtained and (b) plainly evident that the individual was aware the entity would not be taking steps to ensure the overseas recipient complies with the APPs. 15 The OAIC has suggested that valid consent will be given where: a. the entity provides a clear written or oral statement explaining the consequences of consent (i.e. the entity will not be accountable for breaches of the APPs by the foreign entity and the individual may not be able to seek redress); and b. the statement explains practical effects and risks associated with disclosure that the entity is aware of (e.g. that the individual will not have the ability to access personal information relating to the individual that is held by the foreign entity). Exception 2: where the overseas recipient is subject to substantially similar laws An entity will not need to ensure the overseas recipient complies with the APPs if the entity has a reasonable belief that the person outside Australia is subject to laws substantially similar to the APPs. What constitutes a reasonable belief? A reasonable belief is more than merely a genuine or subjective belief. The OAIC suggests that it is the responsibility of the organisation to justify its reasonable belief if there is a dispute. One example that the OAIC gives is where an organisation has obtained independent legal advice on the foreign privacy protections. What are substantially similar laws? Laws which are substantially similar do not necessarily need to requote the protections in the APPs. Rather, the overall effect of the law is the determining factor. The OAIC hasn t been willing to disclose a white list of countries that it considers to have substantially similar laws to Australia, but the EU white list 16 may be 15 Privacy Amendment (Enhancing Privacy Protection) Bill 2012 Explanatory Memorandum p The European Commission has published a white list of countries that it considers has adequate data protection laws (see: privacycommission.be/en/transfers-outside-the-eu-with-adequate-protection) page 5

6 OFFSHORING DATA THE NEW PRIVACY LAWS a good starting point for an analysis (the list includes, for example, Switzerland, Argentina and New Zealand). It is prudent to seek legal advice as to whether the country where an overseas recipient is located is subject to substantially similar laws. In the context of cloud computing, this may involve considering the laws of each of the jurisdictions in which the service provider s infrastructure is located. The OAIC has published its own guidance as to what it will take into account when considering foreign privacy laws: OAIC recommended contractual protections 14 Is there a comparable definition of personal information? Does it regulate collection of personal information in a similar way to the APPs? Does it require the recipient to notify individuals about collection? Does it require the recipient to use or disclose personal information only for authorised purposes? Are there comparable data quality and security standards? Is there a right to access and seek correction of personal information? The last element is that the similar laws must have enforcement mechanisms that are accessible to an individual whose personal information is disclosed. An equivalent body of the OAIC or courts with similar functions and powers will be a necessity. Privacy Policy & Collection Statements In addition to complying with APP 8, Australian organisations are required to include in their Privacy Policy: a. whether they are likely to disclose information overseas 17 ; and b. the countries where overseas recipients are located. 18 If the information is likely to be disclosed to a person overseas who is not already listed in the Privacy Policy, then an entity must send the individual a Collection Notice that lists the other countries where the information may be disclosed. 19 Security Australian organisations are also required to take appropriate security measures to protect any personal information from misuse, interference and loss and from unauthorised access, modification or disclosure. 20 Security may need to be more rigorous if the information is sensitive or the potential consequences for the individual, if the information were disclosed, are severe. Other regulation Depending on the industry the organisation is in or for government agencies, there are additional laws that may also apply to offshore data transfers. Commonwealth Government agencies are subject to separate, stringent rules when they choose to outsource or offshore data (Attorney-General s Guidelines for Outsourced or Offshore ICT Arrangements). For example, where personal information is sent offshore or placed in a public cloud service arrangement, the agency must first obtain the consent of both the Attorney- General and the Minister responsible for the agency. There are special data management requirements for financial institutions (APRA Prudential Practice Guide CPG 235). These include ensuring that all contracts for the outsourcing of data (not just personal information) include special conditions relating to the handling of that data. APRA suggests that these include terms covering business continuity management and that a risk assessment procedure be established before these arrangements can be entered into. 17 APP 1.4 (f) 18 APP 1.4 (g) 19 APP 5.2 (i) and 5.2 (j) 20 APP 11.1 page 6

7 CORRS CONTACTS JAMES NORTH Partner Tel Mob +61 (0) Ravi de Fonseka Senior Associate Tel JOHANNA O ROURKE Daniel Thompson Special Counsel Tel Associate Tel Barbara Keane Kieran Donovan Senior Associate Tel Lawyer Tel Disclaimer The content of this leaflet is intended to provide general information regarding the Australian Privacy Principles and other related legislation, and is not intended to be advice as to the application of the referenced legislation and regulations to the recipient s business. page 7

8 SYDNEY 8 Chifley 8-12 Chifley Square Sydney NSW 2000 Tel Fax MELBOURNE Bourke Place 600 Bourke Street Melbourne VIC 3000 Tel Fax BRISBANE Waterfront Place 1 Eagle Street Brisbane QLD 4000 Tel Fax PERTH Woodside Plaza 240 St George s Terrace Perth WA 6000 Tel Fax KH120314

Privacy and Cloud Computing for Australian Government Agencies

Privacy and Cloud Computing for Australian Government Agencies Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy

More information

Australia s unique approach to trans-border privacy and cloud computing

Australia s unique approach to trans-border privacy and cloud computing Australia s unique approach to trans-border privacy and cloud computing Peter Leonard Partner, Gilbert + Tobin Lawyers and Director, iappanz In Australia, as in many jurisdictions, there have been questions

More information

PUBLIC & PRODUCTS LIABILITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL

PUBLIC & PRODUCTS LIABILITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL PUBLIC & PRODUCTS LIABILITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL A. Obtaining a Quotation To minimise delays in obtaining a quotation

More information

1.4 For information about our management of your other personal information, please see our Privacy Policy available at www.iba.gov.au.

1.4 For information about our management of your other personal information, please see our Privacy Policy available at www.iba.gov.au. Indigenous Business Australia Credit Information Policy 1 Purpose and application of this policy 1.1 This credit reporting policy (Credit Information Policy) describes and establishes how Indigenous Business

More information

T: [redacted] F: +61 2 9551 8644 [redacted] www.rba.gov.au

T: [redacted] F: +61 2 9551 8644 [redacted] www.rba.gov.au T: [redacted] F: +61 2 9551 8644 [redacted] www.rba.gov.au 7 May 2014 Australian Privacy Commissioner Office of the Australian Information Commissioner GPO Box 5218 SYDNEY NSW 2001 Dear Mr Pilgrim APPLICATION

More information

PUBLIC & PRODUCTS LIABILITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL

PUBLIC & PRODUCTS LIABILITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL PUBLIC & PRODUCTS LIABILITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL A. Obtaining a Quotation To minimise delays in obtaining a quotation

More information

Table of Contents. Introduction 3 What is Title Insurance? What are mortgage processing and loan servicing services? 3 This Privacy Policy 3

Table of Contents. Introduction 3 What is Title Insurance? What are mortgage processing and loan servicing services? 3 This Privacy Policy 3 Privacy Policy First American Title Insurance Company of Australia Pty Ltd First Mortgage Services Pty Ltd First Mortgage Services Australia Pty Ltd 1 P a g e Table of Contents Page Introduction 3 What

More information

PUBLIC & PRODUCTS LIABILITY RENEWAL DECLARATION

PUBLIC & PRODUCTS LIABILITY RENEWAL DECLARATION PUBLIC & PRODUCTS LIABILITY RENEWAL DECLARATION IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS RENEWAL DECLARATION A. Obtaining a Quotation To minimise delays in obtaining

More information

Police Financial Services Limited Copyright exists in this document Privacy Policy 1

Police Financial Services Limited Copyright exists in this document Privacy Policy 1 Privacy January 2015 Policy Police Financial Services Limited ABN 33 087 651 661 ('we', 'us', 'our', BankVic ) is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth) (Privacy Act).

More information

PROFESSIONAL INDEMNITY RENEWAL DECLARATION IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS RENEWAL DECLARATION

PROFESSIONAL INDEMNITY RENEWAL DECLARATION IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS RENEWAL DECLARATION PROFESSIONAL INDEMNITY RENEWAL DECLARATION IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS RENEWAL DECLARATION A. Obtaining a Quotation To minimise delays in obtaining

More information

Credit Reporting Privacy Policy of Baybrick Pty Ltd

Credit Reporting Privacy Policy of Baybrick Pty Ltd Credit Reporting Privacy Policy of Baybrick Pty Ltd Introduction 1. This Credit Reporting Privacy Policy is the official privacy policy of Baybrick Pty Ltd and its subsidiaries which includes JBS Australia

More information

005ASubmission to the Serious Data Breach Notification Consultation

005ASubmission to the Serious Data Breach Notification Consultation 005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation

More information

International money transfers public interest determination applications. Consultation paper

International money transfers public interest determination applications. Consultation paper International money transfers public interest determination applications Consultation paper Closing date for comment 4 August 2014 Purpose of consultation paper The Office of the Australian Information

More information

CUA Group APP Privacy & Credit information Policy

CUA Group APP Privacy & Credit information Policy For more information: Call 133 282 Visit www.cua.com.au Drop into your local branch CUA Group APP Privacy & Credit information Policy 1 August 2015 Credit Union Australia Limited ABN 44 087 650 959 AFSL

More information

2.1 Certain words have special meanings when used in this Privacy Policy. These are shown below.

2.1 Certain words have special meanings when used in this Privacy Policy. These are shown below. 1. OUR COMMITTMENT 1.1 In handling your personal information, Maleny Credit Union (ABN 52 087 650 995) and its controlled entities ( MCU / credit union / we / us ) are committed to complying with the Australian

More information

Clearing the Legal fog:

Clearing the Legal fog: Clearing the Legal fog: cloud computing explained MARCH 2010 This issues summary highlights some of the main legal issues that are claimed to negatively affect users of cloud computing and provides practical

More information

Privacy Policy Australian Construction Products Pty Limited

Privacy Policy Australian Construction Products Pty Limited Privacy Policy Australian Construction Products Pty Limited What is this privacy policy about? This Privacy Policy describes how Australian Construction Products 63 091 618 781 (we or us) will treat the

More information

Chapter 5: Australian Privacy Principle 5 Notification of the collection of personal information

Chapter 5: Australian Privacy Principle 5 Notification of the collection of personal information Chapter 5: Australian Privacy Principle 5 Notification of the collection of personal information Version 1.0, February 2014 Key points... 2 What does APP 5 say?... 2 Taking reasonable steps to notify or

More information

Privacy fact sheet 17

Privacy fact sheet 17 Privacy fact sheet 17 Australian Privacy Principles January 2014 From 12 March 2014, the Australian Privacy Principles (APPs) will replace the National Privacy Principles Information Privacy Principles

More information

DIRECTORS & OFFICERS LIABILITY INSURANCE PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL

DIRECTORS & OFFICERS LIABILITY INSURANCE PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL DIRECTORS & OFFICERS LIABILITY INSURANCE PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL A. Obtaining a Quotation To minimise delays in obtaining

More information

Cyber security: A major issue for Australian business

Cyber security: A major issue for Australian business Cyber Security: A major issue for Australian business: February 2016 1 Cyber security: A major issue for Australian business Contents Introduction and background Is your industry particularly vulnerable

More information

Chapter 11: Australian Privacy Principle 11 Security of personal information

Chapter 11: Australian Privacy Principle 11 Security of personal information Chapter 11: Australian Privacy Principle 11 Security of personal information Version 1.1, March 2015 Key points... 2 What does APP 11 say?... 2 Holds... 2 Taking reasonable steps... 3 What are the security

More information

2. Open and transparent management of personal information

2. Open and transparent management of personal information Privacy Policy - Talison Lithium Pty Ltd 1. Overview Talison Lithium Pty Ltd (Talison) believes privacy is an important right of individuals. Talison takes steps to protect your personal information from

More information

How does Barnes collect and hold personal information?

How does Barnes collect and hold personal information? Barnes Mortgage Management Pty Ltd ACN 061 590 341 Australian Credit Licence 384 156 Ground Floor, 132 Lutwyche Road (Corner Nicholas Street), Windsor, QLD, 4030 Tel: 07 3622 2400 Fax: 07 3357 9436 Privacy

More information

HOME INDEMNITY INSURANCE - WESTERN AUSTRALIA POLICY WORDING

HOME INDEMNITY INSURANCE - WESTERN AUSTRALIA POLICY WORDING POLICY WORDING HOME INDEMNITY INSURANCE - WESTERN AUSTRALIA GLA RBUA HII WA 1115 Effective Date 01 November 2015 Welcome to the financial security provided by RBUA Home Indemnity Insurance - Western Australia

More information

amaysim Privacy Policy

amaysim Privacy Policy amaysim Privacy Policy Valid as of 07 October 2015-1 of 8 - amaysim Australia Pty Ltd ABN 65 143 613 478 (referred to in this document as amaysim or we or us ). 1. Protection of your privacy and personal

More information

CREDIT REPORTING POLICY

CREDIT REPORTING POLICY CREDIT REPORTING POLICY The Clean Energy Finance Corporation ("CEFC", we, us, our in this Credit Reporting Policy) respect the privacy of personal information and credit information you may provide to

More information

SOLICITORS EXCESS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL

SOLICITORS EXCESS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL SOLICITORS EXCESS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL A. Your Duty of Disclosure Before you enter into a contract

More information

Privacy Policy. 30 January 2015

Privacy Policy. 30 January 2015 Privacy Policy 30 January 2015 Table of Contents 1 Overview 3 Purpose 3 Scope 3 2 Collection 3 What information do we collect? 3 What if you do not give us the information we request? 4 3 Use of information

More information

Ausgrid Privacy Policy

Ausgrid Privacy Policy Ausgrid Privacy Policy Ausgrid is responsible for the safe and reliable supply of electricity to homes and businesses throughout Sydney, the Hunter and the Central Coast. Its network is made up of more

More information

Daltrak Building Services Pty Ltd ABN: 44 069 781 933. Privacy Policy Manual

Daltrak Building Services Pty Ltd ABN: 44 069 781 933. Privacy Policy Manual Daltrak Building Services Pty Ltd ABN: 44 069 781 933 Privacy Policy Manual Table Of Contents 1. Introduction Page 2 2. Australian Privacy Principles (APP s) Page 3 3. Kinds Of Personal Information That

More information

REAL ESTATE AGENTS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL

REAL ESTATE AGENTS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL REAL ESTATE AGENTS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL A. Your Duty of Disclosure Before you enter into a contract

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

REAL ESTATE AGENTS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL

REAL ESTATE AGENTS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL REAL ESTATE AGENTS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL A. Your Duty of Disclosure Before you enter into an

More information

Using AWS in the context of Australian Privacy Considerations October 2015

Using AWS in the context of Australian Privacy Considerations October 2015 Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview

More information

Privacy Policy Statement

Privacy Policy Statement Privacy Policy Statement Our Commitment While information is the foundation for providing you with superior service, protecting the privacy of your personal information is of the highest importance to

More information

CREDIT REPORTING AND CREDIT RELATED PERSONAL INFORMATION POLICY

CREDIT REPORTING AND CREDIT RELATED PERSONAL INFORMATION POLICY Purpose CREDIT REPORTING AND CREDIT RELATED PERSONAL INFORMATION POLICY This is the privacy policy of Southern Steel Group Pty Limited ACN 003 067 838, Southern Steel Supplies Pty Limited ACN 000 060 131,

More information

Privacy business resource 3

Privacy business resource 3 Privacy business resource 3 June 2013 Credit reporting what has changed As part of the reforms to the Privacy Act 1988 (Privacy Act), credit reporting in Australia is regulated by a new Part IIIA. 1 The

More information

PRIVACY AND CREDIT REPORTING POLICY

PRIVACY AND CREDIT REPORTING POLICY PRIVACY AND CREDIT REPORTING POLICY 12 March 2014 CONTENTS What is personal information?...3 Information we may collect, use and disclose about you...4 Collection of sensitive information...6 How personal

More information

3 What Personal Information do we collect and why do we need it?

3 What Personal Information do we collect and why do we need it? Privacy Policy 1 Protecting your privacy The worldwide rental system operated as Europcar is owned by Europcar International, a French Corporation. A number of independently owned licensees also trade

More information

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. PRIVACY POLICY 1. Introduction Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. We will only collect information that

More information

Masterpiece Signature Personal Insurance

Masterpiece Signature Personal Insurance Masterpiece Signature Personal Insurance Supplementary Product Disclosure Statement Issued 11 May 2015 This is a Supplementary Product Disclosure Statement (SPDS) which provides information about important

More information

Guidance Note AGN 520.1

Guidance Note AGN 520.1 Guidance Note AGN 520.1 Fit and Proper Requirements Definition of a responsible person 1. The definitions of responsible persons cover those persons whose conduct is most likely to have significant implications

More information

Credit Reporting Data Management Policy

Credit Reporting Data Management Policy Credit Reporting Data Management Policy TDJ Australia Pty Ltd ACN 006 385 191(collectively, TDJ, we, our or us ) is committed to the protection of personal privacy within the scope of applicable law. This

More information

Credit Reporting and Credit Related Personal Information Policy. Corporate Legal Procedure

Credit Reporting and Credit Related Personal Information Policy. Corporate Legal Procedure Credit Reporting and Credit Related Personal Information Policy Corporate Legal Procedure TABLE OF CONTENTS 1. Purpose... 3 2. Acknowledgment... 3 3. The kind of Credit Information we will collect and

More information

BYOD - Legal Considerations

BYOD - Legal Considerations BYOD - Legal Considerations Legal and risk considerations in developing BYOD policies Arvind Dixit Senior Associate Corrs Chambers Westgarth arvind.dixit@corrs.com.au 03 9672 3032 23 October 2012 7702923/1

More information

Cloud Computing. Introduction

Cloud Computing. Introduction Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between

More information

Mercedes-Benz Financial Services. Privacy Statement

Mercedes-Benz Financial Services. Privacy Statement Mercedes-Benz Financial Services Privacy Statement Privacy Statement Mercedes-Benz Financial Services Australia Pty Ltd A Daimler Company We, Mercedes-Benz Financial Services Australia Pty Ltd ( MBFS )

More information

NASH PKI Certificate for Healthcare Provider Organisations renewal confirmation

NASH PKI Certificate for Healthcare Provider Organisations renewal confirmation NASH PKI Certificate for Healthcare Provider Organisations renewal confirmation Please send your completed renewal confirmation to: Department of Human Services Fax number: 1800 890 698 Number of pages

More information

Carriers Insurance Brokers Pty. Limited

Carriers Insurance Brokers Pty. Limited Our Privacy Policy At Carriers Insurance Brokers Pty. Limited, ABN 66 001 609 936, we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian

More information

Financial Planning 1 July 2014

Financial Planning 1 July 2014 Financial Planning 1 July 2014 Privacy Statement Equip Financial Planning 1800 065 753 www.equipsuper.com.au Privacy Statement Equip Financial Planning provides financial advice to clients and holds personal,

More information

PRIVACY NOTICE AND CONSENT

PRIVACY NOTICE AND CONSENT Australian Credit Licence Number 387406 PRIVACY NOTICE AND CONSENT This privacy notice and consent relates to an application (the application) you make to a mortgage manager for a loan (your loan) or in

More information

Overview of the Impact of the Privacy Reforms on Credit Reporting

Overview of the Impact of the Privacy Reforms on Credit Reporting Overview of the Impact of the Privacy Reforms on Credit Reporting June 2012 Andrew Galvin, Partner 1 OVERVIEW 1.1 Credit Reporting Reform - Background When initially passed, the Privacy Act 1988 essentially

More information

MISCELLANEOUS CONSULTANTS PROFESSIONAL INDEMNITY PROPOSAL FORM

MISCELLANEOUS CONSULTANTS PROFESSIONAL INDEMNITY PROPOSAL FORM MISCELLANEOUS CONSULTANTS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL A. Your Duty of Disclosure Before you enter into

More information

SOLICITORS EXCESS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL

SOLICITORS EXCESS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL SOLICITORS EXCESS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL A. Your Duty of Disclosure Before you enter into an insurance

More information

ASPEN AUSTRALIA BRANCH PRIVACY POLICY

ASPEN AUSTRALIA BRANCH PRIVACY POLICY ASPEN AUSTRALIA BRANCH PRIVACY POLICY INTRODUCTION This policy applies to the operations of Aspen s Australia branch. Aspen is committed to complying with the principles of the Privacy Act 1988 and accordingly

More information

Westpac Business Debit MasterCard Application

Westpac Business Debit MasterCard Application Westpac Business Debit MasterCard Application Westpac Banking Corporation ABN 33 007 457 141 AFSL and Australian credit licence 233714 In order to apply for a Westpac Business Debit MasterCard, the following

More information

Coffey International Limited Privacy Policy. July 2014

Coffey International Limited Privacy Policy. July 2014 Coffey International Limited Privacy Policy July 2014 Privacy Policy 1. Introduction Coffey International Limited and its related bodies corporate (we, our, us) recognise your rights under the Privacy

More information

Zinc Recruitment Pty Ltd Privacy Policy

Zinc Recruitment Pty Ltd Privacy Policy 1. Introduction Zinc Recruitment Pty Ltd Privacy Policy We manage personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles. This policy applies to information collected

More information

Data protection issues on an EU outsourcing

Data protection issues on an EU outsourcing Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process

More information

ANZ Privacy Policy PROTECTING YOUR PRIVACY 07.15

ANZ Privacy Policy PROTECTING YOUR PRIVACY 07.15 ANZ Privacy Policy PROTECTING YOUR PRIVACY 07.15 Contents Introduction to ANZ s Privacy Policy 4 Collecting your personal information 6 Using your personal information 9 Disclosing your personal information

More information

MOTOR FINANCE GAP PROTECTION POLICY

MOTOR FINANCE GAP PROTECTION POLICY MOTOR FINANCE GAP PROTECTION POLICY Product Disclosure Statement and Policy Wording Version No. 2.0 Effective Date: 3 November 2011 Issued by Chubb Insurance Company of Australia ABN 69 003 710 647, ASFL

More information

Guidance note 11/ Background. Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Guidance note 11/ Background. Anti-Money Laundering and Counter-Terrorism Financing Act 2006 Guidance note 11/02 Verification of identity: The use and disclosure of personal information by reporting entities and credit reporting agencies for the purposes of verifying an individual s identity natural

More information

The Privacy Act 1988 contains 10 National Privacy Principles (the NPPs) which specify how organisations should handle personal information.

The Privacy Act 1988 contains 10 National Privacy Principles (the NPPs) which specify how organisations should handle personal information. Privacy policy Abstract Page 1 Preamble The Privacy Act 1988 contains 10 National s (the NPPs) which specify how organisations should handle personal information. The Anglican Church Diocese of Sydney

More information

Privacy Policy. Responsible Officer. General Counsel Approved by

Privacy Policy. Responsible Officer. General Counsel Approved by Privacy Policy Responsible Officer General Counsel Approved by Vice-Chancellor Approved and commenced December, 2014 Review by December, 2017 Relevant Legislation, Ordinance, Rule and/or Governance Level

More information

Information Sheet: Cloud Computing

Information Sheet: Cloud Computing info sheet 03.11 Information Sheet: Cloud Computing Info Sheet 03.11 May 2011 This Information Sheet gives a brief overview of how the Information Privacy Act 2000 (Vic) applies to cloud computing technologies.

More information

Community Telco Credit Management Policy

Community Telco Credit Management Policy Community Telco Australia Pty Ltd PO Box 1187 Bendigo VIC 3552 Telephone 1300 743 303 Facsimile 1300 224 569 email address: service@communitytelco.com.au web address: www.communitytelco.com.au Community

More information

Australian Prudential Regulation Authority. Protecting Australia s depositors, insurance policyholders and superannuation fund members

Australian Prudential Regulation Authority. Protecting Australia s depositors, insurance policyholders and superannuation fund members Australian Prudential Regulation Authority Protecting Australia s depositors, insurance policyholders and superannuation fund members APRA s vision is to be a world-class integrated prudential supervisor

More information

The Cloud and Cross-Border Risks - Singapore

The Cloud and Cross-Border Risks - Singapore The Cloud and Cross-Border Risks - Singapore February 2011 What is the objective of the paper? Macquarie Telecom has commissioned this paper by international law firm Freshfields Bruckhaus Deringer in

More information

(a) the kind of data and the harm that could result if any of those things should occur;

(a) the kind of data and the harm that could result if any of those things should occur; Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data

More information

The kinds of personal information we collect and hold vary depending on the services we are providing, but generally can include:

The kinds of personal information we collect and hold vary depending on the services we are providing, but generally can include: ABN 47 001 768 190 AFSL 244526 Our Privacy Policy At Capital Insurance Brokers, we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian

More information

GREYHOUND AUSTRALIA PRIVACY POLICY

GREYHOUND AUSTRALIA PRIVACY POLICY GREYHOUND AUSTRALIA PRIVACY POLICY Last Updated: 12 October 2015 About this Policy Greyhound ('we', 'us', 'our') trades as a business name of Greyhound Australia Pty Ltd (ABN 59 104 326 383). We understand

More information

clear Retail and Business Banking Financial Services Guide, Credit Guide and Privacy Statement

clear Retail and Business Banking Financial Services Guide, Credit Guide and Privacy Statement clear Retail and Business Banking Financial Services Guide, Credit Guide and Privacy Statement Preparation Date: 12 January 2015 Westpac Banking Corporation ABN 33 007 457 141 AFSL and Australian credit

More information

DRAFT AUSTRALIAN PRIVACY PRINCIPLES GUIDELINES 6-11

DRAFT AUSTRALIAN PRIVACY PRINCIPLES GUIDELINES 6-11 The Privacy Commissioner Office of the Australian Information Commissioner GPO Box 5218 SYDNEY NSW 2001 By email: consultation@oaic.gov.au 21 October 2013 Dear Commissioner DRAFT AUSTRALIAN PRIVACY PRINCIPLES

More information

PRIVACY POLICY. Unless otherwise provided by law, we will not collect, hold, use or disclose sensitive information without your consent.

PRIVACY POLICY. Unless otherwise provided by law, we will not collect, hold, use or disclose sensitive information without your consent. Purpose Australian Institute of Professional Education P/L (AIPE/we/our) is committed to providing all stakeholders with the highest levels of professional service. The purpose of this Privacy Policy is

More information

AASA Online Privacy Policy CRP.020

AASA Online Privacy Policy CRP.020 Introduction Alzheimer s Australia SA Inc values your privacy and takes reasonable steps to protect your personal information (that is, information which identifies or may reasonably be used to identify

More information

WHAT KIND OF PERSONAL INFORMATION DOES NINE COLLECT AND HOW DOES NINE COLLECT IT?

WHAT KIND OF PERSONAL INFORMATION DOES NINE COLLECT AND HOW DOES NINE COLLECT IT? Privacy Policy Nine Network Australia Pty Ltd (Nine) understands that privacy is important to our viewers, business contacts, and people who appear in our television programs. At Nine we are committed

More information

NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH

NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH Council of Australian Governments An agreement between the Commonwealth of Australia and the States and Territories, being: The State of New South Wales The State

More information

Australian Privacy Principle 5 Notification of the collection of personal information

Australian Privacy Principle 5 Notification of the collection of personal information Australian Privacy Principle 5 Notification of the collection of personal information Chapter 5 Draft version, August 2013 Key points... 2 What does APP 5 say?... 2 Reasonable steps to notify or ensure

More information

PRIVACY AND CREDIT REPORTING POLICY

PRIVACY AND CREDIT REPORTING POLICY R.A.C.V. Finance Limited PRIVACY AND CREDIT REPORTING POLICY Page 1 Contents 1. Introduction to RACV Finance Privacy and Credit Reporting Policy (the Policy ). 3 2. The Legislative Framework... 3 3. Types

More information

NAB Commercial Cards Liability Insurance

NAB Commercial Cards Liability Insurance NAB Commercial Cards Liability Insurance Policy Information Booklet Preparation date: 13 May 2014 Effective date: 1 June 2014 QM5030 0614 Contents Important Information 2 Details of the Insurance 3 Sanctions

More information

FISHER & PAYKEL PRIVACY POLICY

FISHER & PAYKEL PRIVACY POLICY FISHER & PAYKEL PRIVACY POLICY 1. About this Policy Fisher & Paykel Australia Pty Limited (ABN 71 000 042 080) and its related companies ('we', 'us', 'our') understands the importance of, and is committed

More information

Credit Reporting Policy

Credit Reporting Policy Credit Reporting Policy Version 1 7 March 2014 1. INTRODUCTION ERM Power Limited and its related companies (referred to in this document as we, us or our) recognise that your privacy is very important

More information

Australian Privacy Principle 7 direct marketing

Australian Privacy Principle 7 direct marketing Australian Privacy Principle 7 direct marketing Chapter 7 Draft version, September 2013 Key points... 2 What does APP 7 say?... 2 What is direct marketing?... 3 When are agencies covered by APP 7?... 4

More information

Postcode: Postcode: Australia Business Number (ABN):

Postcode: Postcode: Australia Business Number (ABN): New client form Name of your AJ Park contact: Account name: Trading name: Full name of contact person: Mobile: Street address: Postcode: Postal address (if different from street address): Postcode: Phone:

More information

AMP Bank. Credit Reporting Policy AMP Bank Limited

AMP Bank. Credit Reporting Policy AMP Bank Limited AMP Bank Credit Reporting Policy AMP Bank Limited Effective Date: 12 March 2014 Contents 1. Purpose of this Policy 1 2. Definitions 1 3. Collecting Credit Information 2 4. Disclosing and using Credit-Related

More information

Term Life Insurance Notice of Claim

Term Life Insurance Notice of Claim How to help us process your claim Checklist Before submitting your claim form, make sure you can tick all the boxes below: Section A: Insured s/deceased s details Section B: Your details Section C: Family

More information

FINANCIAL SERVICES GUIDE

FINANCIAL SERVICES GUIDE FINANCIAL SERVICES GUIDE Short Form What you need to know about KNM, our Authorised Representatives and our Financial Services Contents The purpose of this Guide Who is KNM? Who is your adviser? KNM Services

More information

Pacific Smiles Group Privacy Policy

Pacific Smiles Group Privacy Policy Pacific Smiles Group Privacy Policy Pacific Smiles Group Limited and its related bodies corporate (PSG, we, our, us) recognise the importance of protecting the privacy and the rights of individuals in

More information

Home and Contents Insurance Claim. and. corporate. Title Surname Full given name(s) Postcode Contact home phone number. Contact facsimile number ( )

Home and Contents Insurance Claim. and. corporate. Title Surname Full given name(s) Postcode Contact home phone number. Contact facsimile number ( ) BankSA Home and Contents Insurance Claim About this form Only About complete this form this form if your claim is in respect to loss of or damage to Buildings/Contents/Personal Valuables or Legal Liability.

More information

Privacy Policy Draft

Privacy Policy Draft Introduction Privacy Policy Draft Please note this is a draft policy pending final approval Alzheimer s Australia values your privacy and takes reasonable steps to protect your personal information (that

More information

ACE Insurance Limited ELITE II PROFESSIONAL INDEMNITY INSURANCE POLICY

ACE Insurance Limited ELITE II PROFESSIONAL INDEMNITY INSURANCE POLICY ELITE II PROFESSIONAL INDEMNITY INSURANCE POLICY Renewal Proposal Form - Miscellaneous ABN 23 001 642 020 AFSL 239687 Page 1 of 8 ACE ELITE II PROFESSIONAL INDEMNITY INSURANCE RENEWAL PROPOSAL FORM Miscellaneous

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

CREDIT REPORTING POLICY

CREDIT REPORTING POLICY CREDIT REPORTING POLICY GENERAL We respect your privacy and are committed to protecting it. We are bound by the Privacy Act 1988 and the Privacy (Credit Reporting) Code 2014 (Version 1.2) (the CR Code).

More information

communications between us and your financial, legal or other adviser, or your broker or agent;

communications between us and your financial, legal or other adviser, or your broker or agent; Privacy policy Updated: 25 June 2014 This Privacy Policy applies to information collected by 255 Finance Pty Ltd ABN 23 168 112 507 and its related bodies corporate ( 255 Finance or we ). This policy outlines

More information

LAUW Cyber erisks. SME Questionnaire. www.lauw.com.au

LAUW Cyber erisks. SME Questionnaire. www.lauw.com.au LAUW Cyber erisks SME Questionnaire Please only complete this Questionnaire if the Proposers annual gross revenue is less than $25m and they require limits of indemnity up and including $2m. If the Proposer

More information

FINANCIAL LINES ACE ELITE PLUS MANAGEMENT LIABILITY INSURANCE

FINANCIAL LINES ACE ELITE PLUS MANAGEMENT LIABILITY INSURANCE FINANCIAL LINES ACE ELITE PLUS MANAGEMENT LIABILITY INSURANCE 00 The ACE Elite Plus Management Liability policy features coverage and benefits designed to address the serious risks confronting private

More information

Approved Products List

Approved Products List Financial Services Guide (FSG) of Liddell & Ko Pty Ltd atf StirlingTrust and Highgate Trust (Authorised Representative No: 343754 Version March 2014 1.8 (Issued 12 March 2014) This document must be accompanied

More information

Hume Bank Limited Privacy Policy

Hume Bank Limited Privacy Policy Hume Bank Limited Privacy Policy Hume Bank Limited (ACN 051 868 556) ('we', 'us', 'our') is subject to the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles and Part IIIA

More information

Chapter 7: Australian Privacy Principle 7 Direct marketing

Chapter 7: Australian Privacy Principle 7 Direct marketing Chapter 7: APP 7 Direct marketing Version 1.0, February 2014 Chapter 7: Australian Privacy Principle 7 Direct marketing Version 1.0, February 2014 Key points... 2 What does APP 7 say?... 2 Direct marketing...

More information