PRIVACY IN THE CLOUD AND BIG DATA WHAT FRANCHISORS NEED TO KNOW!

Size: px
Start display at page:

Download "PRIVACY IN THE CLOUD AND BIG DATA WHAT FRANCHISORS NEED TO KNOW!"

Transcription

1 PRIVACY IN THE CLOUD AND BIG DATA WHAT FRANCHISORS NEED TO KNOW! By Alec Christie, Partner, DLA Piper Franchisors will already be dealing with a number of day-to-day privacy issues arising from their implementation of the new Australian Privacy Principles ("APPs") which became effective from 12 March However, very different privacy issues arise from use of Big Data and the Cloud by franchisors. In this paper we aim to demystify these two ubiquitous IT terms, highlight the privacy issues that arise under the current Australian privacy law and provide some practical tips for franchisors to navigate the privacy landscape in respect of Big Data and Cloud. FIRST: BIG DATA AND THE CLOUD EXPLAINED What is Big Data? Big Data is the tracking and aggregation of a large volume of data (including personal information) from search engine histories, s, sales transaction histories, reward/loyalty programs, app downloads and other sources. The aggregation, tracking and analysis of large volumes of data across such a range of variables can be of considerable value to franchisors, allowing you to gain insight into your markets and consumers, making you more responsive, increasing efficiency and helping to shape possible new offerings or the entry "new" markets. As well as using your own and your franchisees generated data, franchisors are also finding more and more ways of combining their data with that of third parties (as well as publically available information) in order to analyse more variables and to "slice and dice" the data in numerous ways. AGC/SZM/AUM/

2 What is the Cloud? Web based (such as Gmail and Hotmail) and social networking websites (such as Facebook) are perhaps the most ubiquitous examples of Cloud services. However, Cloud services can be delivered through a multitude of models (including non public models such as "private Clouds" and "shared private Clouds"). Although the term "Cloud" does not have a precise meaning, it generally refers to information technology services, for example web based and social networking sites, that: 1. are delivered via the Internet (the "Cloud" being an icon for the Internet); 2. typically have a de centralised IT infrastructure (ie the supplier's data centres are spread across multiple, and sometimes offshore, locations); and 3. are dynamically scalable and used more like a utility (eg electricity) than traditional computing resources. PRIVACY CONCERNS WITH BIG DATA AND THE CLOUD Big Data The collection and use of Big Data gives rise to a number of potentially difficult privacy scenarios for franchisors. One such example, referred to in an article by journalist Aleks Krotoski 1, is the purchase of the social media start-up Social Calendar 2 by US chain store Walmart. Krotoski points out that, when users of Social Calendar listed friends' birthdays or their holiday details, users would have had no idea that the information they included in Social Calendar would end up in the hands of Walmart. The purchase of Social Calendar effectively means that Walmart will, subject to applicable law, be able to cross reference the data from Social Calendar users with its own data to generate profiles of users and 1 2 Article entitled "Big Data age puts privacy in question as information becomes currency" published in 'The Guardian' on 22 April A very popular calendar app on Facebook which allows users to record special events such as the birthdays, anniversaries, etc of family and friends. AGC/SZM/AUM/

3 their friends (and significant events/celebrations in their lives) for very direct and time sensitive marketing opportunities. 3 Perhaps the most dramatic example of the use of Big Data occurred in 2013 when Target's analysis of Big Data determined that a teen girl was pregnant (before her parents knew), but did not flag that she was a teen and sent her direct electronic marketing for baby and maternity products. This incensed the girl's father was Target trying to encourage his teen daughter to fall pregnant? Of course, Target failed to include in its analysis of the Big Data whether this person was over 18 before sending her this marketing. However, Target's analysis of the Big Data was able to determine that she was pregnant (and therefore a potential customer for its maternity wear and baby products). By tracking and analysing her spending habits (not just at Target) Target was able to determine (a) she was expecting a baby and (b) how far along with the pregnancy she was, with unsettling accuracy. Examples such as these make it clear that there is a large gap between what can be done with Big Data, what is currently regulated by privacy law and community perceptions as to what should be done with Big Data. The Cloud Concerns about privacy and control over data are often cited as the major impediments to the growth of Cloud and its wide adoption by both business and government in Australia. In light of the recent celebrity photo leaking scandals, these reservations have been reinforced. Moving to the Cloud means relinquishing a degree of physical control over IT infrastructure and relying, in part, on Cloud vendors to ensure that information is kept private and secure. If the data is stored in offshore locations, those locations may or may not be in countries that have privacy laws which are the same or similar to those in Australia. 3 Of course, this is subject to any consent requirements under the relevant US law. AGC/SZM/AUM/

4 However, contrary to popular perception, Cloud services models are not inherently incompatible with Australia's privacy laws or with privacy protection and security in general. Cloud does not raise legal issues, especially in respect of compliance with Australian privacy law, that are wholly new or even dissimilar to issues that have arisen in respect of other IT services (such as in the outsourcing and offshoring models). In respect of these other IT services, the issues have been successfully managed by well advised franchisors. THE CURRENT AUSTRALIAN LEGAL LANDSCAPE Australia has Federal, State and Territory laws which generally adopt similar (although not identical) privacy principles. The principal piece of Federal legislation, to which all Federal agencies and most private sector businesses (including franchisors) are subject, is the Privacy Act 1988 (Cth). The 13 APPs under the Privacy Act that regulate the collection, holding, use and disclosure of "personal information" have been in force since 12 March The Privacy Act defines "Personal Information" to mean: "information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether recorded in a material form or not". For example, some addresses (such as are personal information, but anonymous information (such as purely statistical data) is not. The application of this regulatory framework to Big Data and the Cloud is discussed below. BIG DATA Outside of privacy and spam, Australian law does not currently regulate Big Data. Although not specific to Big Data, the Privacy Act imposes certain mandatory notification and consent obligations on entities collecting personal information which are relevant from a Big Data perspective. In addition, the SPAM Act prohibits the sending of electronic marketing communications without the prior "opt in" consent of the recipient. AGC/SZM/AUM/

5 Identified vs de-identified information The concepts of Personal Information, de-identified information and the applicability of the Privacy Act to Big Data appear, at first glance, simple enough. However, on further consideration, this is not straightforward in the Big Data context: can the information contained in Big Data ever truly (ie permanently) be de-identified? Big Data has historically been used for tracking the movements and interests of groups in a de-identified form (ie such that it does not identify any individual in the group). Of course, use of de-identified information is not regulated by the privacy law/apps and franchisors are free to collect, analyse and use such data as they see fit. However in recent years, as further potential uses for Big Data are discovered and the associated analytical tools developed, there has been an increasing ability to track (and a trend towards tracking) the movements and predicting the interests of identified individuals. Even if the data is de-identified (ie the franchisor is seeking to track/predict the behaviour of groups rather than individuals), the current (and future) data analysis capabilities are such that aggregation of vast amounts of data and the analysis available across such a vast range of Big Data collected from multiple sources (each of which may be de-identified individually) will almost certainly enable reidentification of the individuals concerned. Of course, as soon as the information is re-identified (or becomes reasonably re-identifiable), the collection, use and disclosure of such will be subject to the obligations of and restrictions imposed on the use of such personal information under the Privacy Act. When are mandatory notice & consent required? If Big Data held by a business includes Personal Information (including information which is reasonably capable of being re-identified), APP 5 requires that the relevant individuals from whom the information was collected be provided with mandatory notice regarding certain matters (such as the purpose of collection, use and the types of entities to which it is likely to be disclosed etc) at or before the time of AGC/SZM/AUM/

6 collection of such information. 4 Also, if any of the information to be collected is sensitive information (such as health records, criminal conviction information, race, sexual preference, etc) or if personal information is to be used for a purpose other than the primary purpose 5 for which it was collected then prior consent of the individual will be required. Franchisors (whether through their franchisees or directly) must provide the mandatory notices and obtain any necessary consent(s) through their privacy policy and processes at the time the personal information is first collected. As part of the process individuals are often required to expressly consent to the privacy policy (including the purposes for collection and any required consents), often by clicking a button or ticking a check-box in order to proceed. However in the Big Data context, at the time of the original collection of the information which later becomes part of Big Data, franchisors (even if they have collected all the relevant data themselves) are often not aware of the full extent of the potential uses they may have for such personal information as part of any future Big Data analysis. In addition, the significant volume of non-identified information collected legitimately without notice to and, sometimes, without the knowledge of the individual (eg via dynamic IP addresses, websites cookies, mobile phone location, etc) may itself become personal information when used as part of Big Data analysis, by being combined with other data and analysed in such a way that results in its identification of or connection to a specific individual. In practice it is expensive and impractical for franchisors to go back to individuals at a future date to renotify and/or re-consent for the new Big Data purpose(s) or for the "new" Personal Information collected (ie when de-identified information is re-identified). As a result many potential uses of the information, to which individuals may not have objected if asked when first collected, remain "locked-up" or, worse, franchisors will simply ignore the privacy law and push ahead regardless, exposing themselves to fines of up to $1.7 million. Essentially, the failure of regulation to keep pace with technology and the rise and use 4 Or, if it is not practicable to provide notice at this time, it can be provided as soon as possible after collection. 5 Or a purpose directly related to the primary purpose. AGC/SZM/AUM/

7 of Big Data acts as an impediment to commercialisation and technological innovation by businesses or, at least, a disincentive for businesses to comply with the privacy law. Where franchisors do anticipate certain future uses of personal information they may need to notify customers of (or require their consent to) either very complex or vague statements in their privacy policies in an attempt to comply with the obligations under the Privacy Act. Some customers may be put off by this and simply abandon the purchase of the goods or services, particularly in the online world. Also, individuals who provide consent without actually reading the privacy policy or understanding what they are consenting to, how their information will actually be used and whose hands it may end up in may be "shocked" by use of their personal information as part of Big Data analysis and there may be a customer revolt against the affected franchisors (even though the privacy policy of the relevant business technically notifies such use). A survey funded by the Australian Research Council identified that more than 60% of respondents rarely or never read website privacy policies. 6 Therefore the use of Big Data for purposes not reasonably expected by customers (particularly in the marketing context), without clear and transparent notice (ie informed consent), will likely result in unfavourable customer sentiment and may significantly increase the risk of a complaint to and investigation (or regulation) by the Privacy Commissioner. Marketing (electronic and traditional) Under the SPAM Act franchisors cannot send electronic marketing communications (such as s, SMS and MMS) to individuals, even if analysis of the Big Data shows that the individual wants such marketing, without that individual's prior consent. If the Big Data includes personal information (as it likely does in most Big Data circumstances), franchisors are also not able to use that personal information to send non-electronic (ie traditional hard copy) marketing if the recipients would not reasonably expect to receive such marketing communications. 6 Survey conducted by Mark Andrejevic of the University of Queensland's Centre for Critical and Cultural studies and presented by the Commissioner in Brisbane on 26 April 2012 at the University of Queensland Privacy Seminar. AGC/SZM/AUM/

8 Where consent is required to use Big Data for marketing initiatives, franchisors are faced with the same consent issues discussed above. WHERE TO FROM HERE? Both the Privacy Act and the SPAM Act were enacted before the rise of Big Data and neither adequately addresses the concerns of individuals or provide clarification for franchisors or other businesses regarding the steps that should be taken to manage the competing interests (ie balancing the protection of an individual's privacy against the commercial desire to use Big Data as a valuable "new economic asset"). Recently there has been much debate around whether uses of Big Data should be subject to increased or specific regulation. Some commentators have suggested that the use of Big Data should be subject to limitations that cannot be circumvented, even with an individual's consent. Others suggest, more reasonably, imposing "informed consent" obligations similar to the overseas transfer consent obligation in the new APPs (ie that the consequences of consent be specifically spelt out for and notified to individuals). Alternatively, we could see a shifting of the obligation for protecting Personal Information to the franchisor/business using that information in the Big Data context and a prohibition on using customer consent to get around those obligations. 7 The 12 March 2014 amendments to the Privacy Act did not specifically address Big Data and the Privacy Commissioner is yet to issue a guidance document on Big Data. However, given that the Commissioner has frequently mentioned the gap between practice and regulation when it comes to Big Data and the resulting pressures placed on the consent model under the Privacy Act (including the recent amendments), we expect some developments in this space in the near future. 7 In submissions to Microsoft in January 2013 the Privacy Commissioner indicated support for a move towards placing responsibility on data users (ie business) rather than individuals in order to ensure that the expectation of privacy is met, rather than the current approach of simply complying with black letter obligations. AGC/SZM/AUM/

9 THE CLOUD In the context of Cloud, the following APPs are especially relevant: APP 8 (Cross border disclosure of personal information) regulates the disclosure/transfer of personal information by a franchisor to a different entity (including a parent or related company) offshore. Before disclosure of personal information offshore, the Australian franchisor ("Australian Sender") must take reasonable steps to ensure the overseas recipient will comply with/not breach the APPs. This can be done by appropriate contractual provisions. However, the Australian Sender will (subject to limited exceptions) remain liable for the overseas recipient's acts and practices in respect of the personal information sent as if the Australian Sender had engaged in such activities in respect of that personal information in Australia and, where relevant, be in breach of the APPs due to the overseas recipient's acts or omissions. APP 11.1 (Security of personal information) requires that an organisation must "take reasonable steps to protect the personal information it holds from misuse, interference and loss and from unauthorised access, modification or disclosure". The Privacy Commissioner has issued a 32 page guidance as to what these "reasonable steps" might include. PRIVACY AND DIFFERENT CLOUD MODELS The practical importance of privacy issues for Cloud offerings very much depends on the nature of the particular Cloud services being acquired. In particular, whether the Cloud offering is simply a renting of the "tin" ie under an IaaS model or is more akin to a managed services, SaaS or EaaS 8 model, where the Cloud vendor has access to, takes possession of or processes the personal information of individuals provided by the customer. 8 "Everything as a Service". AGC/SZM/AUM/

10 Common issues There is (in our view, disproportionate) concern and focus on privacy and data security issues in respect of all Cloud offerings, in particular where the Cloud is (or may be) based outside of Australia. In fact, privacy and data security of information are consistently raised as the two main concerns for Australian businesses considering entering the Cloud. Potential customers (ie franchisors wishing to move to the Cloud) are concerned, where the Cloud offering is based/has servers outside of Australia, that the placing of any of Personal Information in the Cloud always results in a disclosing or transfer of the Personal Information offshore and this raises concerns for franchisors as to whether or not you have the appropriate notifications/consents in place. While there are some real concerns in respect of certain Cloud offerings in certain circumstances in reality, under the IaaS model for example, the data is not usually "transferred" or "disclosed" to a third party (ie the vendor). Rather, the information usually remains under the control of the Australian franchisor and, therefore, does not require any specific notifications or consents as the franchisor remains liable for privacy compliance under Australian law, no matter where it takes the data. Of course, under the managed services/saas model (if the vendor does access or process the customer's data), there are concerns as to overseas transfer/disclosure where the vendor's servers are outside of Australia. However, this can be (and often usually already is) covered by the franchisor's existing notifications/privacy policy and privacy processes. Australian Cloud customers (eg franchisors) are also often concerned (again, we believe, disproportionately) about the possible access to their data by foreign governments (eg under the terms of the USA Patriot Act 2001 or similar legislation of other countries) if hosted overseas. While this is not the place for a philosophical debate about the rights or wrongs of government (including intelligence agencies) accessing one's information and the recent events/publicity around this issue, 9 it is safe to assume that most governments can access one's information (wherever it is kept in electronic form) if 9 For example, the global press about the PRISM program as exposed by Edward Snowden. AGC/SZM/AUM/

11 they want to. In rare cases there may be information of a business (unlikely in the franchise context) which is so sensitive/of such national importance that there must be no chance of it being accessed by a foreign Government and so a foreign hosted Cloud offering is out of the question (as would be any offshoring, outsourcing or third party data centre hosted offering). However, for most franchisors and for most franchisor information, access by the Australian Government or a foreign Government is not either anticipated or overly concerning in a practical sense. While security in general and the security standards to which a Cloud vendor complies are important, the practical impact of the USA Patriot Act for US hosted Cloud offerings (or like legislation or potential actions of foreign Governments for other foreign hosted Cloud offerings) should not be overstated. The IaaS model Where the Cloud vendor is simply renting the "tin" to the customer and is not itself involved in any handling, use or processing of the personal information held by the franchisor, as in the IaaS Cloud model, all obligations with respect to privacy (and, generally, compliance with relevant laws) rightfully rest with the franchisor. In such circumstances it is usual for the franchisor to warrant (and be obliged to ensure) that it has all necessary privacy consents and has made all necessary privacy notifications in order to use the relevant Cloud service. The managed services/saas model Where the Cloud vendor has a more "active" role in handling, holding, using or processing the personal information originally collected or held by the franchisor, then the vendor also needs to consider its obligations under (and be compliant with) Australia privacy law even if, in practice, much of the mechanics of compliance is pushed down to the franchisor. That is, the franchisor must make the appropriate notifications/obtain the appropriate consents to provide the personal information to the vendor, but the vendor still needs to consider its separate privacy obligations. The vendor is also likely, in such circumstances, to have an obligation to notify the individuals (whose personal information the franchisor provides to it) that the vendor now holds their information and to provide the appropriate privacy notifications (usually done via its privacy policy). Of course, there are AGC/SZM/AUM/

12 practical ways of incorporating this into the franchisor's processes going forward but there needs to be extra care taken with (and thought given to) the Personal Information the franchisor has already collected and wishes to put into the Cloud. PRACTICAL TIPS FOR COMPLIANCE Big Data In the absence of clear regulation or guidance from the Privacy Commissioner on Big Data at present, franchisors can adopt a number of best practice steps to minimise the risks of infringing the Privacy Act/ending up being investigated by the Commissioner following a customer complaint. Specifically, franchisors can: Audit existing databases to determine what Personal Information they collect and hold, the purpose of collection and whether they are (or are likely) to track and aggregate such information for marketing purposes or purposes other than for which the information was originally collected. Knowing what you have and how you use it is the first step to compliance. Examine the Big Data used and whether information that is not identified separately is "re identifiable" by combination or through analysis and, if so, review original notices provided and consents obtained at the time of collection of that information. Focus on transparency by providing continuous notification each time there is a change in practices around collection, use or disclosure of personal information. Such notification should clearly set out the main ways in which the new practices are likely to impact individuals. Although keeping individuals informed will not remedy the shortcomings of the Privacy Act in respect of Big Data, greater transparency will (it is hoped) decrease potential customer fall out from unexpected use of personal information as part of any analysis of Big Data. Ensure your privacy policy is clear, concise and customer friendly. Mobile websites and apps should contain a short form privacy notice (ideally no longer than one screen shot) which is easy AGC/SZM/AUM/

13 to locate and which must be viewed before the customer can submit any personal information. The short form privacy notice could contain a link to the full privacy policy. Adopt continuous and flexible consent regimes where business wishes to use Big Data for marketing activities. For example, require customers to re-consent periodically to ensure their consent is current. Consider, in certain circumstances, detangling consents relating to uses of personal information which are not essential to the purchase of the goods or services from the remainder of the privacy policy so that customers can choose to consent to essential and non-essential uses separately. In such cases, incentivise the consent for non-essential uses. Ensure internal practices with respect to the handling of personal information are compliant with the recent guidance documents issued by the Privacy Commissioner (including the "Guide to Information Security"). The Cloud Franchisors which rely on Cloud services commonly address their obligations under the Privacy Act by (i) notifying/obtaining any relevant consents from individuals whose personal information they collect to process and store their information in the Cloud (often pushed down to the franchisees to do) and (ii) by placing appropriate Australian specific contractual obligations of privacy on the Cloud vendor. From a privacy perspective, some of the most important matters for franchisors to fully investigate and understand when negotiating an agreement with a Cloud vendor include: the types and sensitivity of the information that the franchisor wants to put into the Cloud (eg personal and/or confidential information about customers and employees); what privacy and other obligations the franchisor has with respect to the information (eg contractual, regulatory or statutory obligations); AGC/SZM/AUM/

14 the mechanisms and protections that the vendor has in place to protect and manage the information, including disaster recovery processes to protect against data loss; the locations of the vendor's data centres and other infrastructure and, if offshore locations are involved, what foreign laws will apply; and the vendor's reputation and track record in relation to security and privacy. A franchisor that enters into an agreement for a Cloud service should ensure that the agreement places appropriate privacy related obligations on the vendor. However, the franchisor also needs to ensure that it understands (and does not try and impose on the vendor) the privacy obligations which are rightfully those of the franchisor or, practically, are best managed by the franchisor (eg around the original collection of the information). Some of the appropriate vendor obligations to consider will relate to: retention of ownership of the information (ie ensuring it is clear that the information is owned by the franchisor); security arrangements to ensure that all information is safeguarded and secure and gives the franchisor the right to audit the vendor's compliance with security arrangements; reporting of information breaches and indemnities with respect to losses resulting from privacy related breaches; disaster recovery measures to help protect against information loss; storage of information only in nominated countries that have privacy protections which are compatible with Australian privacy law; and rights to audit and access information, including a right to the return of information when the agreement ends. Of course the ability to demand and negotiate contractual measures and protections will depend, in part, on relative bargaining position of the parties, the contract value and the type of Cloud services being AGC/SZM/AUM/

15 acquired. Accordingly, in some circumstances, a franchisor may be forced to assess the risks of proceeding without certain security or privacy protections against the benefits/cost savings it will receive from the Cloud service. CONCLUSION The use of Big Data and the Cloud by franchisors (and businesses generally) will only become more pervasive in the years to come. However, this increased use of Big Data and Cloud services by franchisors raises a variety of privacy, security, regulatory and other practical issues that need to be carefully addressed and managed by franchisors. While the regulation of Big Data is relatively undeveloped in Australia, practical measures can be taken now to minimise legal risks and to prepare for any changes in the regulatory landscape. From a privacy perspective at least, the legal issues that arise in respect of Cloud services are similar to issues that arise in the context of outsourcing, offshoring and other IT service models and can, as in these other areas, be appropriately managed and dealt with in the agreement between the parties. It is crucial that your legal advisor fully understands the nature of both the Cloud and Big Data and your privacy obligations in order to be able to tailor the legal protections for your organisation and to ensure compliance with privacy law/the APPs. AGC/SZM/AUM/

BIG DATA, BIG ISSUES?

BIG DATA, BIG ISSUES? BIG DATA, BIG ISSUES? IS AUSTRALIAN PRIVACY LAW KEEPING UP? By Reyhaneh Saadati, Solicitor & Alec Christie, Partner, DLA Piper Big Data has been dubbed by many as the "new economic asset" of our age and

More information

Clearing the Legal fog:

Clearing the Legal fog: Clearing the Legal fog: cloud computing explained MARCH 2010 This issues summary highlights some of the main legal issues that are claimed to negatively affect users of cloud computing and provides practical

More information

PRIVACY POLICY Personal information and sensitive information Information we request from you

PRIVACY POLICY Personal information and sensitive information Information we request from you PRIVACY POLICY Business Chicks Pty Ltd A.C.N. 121 566 934 (we, us, our, or Business Chicks) recognises and values the protection of your privacy. We also understand that you want clarity about how we manage

More information

Alec Christie, Partner, DLA. Piper Australia 26 October 2014

Alec Christie, Partner, DLA. Piper Australia 26 October 2014 hat franchisors need to know bout privacy, the cl oud and big ata Alec Christie, Partner, DLA Piper Australia 26 October 2014 hat we will cover today! Privacy: What has changed? (What hasn't?) The "new"

More information

Privacy and Cloud Computing for Australian Government Agencies

Privacy and Cloud Computing for Australian Government Agencies Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy

More information

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. PRIVACY POLICY 1. Introduction Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. We will only collect information that

More information

AASA Online Privacy Policy CRP.020

AASA Online Privacy Policy CRP.020 Introduction Alzheimer s Australia SA Inc values your privacy and takes reasonable steps to protect your personal information (that is, information which identifies or may reasonably be used to identify

More information

PRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;

PRIVACY POLICY. comply with the Australian Privacy Principles (APPs); ensure that we manage your personal information openly and transparently; PRIVACY POLICY Our Privacy Commitment Glo Light Pty Ltd A.C.N. 099 730 177 trading as "Lighting Partners Australia of 16 Palmer Parade, Cremorne, Victoria 3121, ( LPA ) is committed to managing your personal

More information

FISHER & PAYKEL PRIVACY POLICY

FISHER & PAYKEL PRIVACY POLICY FISHER & PAYKEL PRIVACY POLICY 1. About this Policy Fisher & Paykel Australia Pty Limited (ABN 71 000 042 080) and its related companies ('we', 'us', 'our') understands the importance of, and is committed

More information

Australia s unique approach to trans-border privacy and cloud computing

Australia s unique approach to trans-border privacy and cloud computing Australia s unique approach to trans-border privacy and cloud computing Peter Leonard Partner, Gilbert + Tobin Lawyers and Director, iappanz In Australia, as in many jurisdictions, there have been questions

More information

Privacy Policy Draft

Privacy Policy Draft Introduction Privacy Policy Draft Please note this is a draft policy pending final approval Alzheimer s Australia values your privacy and takes reasonable steps to protect your personal information (that

More information

PRIVACY POLICY. This document is our privacy policy and it tells you how we collect and manage your personal information.

PRIVACY POLICY. This document is our privacy policy and it tells you how we collect and manage your personal information. PRIVACY POLICY Introduction iproximity Pty Ltd (we, our, us) recognise the importance of protecting the privacy and the rights of individuals in relation to their personal information this includes existing

More information

Pacific Smiles Group Privacy Policy

Pacific Smiles Group Privacy Policy Pacific Smiles Group Privacy Policy Pacific Smiles Group Limited and its related bodies corporate (PSG, we, our, us) recognise the importance of protecting the privacy and the rights of individuals in

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

Privacy Policy. Ignite your local marketing

Privacy Policy. Ignite your local marketing Privacy Policy Ignite your local marketing Contents 1) Introduction... 3 2) What is your personal information?... 3 3) What personal information do we collect and hold?... 3 4) How do we collect your personal

More information

How not to lose your head in the Cloud: AGIMO guidelines released

How not to lose your head in the Cloud: AGIMO guidelines released How not to lose your head in the Cloud: AGIMO guidelines released 07 December 2011 In brief The Australian Government Information Management Office has released a helpful guide on navigating cloud computing

More information

DESTINATION MELBOURNE PRIVACY POLICY

DESTINATION MELBOURNE PRIVACY POLICY DESTINATION MELBOURNE PRIVACY POLICY 2 Destination Melbourne Privacy Policy Statement Regarding Privacy Policy Destination Melbourne Limited recognises the importance of protecting the privacy of personally

More information

Information Sheet: Cloud Computing

Information Sheet: Cloud Computing info sheet 03.11 Information Sheet: Cloud Computing Info Sheet 03.11 May 2011 This Information Sheet gives a brief overview of how the Information Privacy Act 2000 (Vic) applies to cloud computing technologies.

More information

CHARTER OF PATIENT RIGHTS

CHARTER OF PATIENT RIGHTS CHARTER OF PATIENT RIGHTS Welcome to QUEENSLAND COUNTRY DENTAL Queensland Country Dental will always endeavour to advise patients about their rights and the way our practice operates. Part of the process

More information

CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY

CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY 1. About this Policy Corporate Travel Management Group Pty Ltd (ABN 52 005 000 895) (CTM) ('we', 'us', 'our') understands the importance of, and is committed

More information

Zinc Recruitment Pty Ltd Privacy Policy

Zinc Recruitment Pty Ltd Privacy Policy 1. Introduction Zinc Recruitment Pty Ltd Privacy Policy We manage personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles. This policy applies to information collected

More information

Disclosure is the action of making new or secret information known.

Disclosure is the action of making new or secret information known. /PURPOSE OF POLICY Pty Limited (Momentum) is required and committed to comply with the Australian Privacy Principles (APPs) in the Privacy Act 1998 (Cth) (Privacy Act). The APPs regulate the manner in

More information

Privacy Update for Australian Government Agencies. What we've seen in the first 12 months of the new APPs and what's next!

Privacy Update for Australian Government Agencies. What we've seen in the first 12 months of the new APPs and what's next! Privacy Update for Australian Government Agencies What we've seen in the first 12 months of the new APPs and what's next! Presented by Sharon Rowe and Alec Christie Canberra, 31 March 2015 What we are

More information

2. What personal information do we collect and hold?

2. What personal information do we collect and hold? PRIVACY POLICY Conexus Financial Pty Ltd [ABN 51 120 292 257], (referred to as Conexus, us, we" or our"), are committed to protecting the privacy of the personal information that we collect and complying

More information

Revelian Pty Ltd ABN 58 089 022 202 Privacy Policy Effective 1 September 2014

Revelian Pty Ltd ABN 58 089 022 202 Privacy Policy Effective 1 September 2014 Revelian Pty Ltd ABN 58 089 022 202 Privacy Policy Effective 1 September 2014 OUR COMMITMENT Your privacy is important to us. This document explains how Revelian collects, handles, uses and discloses your

More information

Overview of the Impact of the Privacy Reforms on Credit Reporting

Overview of the Impact of the Privacy Reforms on Credit Reporting Overview of the Impact of the Privacy Reforms on Credit Reporting June 2012 Andrew Galvin, Partner 1 OVERVIEW 1.1 Credit Reporting Reform - Background When initially passed, the Privacy Act 1988 essentially

More information

Privacy Policy Australian Construction Products Pty Limited

Privacy Policy Australian Construction Products Pty Limited Privacy Policy Australian Construction Products Pty Limited What is this privacy policy about? This Privacy Policy describes how Australian Construction Products 63 091 618 781 (we or us) will treat the

More information

The kinds of personal information we collect and hold vary depending on the services we are providing, but generally can include:

The kinds of personal information we collect and hold vary depending on the services we are providing, but generally can include: ABN 47 001 768 190 AFSL 244526 Our Privacy Policy At Capital Insurance Brokers, we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian

More information

005ASubmission to the Serious Data Breach Notification Consultation

005ASubmission to the Serious Data Breach Notification Consultation 005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation

More information

Cloud Computing in a Government Context

Cloud Computing in a Government Context Cloud Computing in a Government Context Introduction There has been a lot of hype around cloud computing to the point where, according to Gartner, 1 it has become 'deafening'. However, it is important

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Captain Compare Privacy Policy

Captain Compare Privacy Policy Captain Compare Privacy Policy This Privacy Policy contains important information about the type of personal information we collect from you on the Captain Compare website (www.captaincompare.com.au) (Website),

More information

UNILEVER PRIVACY PRINCIPLES UNILEVER PRIVACY POLICY

UNILEVER PRIVACY PRINCIPLES UNILEVER PRIVACY POLICY UNILEVER PRIVACY PRINCIPLES Unilever takes privacy seriously. The following five principles underpin our approach to respecting your privacy: 1. We value the trust that you place in us by giving us your

More information

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013 INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.

More information

3 What Personal Information do we collect and why do we need it?

3 What Personal Information do we collect and why do we need it? Privacy Policy 1 Protecting your privacy The worldwide rental system operated as Europcar is owned by Europcar International, a French Corporation. A number of independently owned licensees also trade

More information

Privacy Law in Canada

Privacy Law in Canada Privacy Law in Canada Federal and provincial privacy legislation has a profound impact on the way virtually all organizations carry on business across the country. Canada s privacy laws, while likely the

More information

ATMD Bird & Bird. Singapore Personal Data Protection Policy

ATMD Bird & Bird. Singapore Personal Data Protection Policy ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:

More information

What's Up with Apps in Hong Kong July 2013

What's Up with Apps in Hong Kong July 2013 What's Up with Apps in Hong Kong July 2013 In May this year, the Hong Kong Privacy Commissioner for Personal Data ("Privacy Commissioner") joined the Global Privacy Enforcement Network ("GPEN") to conduct

More information

Privacy Policy and Disclosure Statement

Privacy Policy and Disclosure Statement Privacy Policy and Disclosure Statement 1. Introduction 1.1 From time to time Pinnacle People (ABN: 813 790 665 06) ("the Company") is required to collect, hold, use and/or disclose personal information

More information

ROYAL AUSTRALASIAN COLLEGE OF SURGEONS

ROYAL AUSTRALASIAN COLLEGE OF SURGEONS 1. SCOPE This policy details the College s privacy policy and related information handling practices and gives guidelines for access to any personal information retained by the College. This includes personal

More information

Belmont 16 Foot Sailing Club. Privacy Policy

Belmont 16 Foot Sailing Club. Privacy Policy Belmont 16 Foot Sailing Club Privacy Policy APRIL 2014 1 P age Belmont 16 Foot Sailing Club Ltd (the 16s ) respects your right to privacy and is committed to protecting your personal information. This

More information

Carriers Insurance Brokers Pty. Limited

Carriers Insurance Brokers Pty. Limited Our Privacy Policy At Carriers Insurance Brokers Pty. Limited, ABN 66 001 609 936, we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian

More information

Daltrak Building Services Pty Ltd ABN: 44 069 781 933. Privacy Policy Manual

Daltrak Building Services Pty Ltd ABN: 44 069 781 933. Privacy Policy Manual Daltrak Building Services Pty Ltd ABN: 44 069 781 933 Privacy Policy Manual Table Of Contents 1. Introduction Page 2 2. Australian Privacy Principles (APP s) Page 3 3. Kinds Of Personal Information That

More information

Table of Contents. Introduction 3 What is Title Insurance? What are mortgage processing and loan servicing services? 3 This Privacy Policy 3

Table of Contents. Introduction 3 What is Title Insurance? What are mortgage processing and loan servicing services? 3 This Privacy Policy 3 Privacy Policy First American Title Insurance Company of Australia Pty Ltd First Mortgage Services Pty Ltd First Mortgage Services Australia Pty Ltd 1 P a g e Table of Contents Page Introduction 3 What

More information

ZEN Telecom Pty. Ltd. Privacy Policy

ZEN Telecom Pty. Ltd. Privacy Policy ZEN Telecom Pty. Ltd. Privacy Policy ZEN Telecom provides broadband internet, mobile voice & data, and PSTN fixed landline telephone, products and services, to residential and small to medium business

More information

Next Business Telecom is also subject to other laws relating to the protection of personal information.

Next Business Telecom is also subject to other laws relating to the protection of personal information. NEXT BUSINESS TELECOM PRIVACY POLICY The Next Business Telecom brand (Next Business Telecom, we, us, our) Next Business Telecom provides data and voice services to its customers with a focus on business

More information

Coffey International Limited Privacy Policy. July 2014

Coffey International Limited Privacy Policy. July 2014 Coffey International Limited Privacy Policy July 2014 Privacy Policy 1. Introduction Coffey International Limited and its related bodies corporate (we, our, us) recognise your rights under the Privacy

More information

The Cloud and Cross-Border Risks - Singapore

The Cloud and Cross-Border Risks - Singapore The Cloud and Cross-Border Risks - Singapore February 2011 What is the objective of the paper? Macquarie Telecom has commissioned this paper by international law firm Freshfields Bruckhaus Deringer in

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Privacy fact sheet 17

Privacy fact sheet 17 Privacy fact sheet 17 Australian Privacy Principles January 2014 From 12 March 2014, the Australian Privacy Principles (APPs) will replace the National Privacy Principles Information Privacy Principles

More information

Privacy Policy. 30 January 2015

Privacy Policy. 30 January 2015 Privacy Policy 30 January 2015 Table of Contents 1 Overview 3 Purpose 3 Scope 3 2 Collection 3 What information do we collect? 3 What if you do not give us the information we request? 4 3 Use of information

More information

Using AWS in the context of Australian Privacy Considerations October 2015

Using AWS in the context of Australian Privacy Considerations October 2015 Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview

More information

Police Financial Services Limited Copyright exists in this document Privacy Policy 1

Police Financial Services Limited Copyright exists in this document Privacy Policy 1 Privacy January 2015 Policy Police Financial Services Limited ABN 33 087 651 661 ('we', 'us', 'our', BankVic ) is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth) (Privacy Act).

More information

Credit Reporting Privacy Policy of Baybrick Pty Ltd

Credit Reporting Privacy Policy of Baybrick Pty Ltd Credit Reporting Privacy Policy of Baybrick Pty Ltd Introduction 1. This Credit Reporting Privacy Policy is the official privacy policy of Baybrick Pty Ltd and its subsidiaries which includes JBS Australia

More information

PRIVACY AND CREDIT REPORTING POLICY

PRIVACY AND CREDIT REPORTING POLICY PRIVACY AND CREDIT REPORTING POLICY 12 March 2014 CONTENTS What is personal information?...3 Information we may collect, use and disclose about you...4 Collection of sensitive information...6 How personal

More information

BHF Southern African Conference

BHF Southern African Conference BHF Southern African Conference Navigating the complexities of the new legislative framework Peter Hill, Director: IT Governance Network TOPICS TO BE COVERED The practical implementation of the PPI Act

More information

Privacy Policy. Federal Insurance Company, Singapore Branch Singapore Personal Data Protection Privacy Policy. 1. Introduction

Privacy Policy. Federal Insurance Company, Singapore Branch Singapore Personal Data Protection Privacy Policy. 1. Introduction Privacy Policy 1. Introduction Federal Insurance Company, Singapore Branch ( we, our or us ) recognise the importance of protecting the privacy and the rights of individuals in relation to their personal

More information

The Impact on Marketing-Related Activities of the Data Protection Act and Related Legislation

The Impact on Marketing-Related Activities of the Data Protection Act and Related Legislation The Impact on Marketing-Related Activities of the Data Protection Audience 1. This guidance is intended for all University staff who maintain or use database of contacts for marketing purposes, including

More information

School Information Security and Privacy in the Cloud

School Information Security and Privacy in the Cloud School Information Security and Privacy in the Cloud Information Sheet and FAQ s Staying competitive in today s digital world means using technology in ways that are innovative in scope and reach. The

More information

PERSONAL DATA PROTECTION CHECKLIST FOR ORGANISATIONS

PERSONAL DATA PROTECTION CHECKLIST FOR ORGANISATIONS PERSONAL DATA PROTECTION CHECKLIST FOR ORGANISATIONS How well does your organisation protect personal data? This self-assessment checklist is based on the nine personal data protection obligations underlying

More information

2. Open and transparent management of personal information

2. Open and transparent management of personal information Privacy Policy - Talison Lithium Pty Ltd 1. Overview Talison Lithium Pty Ltd (Talison) believes privacy is an important right of individuals. Talison takes steps to protect your personal information from

More information

PRIVACY POLICY. Privacy Statement

PRIVACY POLICY. Privacy Statement PRIVACY POLICY Privacy Statement Blue Care is one of Australia's leading providers of retirement living, community health, help at home services and aged care homes, caring for more than 12,500 people

More information

In-House Counsel Day Priorities for 2012

In-House Counsel Day Priorities for 2012 In-House Counsel Day Priorities for 2012 Cloud Computing the benefits, potential risks and security for the future Presented by Anthony Willis Group Head IP and Technology Thursday 1 March 2012 WIN: What

More information

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:

More information

Service Schedule for CLOUD SERVICES

Service Schedule for CLOUD SERVICES Service Schedule for CLOUD SERVICES This Service Schedule is effective for Cloud Services provided on or after 1 September 2013. Terms and Conditions applicable to Cloud Services provided prior to this

More information

Privacy Policy (Solitaire Automotive)

Privacy Policy (Solitaire Automotive) Privacy Policy (Solitaire Automotive) Solitaire Automotive Group is committed to ensuring that any personal information collected during the course of our operations is treated with respect and managed

More information

ABC PRIVACY POLICY. The ABC is strongly committed to protecting your privacy when you interact with us, our content, products and services.

ABC PRIVACY POLICY. The ABC is strongly committed to protecting your privacy when you interact with us, our content, products and services. ABC PRIVACY POLICY The ABC is strongly committed to protecting your privacy when you interact with us, our content, products and services. Our goal is to provide you and your family with media experiences

More information

Definitions. Broker means Veda Advantage Information Systems and Solutions Limited;

Definitions. Broker means Veda Advantage Information Systems and Solutions Limited; Definitions Authorised Purposes means: (a) dealings with interests in land authorised by Law; or (b) a purpose directly related to such dealing provided that the purpose is not contrary to any Law; or

More information

Direct Recruitment Privacy Policy

Direct Recruitment Privacy Policy Direct Recruitment Privacy Policy Direct Recruitment manages personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles (APP). This policy applies to information collected

More information

Data controllers and data processors: what the difference is and what the governance implications are

Data controllers and data processors: what the difference is and what the governance implications are ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a

More information

CUA Group APP Privacy & Credit information Policy

CUA Group APP Privacy & Credit information Policy For more information: Call 133 282 Visit www.cua.com.au Drop into your local branch CUA Group APP Privacy & Credit information Policy 1 August 2015 Credit Union Australia Limited ABN 44 087 650 959 AFSL

More information

(a) the kind of data and the harm that could result if any of those things should occur;

(a) the kind of data and the harm that could result if any of those things should occur; Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

DATA PROTECTION AND DATA STORAGE POLICY

DATA PROTECTION AND DATA STORAGE POLICY DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether

More information

Service Schedule for BT Business Lite Web Hosting and Business Email Lite powered by Microsoft Office 365

Service Schedule for BT Business Lite Web Hosting and Business Email Lite powered by Microsoft Office 365 1. SERVICE DESCRIPTION 1.1 The Service enables the Customer to: set up a web site(s); create a sub-domain name associated with the web site; create email addresses. 1.2 The email element of the Service

More information

Quorum Privacy Policy

Quorum Privacy Policy Quorum Privacy Policy Quorum Analytics Inc. ( Quorum") has created this website (the "Website" or the "Site") to provide an online analytical tool that Subscribers can use to generate Derived Analytics

More information

Privacy Statement. April 2015

Privacy Statement. April 2015 Privacy Statement April 2015 RACT Health Insurance is provided by GMHBA Limited. In this privacy statement, references to RACT Health Insurance are references to GMHBA Limited. References to RACT are references

More information

Privacy Policy. Board for Lutheran Education Australia. Policy. Purpose. Exclusion

Privacy Policy. Board for Lutheran Education Australia. Policy. Purpose. Exclusion Policy Relevant to Responsible officer Contact officer Authorisation Date introduced March 2014 Effective date of latest version March 2014 Next review date March 2017 Relevant legislation or source Board

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

Enhanced mobile location information for the Emergency Call Service

Enhanced mobile location information for the Emergency Call Service Enhanced mobile location information for the Emergency Call Service Submission to ACMA consultation on a proposal to amend the Telecommunications (Emergency Call Service) Determination 2009 June 2010 GPO

More information

Cloud Computing. Introduction

Cloud Computing. Introduction Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between

More information

Best Practice Guide Workplace privacy

Best Practice Guide Workplace privacy Best Practice Guide Workplace privacy 01 Work & family 02 Consultation & cooperation in the workplace 03 Use of individual flexibility arrangements 04 A guide for young workers 05 An employer s guide to

More information

Privacy, the Cloud and Data Breaches

Privacy, the Cloud and Data Breaches Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global

More information

Cloud Computing: Privacy and Other Risks

Cloud Computing: Privacy and Other Risks December 2013 Cloud Computing: Privacy and Other Risks by George Waggott, Michael Reid and Mitch Koczerginski, McMillan LLP Introduction While the benefits of outsourcing organizational data storage to

More information

DATA AND PAYMENT SECURITY PART 1

DATA AND PAYMENT SECURITY PART 1 STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of

More information

BLUE BADGE INSURANCE PTY LTD BLUE BADGE COMMUNITY AUSTRALIA PTY LTD PRIVACY POLICY

BLUE BADGE INSURANCE PTY LTD BLUE BADGE COMMUNITY AUSTRALIA PTY LTD PRIVACY POLICY BLUE BADGE INSURANCE PTY LTD BLUE BADGE COMMUNITY AUSTRALIA PTY LTD PRIVACY POLICY Version 1-1 1 July 2015 Blue Badge Insurance Australia Pty Ltd 2014 ABN 59 162 783 306 A.R. No. 438547 is an Authorised

More information

HOW WE USE YOUR INFORMATION

HOW WE USE YOUR INFORMATION HOW WE USE YOUR INFORMATION This privacy notice tells you what to expect when University of Essex Students Union (referred to as the SU herein) collects personal information. It applies to information

More information

www.corrs.com.au OFFSHORING Data the new privacy laws

www.corrs.com.au OFFSHORING Data the new privacy laws www.corrs.com.au OFFSHORING Data the new privacy laws OFFSHORING DATA THE NEW PRIVACY LAWS Transfer of data by Australian organisations to other jurisdictions is increasingly common. This is a result of

More information

Service Schedule for Business Email Lite powered by Microsoft Office 365

Service Schedule for Business Email Lite powered by Microsoft Office 365 Service Schedule for Business Email Lite powered by Microsoft Office 365 1. SERVICE DESCRIPTION Service Overview 1.1 The Service is a hosted messaging service that delivers the capabilities of Microsoft

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

TEG Live Privacy Policy

TEG Live Privacy Policy TEG Live Privacy Policy We Respect Your Privacy At TEG Live * the security of personal information that we collect is of utmost importance to us. You can find information about how we handle and manage

More information

Opal Privacy Policy. Opal Electronic Ticketing System

Opal Privacy Policy. Opal Electronic Ticketing System Opal Electronic Ticketing System Contents 1 Background... 4 1.1 The Opal Ticketing System... 4 1.2 Channels for acquiring Opal cards... 4 1.3 TfNSW... 4 2 Scope of policy... 5 2.1 Applicable privacy legislation...

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

Information Privacy Policy

Information Privacy Policy Information Privacy Policy pol-032 Version: 2.01 Last amendment: Oct 2014 Next Review: Aug 2017 Approved By: Council Date: 04 May 2005 Contact Officer: Director, Strategic Services and Governance INTRODUCTION

More information

RAMS Privacy Policy. When you trust us with your personal information, you expect us to protect it and keep it safe.

RAMS Privacy Policy. When you trust us with your personal information, you expect us to protect it and keep it safe. When you trust us with your personal information, you expect us to protect it and keep it safe. We are bound by the Privacy Act 1988 (Cth) ( Privacy Act ) and will protect your personal information in

More information

Privacy Law in Canada

Privacy Law in Canada by PATRICIA WILSON & MICHAEL FEKETE Protection of personal information remains at the forefront of public policy debate in. Federal and provincial privacy legislation has a profound impact on the way virtually

More information

SOLICITORS EXCESS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL

SOLICITORS EXCESS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL SOLICITORS EXCESS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL A. Your Duty of Disclosure Before you enter into a contract

More information