OFFSHORING Data the new privacy laws
|
|
- Heather Hawkins
- 8 years ago
- Views:
Transcription
1 OFFSHORING Data the new privacy laws
2 OFFSHORING DATA THE NEW PRIVACY LAWS Transfer of data by Australian organisations to other jurisdictions is increasingly common. This is a result of IT service providers using personnel and infrastructure in low cost jurisdictions such as India to service Australian based clients. The cloud computing industry alone is now worth nearly $2 billion in Australia and about half of this is spent on public cloud services. Eighty six per cent of Australian businesses now report that they use cloud services. 1 While there are onshore data processing options available in the marketplace (including Australianonly clouds 2 ), these may not offer the customer the same benefits (e.g. economies of scale, affordability) as offshore options. There are a range of commercial risk and regulatory considerations that any customer or supplier considering offshoring data needs to assess. In particular, new laws govern the disclosure by Australian organisations 3 of personal information 4 to overseas recipients from 12 March This note addresses some of the relevant issues. What are the changes to privacy law? The new law replaces the National Privacy Principles (that applied to private organisations) and Information Privacy Principles (that applied to government agencies) with a single list of principles called the Australian Privacy Principles (APPs). 1 IDC. Cloud is now business as usual. (16 July 2013). 2 Australia-only cloud services are those where the provider commits to only storing or processing data in data centres located in Australia. 3 This includes entities with an Australian link in accordance with s 5B. 4 This is information or opinion about an identified individual or a person who is reasonably identifiable. It does not matter whether the information is true or actually recorded in a material form. 5 Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth). The new law gives the Privacy Commissioner more powers, including: the ability to seek enforceable undertakings from organisations that have breached the Privacy Act and enforce any such undertaking in the courts; the power to initiate own motion investigations whether or not a complaint from an affected individual has been made; and the power to apply to the Federal Court for a civil penalty order of up to $1.7 million for serious or repeated breaches. How do the APPs govern disclosures overseas? APP 8 requires that before disclosing personal information to a person that is outside Australia (an overseas recipient), an Australian organisation must: 1. take reasonable steps to make sure that the overseas recipient will not breach the APPs and the Australian organisation will be accountable for any such breach by the overseas recipient; or 2. alternatively: a. make it known to the relevant individual that his or her personal information will not be protected by the APPs after the disclosure to the overseas recipient and obtain the indvidual s consent to the disclosure ; or b. form a reasonable belief that the overseas recipient is subject to laws substantially similar to the APPs. Step One: is the data transfer a disclosure? APP 8 does not apply unless the personal information is disclosed to an overseas recipient. page 2
3 Is the transfer a disclosure or a use? The new law does not define what constitutes a disclosure. The NPPs regulate cross-border transfers of personal information, not disclosures. 6 Under the Explanatory Memorandum for the new law, Parliament explained that disclosure isn t intended to be as broad as transfer. 7 The Merriam Webster Dictionary defines a disclosure as the act of making something known. Accordingly, a transfer of personal information to an overseas recipient will not necessarily be a disclosure or subject to APP 8. The Office of the Australian Information Commissioner (OAIC) has suggested that a disclosure occurs when information is released from an entity s effective control. 8 In the context of cloud services, the OAIC is of the view that a transfer of personal information will not be a disclosure if the service provider is only storing the data and certain contractual protections are implemented: OAIC EXAMPLES 9 Where an APP entity provides personal information to a cloud service provider located overseas for the limited purpose of performing the services of storing and ensuring the entity may access the personal information, this [will not be a disclosure ] provided: 1. a binding contract is entered into requiring the provider to only handle the personal information for these limited purposes; 2. that contract requires any subcontractors to agree to the same obligations; and 3. that contract gives the entity effective control of how personal information is handled by overseas recipient. However, the OAIC has also given guidance that the following service provider arrangements will involve a disclosure : 6 NPP 9 (Transborder data flows) 7 Privacy Amendment (Enhancing Privacy Protection) Bill 2012 Explanatory Memorandum p 83 8 OAIC Guidance (APP 8) at [8.8] 9 OAIC Guidance (APP 8) at [8.14] outsourcing processing of online purchases through website to an overseas service provider (providing personal information on customers to the service provider in order to facilitate); sending information to an overseas service provider for the purposes of conducting reference checks on behalf of the Australian organisation; or an Australian organisation relying on a parent company offshore to supply billing support (providing the parent with access to its customer database in order to facilitate). The distinction between the cloud storage example and the other examples given doesn t appear to be justified in terms of control. For example, the online payment processing agreement could be subject to the same contractual controls as the OAIC stipulates in the cloud storage example. The distinction appears to be in the different levels of use or processing of the personal data required by the service provider in each example. In the cloud storage example, the service provider does not need to use, access or view the personal data, whereas in the other examples, the service provider does need to access or view the data in order to perform its services. It is interesting that neither the new law, nor the OAIC guidance, deals with encryption of personal data in the context of APP 8. Arguably, if a customer encrypts personal information before providing it to its service provider, no disclosure of the personal information will occur. Even if an Australian organisation can satisfy itself that a transfer of personal information to an overseas recipient is not a disclosure and therefore not subject to APP 8, the organisation may still be liable for any breach of the APPs by the overseas recipient on the basis that the overseas recipient is acting as the Australian organisation s agent and its acts or omissions may be taken to be acts or omissions of the Australian organisation for the purposes of the Privacy Act. It is important to recognise that OAIC guidance 10 in relation to disclosure is not legally binding. However, prudent organisations will take note of the regulator s guidance when implementing compliance procedures. 10 OAIC Australian Privacy Principles Guidelines (February 2014) page 3
4 OFFSHORING DATA THE NEW PRIVACY LAWS Based on the Explanatory Memorandum for the new law, we can be confident that the following acts will constitute a disclosure : publishing personal information on the internet; accidentally releasing personal information publicly; and sending information to a related company (for example, a parent or sister company). 11 Further, a transfer of personal information within the same corporate entity is not considered a disclosure, even if that transfer is to an overseas office of the same entity. 12 The diagram below is a visual representation of the acts that may constitute a disclosure to an overseas recipient. Transferring personal information outside Australia: use or disclosure? Received by parent company in Washington D.C. ( Disclosure ) Received by Houston office of Australian entity ( Use ) Received by cloud provider in London. Entity enters into binding contract with cloud provider to limit access to information, enforce security standards and restrict cloud provider to only providing storage services ( Use ) Received by contractor in New Delhi for purpose of reference checking applicants for a job ( Disclosure ) Received by individual customer in Buenos Aires who requested their own personal information ( Use ) Document sent from Sydney office via 11 OAIC Guidance (APP 8) at [8.13] 12 Privacy Amendment (Enhancing Privacy Protection) Bill 2012 Explanatory Memorandum p 83 page 4
5 Step two: taking reasonable steps to ensure the service provider does not breach the APPs Assuming that a disclosure has taken place and it is received by an overseas recipient, the consequence is that an Australian organisation must take reasonable steps to ensure that the overseas recipient does not breach the APPs. Parliament has suggested that reasonable steps will normally require that an entity enter into a contractual relationship with the recipient. 13 The OAIC has also gone a step further, specifying contractual conditions that it believes may be sufficient to satisfy the reasonable steps requirement: OAIC recommended contractual protections 14 Set out the types of personal information to be disclosed and the specific purposes of disclosure. Include obligation that overseas recipient complies with APPs in relation to: a. collection; b. use; c. disclosure; d. storage; and e. destruction/de-identification. Include obligation that subcontractors comply with same requirements as above. Include requirement that overseas recipient implement a data breach response plan (for notifying Australian entity of data breaches and required remedial action). Exceptions Exception 1: where consent is obtained An entity will not need to ensure the overseas recipient complies with the APPs if the entity obtains consent from 13 Privacy Amendment (Enhancing Privacy Protection) Bill 2012 Explanatory Memorandum p OAIC Guidance (APP 8) at [8.16] the individual whose information is being disclosed. Consent will only be valid where it is (a) expressly obtained and (b) plainly evident that the individual was aware the entity would not be taking steps to ensure the overseas recipient complies with the APPs. 15 The OAIC has suggested that valid consent will be given where: a. the entity provides a clear written or oral statement explaining the consequences of consent (i.e. the entity will not be accountable for breaches of the APPs by the foreign entity and the individual may not be able to seek redress); and b. the statement explains practical effects and risks associated with disclosure that the entity is aware of (e.g. that the individual will not have the ability to access personal information relating to the individual that is held by the foreign entity). Exception 2: where the overseas recipient is subject to substantially similar laws An entity will not need to ensure the overseas recipient complies with the APPs if the entity has a reasonable belief that the person outside Australia is subject to laws substantially similar to the APPs. What constitutes a reasonable belief? A reasonable belief is more than merely a genuine or subjective belief. The OAIC suggests that it is the responsibility of the organisation to justify its reasonable belief if there is a dispute. One example that the OAIC gives is where an organisation has obtained independent legal advice on the foreign privacy protections. What are substantially similar laws? Laws which are substantially similar do not necessarily need to requote the protections in the APPs. Rather, the overall effect of the law is the determining factor. The OAIC hasn t been willing to disclose a white list of countries that it considers to have substantially similar laws to Australia, but the EU white list 16 may be 15 Privacy Amendment (Enhancing Privacy Protection) Bill 2012 Explanatory Memorandum p The European Commission has published a white list of countries that it considers has adequate data protection laws (see: privacycommission.be/en/transfers-outside-the-eu-with-adequate-protection) page 5
6 OFFSHORING DATA THE NEW PRIVACY LAWS a good starting point for an analysis (the list includes, for example, Switzerland, Argentina and New Zealand). It is prudent to seek legal advice as to whether the country where an overseas recipient is located is subject to substantially similar laws. In the context of cloud computing, this may involve considering the laws of each of the jurisdictions in which the service provider s infrastructure is located. The OAIC has published its own guidance as to what it will take into account when considering foreign privacy laws: OAIC recommended contractual protections 14 Is there a comparable definition of personal information? Does it regulate collection of personal information in a similar way to the APPs? Does it require the recipient to notify individuals about collection? Does it require the recipient to use or disclose personal information only for authorised purposes? Are there comparable data quality and security standards? Is there a right to access and seek correction of personal information? The last element is that the similar laws must have enforcement mechanisms that are accessible to an individual whose personal information is disclosed. An equivalent body of the OAIC or courts with similar functions and powers will be a necessity. Privacy Policy & Collection Statements In addition to complying with APP 8, Australian organisations are required to include in their Privacy Policy: a. whether they are likely to disclose information overseas 17 ; and b. the countries where overseas recipients are located. 18 If the information is likely to be disclosed to a person overseas who is not already listed in the Privacy Policy, then an entity must send the individual a Collection Notice that lists the other countries where the information may be disclosed. 19 Security Australian organisations are also required to take appropriate security measures to protect any personal information from misuse, interference and loss and from unauthorised access, modification or disclosure. 20 Security may need to be more rigorous if the information is sensitive or the potential consequences for the individual, if the information were disclosed, are severe. Other regulation Depending on the industry the organisation is in or for government agencies, there are additional laws that may also apply to offshore data transfers. Commonwealth Government agencies are subject to separate, stringent rules when they choose to outsource or offshore data (Attorney-General s Guidelines for Outsourced or Offshore ICT Arrangements). For example, where personal information is sent offshore or placed in a public cloud service arrangement, the agency must first obtain the consent of both the Attorney- General and the Minister responsible for the agency. There are special data management requirements for financial institutions (APRA Prudential Practice Guide CPG 235). These include ensuring that all contracts for the outsourcing of data (not just personal information) include special conditions relating to the handling of that data. APRA suggests that these include terms covering business continuity management and that a risk assessment procedure be established before these arrangements can be entered into. 17 APP 1.4 (f) 18 APP 1.4 (g) 19 APP 5.2 (i) and 5.2 (j) 20 APP 11.1 page 6
7 CORRS CONTACTS JAMES NORTH Partner Tel Mob +61 (0) james.north@corrs.com.au Ravi de Fonseka Senior Associate Tel ravi.defonseka@corrs.com.au JOHANNA O ROURKE Daniel Thompson Special Counsel Tel johanna.orourke@corrs.com.au Associate Tel daniel.thompson@corrs.com.au Barbara Keane Kieran Donovan Senior Associate Tel barbara.keane@corrs.com.au Lawyer Tel kieran.donovan@corrs.com.au Disclaimer The content of this leaflet is intended to provide general information regarding the Australian Privacy Principles and other related legislation, and is not intended to be advice as to the application of the referenced legislation and regulations to the recipient s business. page 7
8 SYDNEY 8 Chifley 8-12 Chifley Square Sydney NSW 2000 Tel Fax MELBOURNE Bourke Place 600 Bourke Street Melbourne VIC 3000 Tel Fax BRISBANE Waterfront Place 1 Eagle Street Brisbane QLD 4000 Tel Fax PERTH Woodside Plaza 240 St George s Terrace Perth WA 6000 Tel Fax KH120314
Privacy and Cloud Computing for Australian Government Agencies
Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy
More informationAustralia s unique approach to trans-border privacy and cloud computing
Australia s unique approach to trans-border privacy and cloud computing Peter Leonard Partner, Gilbert + Tobin Lawyers and Director, iappanz In Australia, as in many jurisdictions, there have been questions
More informationPUBLIC & PRODUCTS LIABILITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL
PUBLIC & PRODUCTS LIABILITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL A. Obtaining a Quotation To minimise delays in obtaining a quotation
More informationPUBLIC & PRODUCTS LIABILITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL
PUBLIC & PRODUCTS LIABILITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL A. Obtaining a Quotation To minimise delays in obtaining a quotation
More informationPUBLIC & PRODUCTS LIABILITY RENEWAL DECLARATION
PUBLIC & PRODUCTS LIABILITY RENEWAL DECLARATION IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS RENEWAL DECLARATION A. Obtaining a Quotation To minimise delays in obtaining
More informationT: [redacted] F: +61 2 9551 8644 [redacted] www.rba.gov.au
T: [redacted] F: +61 2 9551 8644 [redacted] www.rba.gov.au 7 May 2014 Australian Privacy Commissioner Office of the Australian Information Commissioner GPO Box 5218 SYDNEY NSW 2001 Dear Mr Pilgrim APPLICATION
More information1.4 For information about our management of your other personal information, please see our Privacy Policy available at www.iba.gov.au.
Indigenous Business Australia Credit Information Policy 1 Purpose and application of this policy 1.1 This credit reporting policy (Credit Information Policy) describes and establishes how Indigenous Business
More informationPROFESSIONAL INDEMNITY RENEWAL DECLARATION IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS RENEWAL DECLARATION
PROFESSIONAL INDEMNITY RENEWAL DECLARATION IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS RENEWAL DECLARATION A. Obtaining a Quotation To minimise delays in obtaining
More informationDIRECTORS & OFFICERS LIABILITY INSURANCE PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL
DIRECTORS & OFFICERS LIABILITY INSURANCE PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL A. Obtaining a Quotation To minimise delays in obtaining
More informationTable of Contents. Introduction 3 What is Title Insurance? What are mortgage processing and loan servicing services? 3 This Privacy Policy 3
Privacy Policy First American Title Insurance Company of Australia Pty Ltd First Mortgage Services Pty Ltd First Mortgage Services Australia Pty Ltd 1 P a g e Table of Contents Page Introduction 3 What
More informationPrivacy Policy Australian Construction Products Pty Limited
Privacy Policy Australian Construction Products Pty Limited What is this privacy policy about? This Privacy Policy describes how Australian Construction Products 63 091 618 781 (we or us) will treat the
More informationInternational money transfers public interest determination applications. Consultation paper
International money transfers public interest determination applications Consultation paper Closing date for comment 4 August 2014 Purpose of consultation paper The Office of the Australian Information
More informationPolice Financial Services Limited Copyright exists in this document Privacy Policy 1
Privacy January 2015 Policy Police Financial Services Limited ABN 33 087 651 661 ('we', 'us', 'our', BankVic ) is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth) (Privacy Act).
More informationCredit Reporting Privacy Policy of Baybrick Pty Ltd
Credit Reporting Privacy Policy of Baybrick Pty Ltd Introduction 1. This Credit Reporting Privacy Policy is the official privacy policy of Baybrick Pty Ltd and its subsidiaries which includes JBS Australia
More informationClearing the Legal fog:
Clearing the Legal fog: cloud computing explained MARCH 2010 This issues summary highlights some of the main legal issues that are claimed to negatively affect users of cloud computing and provides practical
More information005ASubmission to the Serious Data Breach Notification Consultation
005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation
More informationREAL ESTATE AGENTS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL
REAL ESTATE AGENTS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL A. Your Duty of Disclosure Before you enter into a contract
More information2. Open and transparent management of personal information
Privacy Policy - Talison Lithium Pty Ltd 1. Overview Talison Lithium Pty Ltd (Talison) believes privacy is an important right of individuals. Talison takes steps to protect your personal information from
More informationCUA Group APP Privacy & Credit information Policy
For more information: Call 133 282 Visit www.cua.com.au Drop into your local branch CUA Group APP Privacy & Credit information Policy 1 August 2015 Credit Union Australia Limited ABN 44 087 650 959 AFSL
More informationREAL ESTATE AGENTS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL
REAL ESTATE AGENTS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL A. Your Duty of Disclosure Before you enter into an
More informationCyber security: A major issue for Australian business
Cyber Security: A major issue for Australian business: February 2016 1 Cyber security: A major issue for Australian business Contents Introduction and background Is your industry particularly vulnerable
More information2.1 Certain words have special meanings when used in this Privacy Policy. These are shown below.
1. OUR COMMITTMENT 1.1 In handling your personal information, Maleny Credit Union (ABN 52 087 650 995) and its controlled entities ( MCU / credit union / we / us ) are committed to complying with the Australian
More informationSOLICITORS EXCESS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL
SOLICITORS EXCESS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL A. Your Duty of Disclosure Before you enter into a contract
More informationPrivacy fact sheet 17
Privacy fact sheet 17 Australian Privacy Principles January 2014 From 12 March 2014, the Australian Privacy Principles (APPs) will replace the National Privacy Principles Information Privacy Principles
More informationamaysim Privacy Policy
amaysim Privacy Policy Valid as of 07 October 2015-1 of 8 - amaysim Australia Pty Ltd ABN 65 143 613 478 (referred to in this document as amaysim or we or us ). 1. Protection of your privacy and personal
More informationPrivacy Policy. 30 January 2015
Privacy Policy 30 January 2015 Table of Contents 1 Overview 3 Purpose 3 Scope 3 2 Collection 3 What information do we collect? 3 What if you do not give us the information we request? 4 3 Use of information
More informationCarriers Insurance Brokers Pty. Limited
Our Privacy Policy At Carriers Insurance Brokers Pty. Limited, ABN 66 001 609 936, we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian
More informationCREDIT REPORTING POLICY
CREDIT REPORTING POLICY The Clean Energy Finance Corporation ("CEFC", we, us, our in this Credit Reporting Policy) respect the privacy of personal information and credit information you may provide to
More informationHOME INDEMNITY INSURANCE - WESTERN AUSTRALIA POLICY WORDING
POLICY WORDING HOME INDEMNITY INSURANCE - WESTERN AUSTRALIA GLA RBUA HII WA 1115 Effective Date 01 November 2015 Welcome to the financial security provided by RBUA Home Indemnity Insurance - Western Australia
More informationUsing AWS in the context of Australian Privacy Considerations October 2015
Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview
More informationMISCELLANEOUS CONSULTANTS PROFESSIONAL INDEMNITY PROPOSAL FORM
MISCELLANEOUS CONSULTANTS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL A. Your Duty of Disclosure Before you enter into
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationHow does Barnes collect and hold personal information?
Barnes Mortgage Management Pty Ltd ACN 061 590 341 Australian Credit Licence 384 156 Ground Floor, 132 Lutwyche Road (Corner Nicholas Street), Windsor, QLD, 4030 Tel: 07 3622 2400 Fax: 07 3357 9436 Privacy
More informationDaltrak Building Services Pty Ltd ABN: 44 069 781 933. Privacy Policy Manual
Daltrak Building Services Pty Ltd ABN: 44 069 781 933 Privacy Policy Manual Table Of Contents 1. Introduction Page 2 2. Australian Privacy Principles (APP s) Page 3 3. Kinds Of Personal Information That
More informationMOTOR FINANCE GAP PROTECTION POLICY
MOTOR FINANCE GAP PROTECTION POLICY Product Disclosure Statement and Policy Wording Version No. 2.0 Effective Date: 3 November 2011 Issued by Chubb Insurance Company of Australia ABN 69 003 710 647, ASFL
More informationPRIVACY AND CREDIT REPORTING POLICY
PRIVACY AND CREDIT REPORTING POLICY 12 March 2014 CONTENTS What is personal information?...3 Information we may collect, use and disclose about you...4 Collection of sensitive information...6 How personal
More informationWHAT KIND OF PERSONAL INFORMATION DOES NINE COLLECT AND HOW DOES NINE COLLECT IT?
Privacy Policy Nine Network Australia Pty Ltd (Nine) understands that privacy is important to our viewers, business contacts, and people who appear in our television programs. At Nine we are committed
More informationASPEN AUSTRALIA BRANCH PRIVACY POLICY
ASPEN AUSTRALIA BRANCH PRIVACY POLICY INTRODUCTION This policy applies to the operations of Aspen s Australia branch. Aspen is committed to complying with the principles of the Privacy Act 1988 and accordingly
More information3 What Personal Information do we collect and why do we need it?
Privacy Policy 1 Protecting your privacy The worldwide rental system operated as Europcar is owned by Europcar International, a French Corporation. A number of independently owned licensees also trade
More informationAusgrid Privacy Policy
Ausgrid Privacy Policy Ausgrid is responsible for the safe and reliable supply of electricity to homes and businesses throughout Sydney, the Hunter and the Central Coast. Its network is made up of more
More informationSOLICITORS EXCESS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL
SOLICITORS EXCESS PROFESSIONAL INDEMNITY PROPOSAL FORM IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS PROPOSAL A. Your Duty of Disclosure Before you enter into an insurance
More informationPrivacy business resource 3
Privacy business resource 3 June 2013 Credit reporting what has changed As part of the reforms to the Privacy Act 1988 (Privacy Act), credit reporting in Australia is regulated by a new Part IIIA. 1 The
More informationPrivacy Policy Statement
Privacy Policy Statement Our Commitment While information is the foundation for providing you with superior service, protecting the privacy of your personal information is of the highest importance to
More informationThe kinds of personal information we collect and hold vary depending on the services we are providing, but generally can include:
ABN 47 001 768 190 AFSL 244526 Our Privacy Policy At Capital Insurance Brokers, we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian
More informationMasterpiece Signature Personal Insurance
Masterpiece Signature Personal Insurance Supplementary Product Disclosure Statement Issued 11 May 2015 This is a Supplementary Product Disclosure Statement (SPDS) which provides information about important
More informationGuidance Note AGN 520.1
Guidance Note AGN 520.1 Fit and Proper Requirements Definition of a responsible person 1. The definitions of responsible persons cover those persons whose conduct is most likely to have significant implications
More informationZinc Recruitment Pty Ltd Privacy Policy
1. Introduction Zinc Recruitment Pty Ltd Privacy Policy We manage personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles. This policy applies to information collected
More informationMercedes-Benz Financial Services. Privacy Statement
Mercedes-Benz Financial Services Privacy Statement Privacy Statement Mercedes-Benz Financial Services Australia Pty Ltd A Daimler Company We, Mercedes-Benz Financial Services Australia Pty Ltd ( MBFS )
More informationFinancial Planning 1 July 2014
Financial Planning 1 July 2014 Privacy Statement Equip Financial Planning 1800 065 753 www.equipsuper.com.au Privacy Statement Equip Financial Planning provides financial advice to clients and holds personal,
More informationCatalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.
PRIVACY POLICY 1. Introduction Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. We will only collect information that
More informationNAB Commercial Cards Liability Insurance
NAB Commercial Cards Liability Insurance Policy Information Booklet Preparation date: 13 May 2014 Effective date: 1 June 2014 QM5030 0614 Contents Important Information 2 Details of the Insurance 3 Sanctions
More informationData protection issues on an EU outsourcing
Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process
More informationCredit Reporting and Credit Related Personal Information Policy. Corporate Legal Procedure
Credit Reporting and Credit Related Personal Information Policy Corporate Legal Procedure TABLE OF CONTENTS 1. Purpose... 3 2. Acknowledgment... 3 3. The kind of Credit Information we will collect and
More informationFISHER & PAYKEL PRIVACY POLICY
FISHER & PAYKEL PRIVACY POLICY 1. About this Policy Fisher & Paykel Australia Pty Limited (ABN 71 000 042 080) and its related companies ('we', 'us', 'our') understands the importance of, and is committed
More informationOverview of the Impact of the Privacy Reforms on Credit Reporting
Overview of the Impact of the Privacy Reforms on Credit Reporting June 2012 Andrew Galvin, Partner 1 OVERVIEW 1.1 Credit Reporting Reform - Background When initially passed, the Privacy Act 1988 essentially
More informationCREDIT REPORTING AND CREDIT RELATED PERSONAL INFORMATION POLICY
Purpose CREDIT REPORTING AND CREDIT RELATED PERSONAL INFORMATION POLICY This is the privacy policy of Southern Steel Group Pty Limited ACN 003 067 838, Southern Steel Supplies Pty Limited ACN 000 060 131,
More informationCommunity Telco Credit Management Policy
Community Telco Australia Pty Ltd PO Box 1187 Bendigo VIC 3552 Telephone 1300 743 303 Facsimile 1300 224 569 email address: service@communitytelco.com.au web address: www.communitytelco.com.au Community
More informationcommunications between us and your financial, legal or other adviser, or your broker or agent;
Privacy policy Updated: 25 June 2014 This Privacy Policy applies to information collected by 255 Finance Pty Ltd ABN 23 168 112 507 and its related bodies corporate ( 255 Finance or we ). This policy outlines
More informationTerm Life Insurance Notice of Claim
How to help us process your claim Checklist Before submitting your claim form, make sure you can tick all the boxes below: Section A: Insured s/deceased s details Section B: Your details Section C: Family
More informationNASH PKI Certificate for Healthcare Provider Organisations renewal confirmation
NASH PKI Certificate for Healthcare Provider Organisations renewal confirmation Please send your completed renewal confirmation to: Department of Human Services Fax number: 1800 890 698 Number of pages
More informationLAUW Cyber erisks. SME Questionnaire. www.lauw.com.au
LAUW Cyber erisks SME Questionnaire Please only complete this Questionnaire if the Proposers annual gross revenue is less than $25m and they require limits of indemnity up and including $2m. If the Proposer
More informationThe Cloud and Cross-Border Risks - Singapore
The Cloud and Cross-Border Risks - Singapore February 2011 What is the objective of the paper? Macquarie Telecom has commissioned this paper by international law firm Freshfields Bruckhaus Deringer in
More informationThe Privacy Act 1988 contains 10 National Privacy Principles (the NPPs) which specify how organisations should handle personal information.
Privacy policy Abstract Page 1 Preamble The Privacy Act 1988 contains 10 National s (the NPPs) which specify how organisations should handle personal information. The Anglican Church Diocese of Sydney
More informationPRIVACY NOTICE AND CONSENT
Australian Credit Licence Number 387406 PRIVACY NOTICE AND CONSENT This privacy notice and consent relates to an application (the application) you make to a mortgage manager for a loan (your loan) or in
More informationCloud Computing. Introduction
Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between
More informationFOREIGN LAWYERS AND THE PRACTISE OF FOREIGN LAW IN AUSTRALIA
FOREIGN LAWYERS AND THE PRACTISE OF FOREIGN LAW IN AUSTRALIA AN INFORMATION PAPER LAW COUNCIL OF AUSTRALIA Disclaimer This information paper has been prepared by the Law Council of Australia with the aim
More informationAustralian Prudential Regulation Authority. Protecting Australia s depositors, insurance policyholders and superannuation fund members
Australian Prudential Regulation Authority Protecting Australia s depositors, insurance policyholders and superannuation fund members APRA s vision is to be a world-class integrated prudential supervisor
More informationDRAFT AUSTRALIAN PRIVACY PRINCIPLES GUIDELINES 6-11
The Privacy Commissioner Office of the Australian Information Commissioner GPO Box 5218 SYDNEY NSW 2001 By email: consultation@oaic.gov.au 21 October 2013 Dear Commissioner DRAFT AUSTRALIAN PRIVACY PRINCIPLES
More informationAUSTRALIA S NEW PRIVACY LAWS - WHAT LAWYERS NEED TO KNOW ABOUT THEIR OWN PRACTICES
AUSTRALIA S NEW PRIVACY LAWS - WHAT LAWYERS NEED TO KNOW ABOUT THEIR OWN PRACTICES http://www.lawcouncil.asn.au The Privacy Commissioner has welcomed the Law Council s initiative in producing this overview.
More informationThis policy applies to all individuals that provide Leading Age Services Australia Victoria (LASA Victoria) with their personal information.
The purpose of this policy This policy applies to all individuals that provide Leading Age Services Australia Victoria (LASA Victoria) with their personal information. What personal information do we collect?
More informationWestpac Business Debit MasterCard Application
Westpac Business Debit MasterCard Application Westpac Banking Corporation ABN 33 007 457 141 AFSL and Australian credit licence 233714 In order to apply for a Westpac Business Debit MasterCard, the following
More informationANZ Privacy Policy PROTECTING YOUR PRIVACY 07.15
ANZ Privacy Policy PROTECTING YOUR PRIVACY 07.15 Contents Introduction to ANZ s Privacy Policy 4 Collecting your personal information 6 Using your personal information 9 Disclosing your personal information
More informationInsurance Law Reforms and Requirements for Direct Offshore Foreign Insurers ("DOFIs")
Insurance Law Reforms and Requirements for Direct Offshore Foreign Insurers ("DOFIs") The Clayton Utz contact for this document is Fred Hawke, Partner Clayton Utz Lawyers Level 18 333 Collins Street Melbourne
More information(a) the kind of data and the harm that could result if any of those things should occur;
Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data
More informationPrivacy, the Cloud and Data Breaches
Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global
More informationGuidelines approved under Section 95A of the Privacy Act 1988. December 2001
Guidelines approved under Section 95A of the Privacy Act 1988 December 2001 i Commonwealth of Australia 2001 ISBN Print: 1864961074 Online: 1864961139 This work is copyright. Apart from any use as permitted
More informationAustralian Privacy Principle 7 direct marketing
Australian Privacy Principle 7 direct marketing Chapter 7 Draft version, September 2013 Key points... 2 What does APP 7 say?... 2 What is direct marketing?... 3 When are agencies covered by APP 7?... 4
More informationCredit Reporting Data Management Policy
Credit Reporting Data Management Policy TDJ Australia Pty Ltd ACN 006 385 191(collectively, TDJ, we, our or us ) is committed to the protection of personal privacy within the scope of applicable law. This
More informationACE Insurance Limited ELITE II PROFESSIONAL INDEMNITY INSURANCE POLICY
ELITE II PROFESSIONAL INDEMNITY INSURANCE POLICY Renewal Proposal Form - Miscellaneous ABN 23 001 642 020 AFSL 239687 Page 1 of 8 ACE ELITE II PROFESSIONAL INDEMNITY INSURANCE RENEWAL PROPOSAL FORM Miscellaneous
More informationCoffey International Limited Privacy Policy. July 2014
Coffey International Limited Privacy Policy July 2014 Privacy Policy 1. Introduction Coffey International Limited and its related bodies corporate (we, our, us) recognise your rights under the Privacy
More informationInformation Sheet: Cloud Computing
info sheet 03.11 Information Sheet: Cloud Computing Info Sheet 03.11 May 2011 This Information Sheet gives a brief overview of how the Information Privacy Act 2000 (Vic) applies to cloud computing technologies.
More informationNATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH
NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH Council of Australian Governments An agreement between the Commonwealth of Australia and the States and Territories, being: The State of New South Wales The State
More informationPrivacy Policy Fletcher Building Limited and Fletcher Building (Australia) Pty Ltd
Privacy Policy Privacy Policy Fletcher Building Limited and Fletcher Building (Australia) Pty Ltd What is this privacy policy about? This Privacy Policy describes how Fletcher Building Limited and Fletcher
More informationFINANCIAL SERVICES GUIDE
FINANCIAL SERVICES GUIDE Short Form What you need to know about KNM, our Authorised Representatives and our Financial Services Contents The purpose of this Guide Who is KNM? Who is your adviser? KNM Services
More informationclear Retail and Business Banking Financial Services Guide, Credit Guide and Privacy Statement
clear Retail and Business Banking Financial Services Guide, Credit Guide and Privacy Statement Preparation Date: 12 January 2015 Westpac Banking Corporation ABN 33 007 457 141 AFSL and Australian credit
More informationChapter 7: Australian Privacy Principle 7 Direct marketing
Chapter 7: APP 7 Direct marketing Version 1.0, February 2014 Chapter 7: Australian Privacy Principle 7 Direct marketing Version 1.0, February 2014 Key points... 2 What does APP 7 say?... 2 Direct marketing...
More informationFINANCIAL LINES ACE ELITE PLUS MANAGEMENT LIABILITY INSURANCE
FINANCIAL LINES ACE ELITE PLUS MANAGEMENT LIABILITY INSURANCE 00 The ACE Elite Plus Management Liability policy features coverage and benefits designed to address the serious risks confronting private
More information2015 Commonwealth Bank Staff Community Fund Community Grants Grant Guidelines
2015 Commonwealth Bank Staff Community Fund Community Grants Grant Guidelines This document ( Guidelines ) sets out the application process for organisations wishing to apply to take part in the 2015 Commonwealth
More informationData controllers and data processors: what the difference is and what the governance implications are
ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a
More informationPacific Smiles Group Privacy Policy
Pacific Smiles Group Privacy Policy Pacific Smiles Group Limited and its related bodies corporate (PSG, we, our, us) recognise the importance of protecting the privacy and the rights of individuals in
More informationPublic Liability Insurance
Public Liability Insurance Claim Form Claim Number (office use only) How to Get Quick Action on Your Claim Catholic Church Insurance Limited will act on your claim as soon as we receive this form. You
More informationAISA Position Statement: Mandatory Data Breach Notification in Australia
AISA Position Statement: Mandatory Data Breach Notification in Australia Overview Although AISA members are broadly in support of mandatory data breach notification in Australia they have a number of concerns
More informationBRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
More informationPostcode: Postcode: Australia Business Number (ABN):
New client form Name of your AJ Park contact: Account name: Trading name: Full name of contact person: Mobile: Street address: Postcode: Postal address (if different from street address): Postcode: Phone:
More informationCaptain Compare Privacy Policy
Captain Compare Privacy Policy This Privacy Policy contains important information about the type of personal information we collect from you on the Captain Compare website (www.captaincompare.com.au) (Website),
More informationDraft Australian Privacy Principles (APP) Guidelines first tranche
The Association of Superannuation Funds of Australia Limited ABN 29 002 786 290 ASFA Secretariat PO Box 1485, Sydney NSW 2001 p: 02 9264 9300 (1800 812 798 outside Sydney) f: 1300 926 484 w: www.superannuation.asn.au
More informationCREDIT GUIDE. We are not required to provide you a copy of our assessment if we do not enter into a contract with you.
Harmoney Australia Limited ABN 12 604 342 823 Unit 389, 4 Young Street Neutral Bay, NSW 2089 CREDIT GUIDE Welcome! Your credit provider is Harmoney Australia Limited (ABN 12 604 342 823) Australian Credit
More informationHume Bank Limited Privacy Policy
Hume Bank Limited Privacy Policy Hume Bank Limited (ACN 051 868 556) ('we', 'us', 'our') is subject to the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles and Part IIIA
More informationPRIVACY POLICY. Unless otherwise provided by law, we will not collect, hold, use or disclose sensitive information without your consent.
Purpose Australian Institute of Professional Education P/L (AIPE/we/our) is committed to providing all stakeholders with the highest levels of professional service. The purpose of this Privacy Policy is
More informationPRIVACY POLICY NEXT BUSINESS ENERGY PTY LIMITED ABN 91 167 937 555
PRIVACY POLICY NEXT BUSINESS ENERGY PTY LIMITED ABN 91 167 937 555 TABLE OF CONTENTS 1. INTRODUCTION 3 2. HOW WE COLLECT YOUR PERSONAL INFORMATION 3 3. TYPES OF INFORMATION WE COLLECT 4 4. HOW WE USE THE
More information