We made the 2022 AFR BOSS Best Places to Work list! Click here to learn more

Privacy Act – Mandatory Regulatory Reporting | February 2018

s out the rules that must be followed when a business deals with personal information. It sets out the circumstances under which you can collect personalThe Privacy Act set information, what personal information you actually may gather, how you use that information and ensure that a person can access their personal information. In particular, the Privacy Act requires that all personal information be protected from non-approved use or disclosure, meaning that you have the obligation to protect the personal information you hold from inappropriate access and use. For example, this means that you need to secure hard copy files, and ensure electronic data is protected from both internal and external misuse, such as cyber-attacks.

Up until now, if there has been a breach of the Privacy Act requirements, entities were required to manage remedy these but there was no formal reporting process of material privacy breaches to the regulator, the Privacy Commissioner. Voluntary reporting was encouraged and a number of matters were reported, most often resulting in public knowledge of the breach – you probably have heard about the breach by the Red Cross Blood Service or Ashley Madison.

From 22 February 2018, there will be mandatory reporting of ‘eligible data breaches’ via the Notifiable Data Breaches scheme. The following are considered to be eligible data breaches requiring reporting:

  • There has been unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an entity holds
  • This is likely to result in serious harm to one or more individuals, and
  • The entity has not been able to prevent the likely risk of serious harm with remedial action.

Any potential eligible data breach must be assessed as soon as practicable. Where an eligible data breach is identified, the entity must notify the Privacy Commissioner, and communicate with the individuals potentially impacted.

Obviously, the aim is to prevent privacy breaches, ultimately we all want to ensure that our personal information and that of our clients is secure. In recent times, cyber security has become a major concern for many businesses and it is essential that you take the appropriate steps to keep your electronic data safe as cyber-attacks have become a fact of life.

If you become aware of any potential breach, it is essential that you contact Partners SMSF Advice immediately so we can assess the situation and ensure appropriate reporting where this should be required. We will work with you to evaluate what has occurred and agree on the steps required to resolve the matter where this is relevant.

If you require further information on the Privacy Act requirements in general, please refer to the Partners SMSF Advice Privacy Policy.

If you have any questions about this article, please contact Partners SMSF Advice or call 1800 333 143.

This article contains information that is general in nature. It does not take into account the objectives, financial situation or needs of any particular person. You need to consider your financial situation and needs before making any decisions based on this information.

Related News