Privacy Act

Uber breaches Australian privacy laws

The recent decision by the Australian Information Commissioner and Privacy Commissioner, Angele Falk, (Commissioner) in Commissioner Initiated Investigation into Uber Technologies, Inc. & Uber B.V. (Privacy) [2021] AICmr 34 (Uber) has provided further guidance as to exactly who is bound by the Privacy Act 1988 (Cth) (Act) though the ‘Australian link’ set out in subsections 5B(2)-(3) (Australian Link).  A full breakdown of what amounts to an Australian Link can be viewed in another article here.  This article discusses the Australian Privacy Principles (APPs) that were breached by Uber and what was decided the ride-sharing entity was to do in response to non-compliance with the Act. [Read more…]

International companies can be bound by Australian privacy laws

The recent determination by the Australian Information Commissioner and Privacy Commissioner, Angele Falk, (Commissioner) in Commissioner Initiated Investigation into Uber Technologies, Inc. & Uber B.V. (Privacy) [2021] AICmr 34 (Uber) provides further guidance on the extraterritorial connection of the Privacy Act 1988 (Cth) (Act) though the ‘Australian link’ set out in subsections 5B(2)-(3) (Australian Link).  This article discusses how the Office of the Australian Information Commissioner (OIAC) will assess whether an entity has an Australian Link to legally bind international entities to the Act. [Read more…]

OAIC Notifiable Data Breaches report – July 2020

The Notifiable Data Breaches (NDB) scheme was established to improve consumer protection and promote better security standards to safeguard personal information in Australia.  The NDB scheme applies to all agencies and organisations who are protected by the Privacy Act 1988 (Cth) (Act) and required to take personal steps to secure personal information.

The Australian Information Commissioner (OAIC) publishes reports on notifications received under the NDB scheme to track the leading causes and sources of data breaches, and to draw attention to potential issues and areas that entities regulated under the Act need to have ongoing awareness of.  This article summarises the findings of the NDB Report for the period from 1 January to 30 June 2020. [Read more…]

Software as a Service agreements revisited

Offering software as a cloud-base software solution is important in this ever-increasing cloudy environment.  In a previous article we discussed the legal considerations for those commercialising a software as a service agreement (SaaS Agreement) as a business model.  Below we revisit SaaS Agreements and set out key issues to consider when going to market. [Read more…]

What is a data breach response plan and how do I get one?

On 23 February 2018 the notifiable data breach scheme (Scheme) was enacted, through legislation amending the Privacy Act 1988 (Cth) (Privacy Act), making it mandatory for certain (eligible) entities to notify affected individuals about eligible data breaches.  In talking to clients in this area, there appears to be some confusion about what an eligible organisation has to do to prepare for this. [Read more…]

Notifiable Data Breach Scheme commences 23 Feb 2018

As of 23 February 2018 a new notifiable data breach scheme (Scheme) will be enacted through legislation amending the Privacy Act 1988 (Cth) (Privacy Act) making it mandatory for certain entities to notify affected individuals about eligible data breaches.

[Read more…]

The Meaning of Personal Information

In the recent case of The Privacy Commissioner v Telstra Corporation Limited [2017] FCAFA 4, the question was raised as to whether the words “personal information” had any bearing on what information an individual could request from an organisation under the Privacy Act 1988 (Cth) (Act). [Read more…]

Privacy determination –Sensitive Information held in garden shed

The Privacy Commissioner, Timothy Pilgrim, has found that a Melbourne medical centre has breached the Privacy Act 1988 (Cth) (Privacy Act) in failing to provide adequate security to protect Sensitive Information contained in medical information. The breach occurred before the Australian Privacy Principles (APPs) took effect and therefore the medical centre was found to have breached the National Privacy Principles (NPPs).

[Read more…]

Send this to a friend