Outsourcing and the new Australian privacy law
By Alec Christie and Rose Bollard
As part of our contribution to DLA Piper’s Global Sourcing Reference Guide, we have developed an Australian-specific alternative chapter on data protection, which was designed to assist organisations operating in Australia with their new privacy responsibilities.
In Australia, all Australian Privacy Principles (APP) entities that collect, use or disclose personal information must, under the Privacy Act 1988 (Cth), take reasonable steps to protect the information from misuse, interference, loss, unauthorised access, modification and disclosure. If an APP entity discloses or outsources the handling of personal information to another APP entity (i.e. a service provider in Australia), there is no specific requirement for the disclosing APP entity to ensure that the service provider complies with Australian privacy law because the service provider is already subject to Australian privacy law. However, the disclosing APP entity’s obligations to protect the information will extend to carrying out some due diligence to ensure that it selects a service provider (even one in Australia) that has compliant privacy practices and processes.
If an APP entity discloses personal information to a foreign service provider (i.e. an overseas recipient), it must take reasonable steps to ensure that the overseas recipient will not breach the APP in relation to the information disclosed and the disclosing APP entity will remain responsible for ensuring that the overseas recipient handles the information in accordance with Australian privacy laws, unless the APP entity obtains the informed consent of the relevant individuals to their information being disclosed to the overseas recipients. However, the disclosing APP entity is not required to take these steps if the overseas recipient is subject to privacy laws and access to a complaints/determination system that are similar to those in Australia (or another of the limited exceptions applies). In practice, currently, this would be limited to disclosure to a recipient in the EU…
Click on the link below to read the rest of the DLA Piper briefing.
Sign in or Register to continue reading this article
It's quick, easy and free!
It takes just 5 minutes to register. Answer a few simple questions and once completed you’ll have instant access.Register now
Why register to The Lawyer
In-depth, expert analysis into the stories behind the headlines from our leading team of journalists.
Identify the major players and business opportunities within a particular region through our series of free, special reports.
Receive your pick of The Lawyer's daily and weekly email newsletters, tailored by practice area, region and job function.
More relevant to you
To continue providing the best analysis, insight and news across the legal market we are collecting some information about who you are, what you do and where you work to improve The Lawyer and make it more relevant to you.
News from DLA Piper
News from The Lawyer
Briefings from DLA Piper
The Australian Taxation Office released a draft ruling on the Goods and Services Tax treatment of bitcoin transactions on 20 August 2014.
DLA Piper’s ‘Life sciences: patent extension strategies and antitrust global update’ video covers global antitrust and competition issues including product hopping and reverse payment patents.
Analysis from The Lawyer
Regulators are ramping up the pressure in the aftermath of recession, leaving firms to compete for compliance and restructuring work
Shearman & Sterling is making its presence felt in the City, squaring up to magic circle firms and looking to muscle in on key relationships. Private equity house Bridgepoint is one outfit that has had its head turned by the US firm.