Privacy & Compliance

In the digital age, the protection of individuals’ data and compliance with the privacy requirements of the Australian Privacy Principles is more important than ever.

Customers expect that the personal information which they share with you will be protected, and we can help you live up to these expectations.

Privacy is an important consideration for all Australian businesses, not just larger organisations. Every business will collect and store data of its customers and most must comply with the privacy law in how they handle that information.

At Meyer Vandenberg, we have experience helping businesses of all sizes to put in place policies and procedures designed to ensure full compliance. We actively monitor any developments in this area so that we can provide relevant and up-to-date advice and assistance.

What we do

We can assist you with your privacy compliance by:

  • Drafting a privacy policy appropriate for your business and compliant with the Australian Privacy Principles, or reviewing your existing policy for an update;
  • Preparing notification to affected individuals and the Office of the Australian Information Commissioner in the event of a data breach;
  • Assisting to prepare a data breach response policy;
  • Advising on liability and strategies in the event of a data breach, including future prevention; and
  • Advising on compliance with overseas privacy legislation for international businesses.

The MV difference

  • Meyer Vandenberg is an official OAIC Privacy Awareness Week Partner.
  • Our extensive experience with small and large businesses helps us to fully understand your organisation so that we can prepare a policy tailored for you.
  • We appreciate the sensitivity in this area when it comes to the personal information of individuals, and will advise appropriate steps in the event of any data breach.

FAQs

If you are an APP entity, you must comply with the Australian Privacy Principles. An organisation, which can be an individual (as sole trader), a partnership or a company, is an APP entity where it has annual turnover greater than $3,000,000 in a financial year.

Additionally, health service providers, businesses which collect or disclose personal information as part of their business and government agencies are also APP entities and must comply with the Australian Privacy Principles.

APP entities must have a privacy policy in line with the Australian Privacy Principles. This privacy policy includes details of what you may do with an individual’s personal information, whether it is stored overseas and how the individual may contact you in relation to it.

This is a new regime which came into effect on 22 February 2018 and requires organisations to inform their customers if they are affected by a data breach involving those customers’ personal information.

Previously, there was no obligation to inform of a breach, and individuals could be unaware of a breach long after it occurred. The intention was for more openness and transparency from these organisations and to give individuals the ability to take appropriate steps to protect themselves.

Non-compliance with the Australian Privacy Principles or the Privacy Act, or serious or repeated breaches of an individual’s privacy, can lead to significant fines.

An individual can be fined up to $420,000 and an organisation up to $2.1 million, so it is critical to ensure that you get proper policies and procedures in place.