Most businesses think that being privacy compliant means having an up-to-date privacy policy. It goes further than this. Understanding the privacy requirements and how they apply to your business is the first step to ensuring compliance.


Does your organisation have a turnover of greater than $3 million? Subject to some important exceptions, $3 million is the threshold for compliance with the Privacy Act. Entities that are required to comply with the Privacy Act are called APP Entities.
Has your privacy policy been reviewed or updated since 2014? If not, it will most likely not comply with the Commonwealth Privacy Act and the Australian Privacy Principles.
Does your privacy policy refer to the NPPs? If yes, it is outdated and must be reviewed.
Is your organisation customer-focused and does it handle a lot of personal information about your customers? The Australian Privacy Principles impose an additional requirement on entities that collect personal information to take reasonable steps to notify the individual of certain matters about the collection at the time the personal information is collected. APP Entities must have a Collection Notice.
Do you provide a health service or otherwise handle sensitive information (such as health information about an individual)? Your organisation must comply with the Privacy Act, regardless of its turnover.

Your employees need to know the difference between personal and sensitive information (and why it matters).

Do you understand how the requirements of the new Notifiable Data Breaches (NDB) scheme apply to your organisation and what you should be doing to comply? The NDB scheme requires APP Entities to report certain privacy breaches to the Privacy Commissioner and affected individuals. Your organisation must be prepared to act quickly if it is faced with a breach, or suspects that a breach has occurred.

Your business may be at risk of non-compliance with the Privacy Act 1988 (Cth), the associated Australian Privacy Principles (APPs) and other state based privacy laws.

Complimentary privacy consultation*

Rigby Cooke Lawyers appreciate that ‘privacy’ can be somewhat of an elusive concept to clients, and as such we are offering businesses a free one-hour privacy risk consultation*. It’s a good time to rethink your business’ privacy governance and ensure you comply with all Australian regulatory requirements, while also respecting the rights and privacy of clients, contacts and employees.

To book your consultation, email us now.

*Subject to limited availability.


Prior to the consultation, we will advise you of the documents you will be required to provide in order for us to conduct a review, such as your existing privacy policy and collection notice.


The consultation will be conducted at our office in the Melbourne CBD. The focus of this face-to-face session is ‘Understanding your privacy requirements’.

The free ‘privacy health check’ for businesses will identify privacy risk-related problems and give you an understanding of what’s involved in solving any issues we uncover. We will:

  • provide an overview of Australian privacy legislation (focusing on the Commonwealth Privacy Act)
  • gain an understanding of the functions and activities of your organisation, and how you interact with personal information, to ascertain whether your organisation is bound by the Privacy Act or other state-based privacy legislation
  • identify the points at which privacy compliance issues arise (eg. when information is collected, when it is used or disclosed, how it is stored and destroyed or de-identified)
  • understand the privacy policies and procedures currently in place in your organisation
  • obtain a copy of your privacy policy, collection notice and any other relevant documentation to ascertain any specific privacy concerns your organisation may have


After the meeting, we will send you:

  • a summary of how your organisation’s documents and practices can be improved
  • the scope of work required to remedy the defects

If you choose to further act on some or all of the suggested improvements, our experts can tailor a package to draft or advise on your corporate privacy policies and operational documents, such as collection notices.

We can also assist with Office of the Australian Information Commissioner or Privacy Commissioner investigations, audits, and compliance issues.

Book now

To register your interest in a privacy consultation, please call Emma Simpson on +61 3 9321 7805 or email us.