data breach, personal information, Privacy Week, Working From Home, Myths V Facts, Data Breach, Personal information

Myth v Fact – When we share our customers’ personal information with our contractors, their handling practices are not our problem

21 May 2020

Turn your mind to the other businesses with which you share personal information – they may be based in Australia or overseas, they may receive personal information about a single customer (for example, to facilitate delivery of an order), or whole databases (for example, to carry out marketing campaigns or store your CRM).

The threshold issue to consider is whether you are permitted to share that personal information with that specific third party. This requires an examination of the reasons for the disclosure in the context of your privacy policy, collection notice and the applicable Australian privacy laws.

If you do share personal information about your clients or customers with parties in Australia, you may not be directly responsible for their handling of that information provided you were permitted to disclose the information in the first place. But, that party’s handling of the personal information may have flow on effects that cause you to be in breach of your obligations. When a data breach occurs, often more than one business is impacted.

However, if you share personal information with overseas-based businesses (such as outsourced administration service providers or database or software hosts), your business may be responsible for the personal information handling practices of these businesses.

It is critical to have in place appropriate privacy policies and robust contracts with contractors and third parties that impose strict privacy and confidentiality obligations on those parties.

Implementing these arrangements is not onerous. In fact, in an era where privacy is at the forefront of everyone’s mind, it is expected.

Contact our Privacy & Data Protection team to assist you to manage these risks.

Disclaimer: This publication contains comments of a general nature only and is provided as an information service. It is not intended to be relied upon as, nor is it a substitute for specific professional advice. No responsibility can be accepted by Rigby Cooke Lawyers or the authors for loss occasioned to any person doing anything as a result of any material in this publication.

Liability limited by a scheme approved under Professional Standards Legislation.

©2020 Rigby Cooke Lawyers