At the start of this year, the Office of the Australian Information Commissioner (OAIC) commenced its first-ever compliance sweep of privacy policies to ensure they comply with the Australian Privacy Principles (APPs). Whether your business will be part of this compliance sweep or not, you should review your privacy policies and ensure that they are up to date and compliant with the APPs.
Tag: Privacy & Data Protection
Our latest news and insights
A collection of articles, case studies and media releases highlighting the latest in legal news and at Rigby Cooke Lawyers.
iiNet Cyber Attack — your business reminder to avoid and prepare for a data breach
In August, Australia’s second-largest internet provider iiNet announced a cybersecurity attack had occurred, exposing the email addresses and phone numbers of hundreds of thousands of its customers. While this was a terrible incident for the customers involved, it serves as a reminder to other businesses of the need to prevent and be prepared for data breaches.
Businesses beware — individuals can now claim damages for a serious invasion of privacy
In late 2024, the Privacy and Other Legislation Amendment Act 2024 (Cth) introduced a new statutory tort for serious invasion of privacy. This development marks a significant evolution in the Australian privacy law legal landscape, providing individuals with a clear and actionable right to seek redress for serious breaches of their privacy. It reflects growing public concern over personal information misuse and affirms the importance and value placed on privacy protection.
In this article, we explain the elements of the new tort of the serious invasion of privacy, the defences available for defendants and the damages available to complainants.
Updates to the Privacy Act and Australian Privacy Principles
On 10 December 2024, the Privacy and Other Legislation Amendment Act 2024 (Cth) received Royal Assent introducing significant amendments to the Privacy Act 1988 (Cth) (Privacy Act) and the Australia Privacy Principles (APPs).
Is your Brand fully protected?
All too often, we come across situations where businesses fail to properly protect their brands which include trading names and logos.
Myth v Fact – When we share our customers’ personal information with our contractors, their handling practices are not our problem
Turn your mind to the other businesses with which you share personal information – they may be based in Australia or overseas, they may receive personal information about a single customer (for example, to facilitate delivery of an order), or whole databases (for example, to carry out marketing campaigns or store your CRM).
Myth v Fact – We don’t collect sensitive information, so we don’t need to worry
It is a common misconception that ‘personal information’ is a reference to sensitive information like health, medical or financial information. This is not true. Personal information captures any information about an identifiable person.
Data Breach – the first “Class Action” complaint made against Optus
- Many Australian businesses must disclose when they have been affected by a data breach
- While reputational damage is a critical risk for businesses, there is also the threat of monetary penalties of up to $2.1 million and orders of uncapped compensation
- A representative complaint – similar to a class action – has been made against Optus on behalf of a group of individuals affected by an alleged breach in 2019.