THE PRIVACY ACT,
THE SPAM ACT
& “THE CLOUD” –
A BUSINESS LAWYER’S GUIDE
Presented by:
Tom Meagher
Director – Commercial La...
© Murfett Legal 2014
Tom Meagher | Director | Commercial Law
Tom has 25 years’ business experience; including working for ...
Disclaimer
• The information presented in this seminar is intended
only as a guide, as to the topic and the matters
discus...
Overview
© Murfett Legal 2014
• Privacy Act 1988 (Cth)
• Amendments to the Privacy Act 1988 (Cth)
• Australian Privacy Pri...
Privacy Act 1988 (Cth)
• Privacy Act regulates the handling of personal
information about individuals. This includes the
c...
Privacy Act 1988 (Cth) (cont.)
– allows the Information Commissioner to approve and register
enforceable APP codes that ha...
Who has responsibilities under the
Privacy Act?
• Australian and Norfolk Island Government agencies and
all businesses and...
Who has responsibilities under the
Privacy Act? (cont.)
© Murfett Legal 2014
– businesses that sell or purchase personal i...
Who has responsibilities under the
Privacy Act? (cont.)
© Murfett Legal 2014
• Others
– activities of reporting entities o...
Who has responsibilities under the
Privacy Act? (cont.)
© Murfett Legal 2014
– tax file numbers under the Tax File Number ...
Privacy Act 1988 (Cth) Amendments
• 12 March 2014 the Privacy (Enhancing Privacy
Protection) Act 2012 (Cth) took effect. I...
Privacy Act 1988 (Cth) Amendments
(cont.)
– Enhanced powers for the Office of the Australian Information
Commissioner (“OA...
Changes to Credit Reporting Laws
• What is the purpose of credit reporting?
– To balance protecting your personal informat...
Changes to Credit Reporting Laws (cont.)
– A requirement for credit providers to be a member of an external
dispute resolu...
Australian Privacy Principles (“APP”)
• There are 13 Australian Privacy Principles (“APP”) that
apply to the handling of p...
Australian Privacy Principles (“APP”)
(cont.)
• APP 1 – open and transparent management of personal
information
• APP 2 – ...
Australian Privacy Principles (“APP”)
(cont.)
• APP 9 – adoption, use or disclosure of government
related identifiers
• AP...
Spam Act 2003 (Cth)
• The purpose of the Spam Act was developed in
response to the problems caused by the growing volume
o...
Spam Act 2003 (Cth) (cont.)
• The Australian Communications and Media Authority is
responsible for enforcing the provision...
Spam Act 2003 (Cth) (cont.)
• The Spam Act prohibits the sending of unsolicited
commercial electronic messages – known as ...
Spam Act 2003 (Cth) (cont.)
– advertises or promotes a supplier of goods, services, land or a
provider of business or inve...
Spam Act 2003 (Cth) (cont.)
• Messages covered by the Spam Act include:
– Email
– Short Message Service (SMS)
– Multimedia...
Social Media and
Spam Act 2003 (Cth)
• Facebook community standards
– Phishing and Spam
• We take the safety of our member...
Spam Act 2003 (Cth)
Steps to follow
• Step 1 – CONSENT
• Step 2 – IDENTIFY
• Step 3 – UNSUBSCRIBE
© Murfett Legal 2014
Spam Act 2003 (Cth)
STEP 1 - CONSENT
• Only send when you have consent
• Consent can either be
– Express; or
– Inferred
• ...
Spam Act 2003 (Cth)
STEP 1 – CONSENT (cont.)
• Inferred Consent
– The addressee has not directly instructed you to send th...
Spam Act 2003 (Cth)
STEP 1 – CONSENT (cont.)
• When an addressee has provided their address with the understanding that
it...
Spam Act 2003 (Cth)
STEP 1 – CONSENT (cont.)
• Examples that might suggest that a business, or other,
relationship exists ...
• If you are not sure if consent has been given, you should
seek confirmation from that addressee that you can send
commer...
• Include accurate information about the person and
business that is responsible for sending the commercial
electronic mes...
• You need to provide people the choice to opt out, or
unsubscribe, from your future commercial electronic
messages.
• Mus...
Spam Act 2003 (Cth)
PENALTIES
• Financial Penalties associated with a breach of the
Spam Act are substantial:
– May be sub...
© Murfett Legal 2014
Data / Hosting –
“The Cloud”
• New powers to the Office of the Australian Information
Commissioner (OAIC) to monitor how c...
Data / Hosting – “The Cloud” (cont.)
• The amendment makes clear that in the event of a privacy
complaint or breach of the...
Data / Hosting – “The Cloud”
(cont.)
• What is cloud computing?
– Web based email (such as Gmail and Hotmail) and social
n...
Data / Hosting – “The Cloud” and The
APP’s
• Agencies and businesses that deal with personal
information need to be mindfu...
Data / Hosting – “The Cloud” and The
APP’s (cont.)
– This can be done by appropriate contractual provisions. However, the
...
Data / Hosting – “The Cloud” and The
APP’s (cont.)
– APP11 requires an organisation to destroy or de-identify personally
i...
Data / Hosting – “The Cloud” – Practical
Ways to Address Privacy Obligations
• Businesses and agencies which rely on Cloud...
Data / Hosting – “The Cloud” – Practical
Ways to Address Privacy Obligations
– what privacy and other obligations the busi...
Data / Hosting – “The Cloud” – Practical
Ways to Address Privacy Obligations
• Ensure agreement places appropriate privacy...
Data / Hosting – “The Cloud” – Practical
Ways to Address Privacy Obligations
– security arrangements to ensure that all in...
Data / Hosting – “The Cloud”
Penalties
• OAIC will be able to hand out fines of up to $1.7m for any
organisation found to ...
Data / Hosting – “The Cloud”
Penalties (cont.)
• The fine was handed down because Telstra failed to comply
with security g...
© Murfett Legal 2013
THANK YOU!
tom@murfett.com.au
www.murfett.com.au
Seek professional, friendly legal advice so you
can make an informed decision
• Business /
Commercial Law
• Business
Struc...
Upcoming SlideShare
Loading in...5
×

Privacy Act, Spam Act and "the Cloud" seminar (May 2014)

388

Published on

If you are interested in how the newly amended Privacy Act and the current Spam Act may affect your business and marketing plans, and also how such applies if you do business in the "cloud", you engage in eCommerce or use data-hosting facilities, then this is for you.

Published in: Law, Technology, Economy & Finance
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
388
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Privacy Act, Spam Act and "the Cloud" seminar (May 2014)"

  1. 1. THE PRIVACY ACT, THE SPAM ACT & “THE CLOUD” – A BUSINESS LAWYER’S GUIDE Presented by: Tom Meagher Director – Commercial Law © Murfett Legal 2014 All rights reserved – no reproduction permitted
  2. 2. © Murfett Legal 2014 Tom Meagher | Director | Commercial Law Tom has 25 years’ business experience; including working for major national and local law firms, owning and managing IT businesses, and being a director and in-house counsel for a public company. Tom’s clients include a broad range of local and national businesses and organisations (including not-for-profit entities), accounting firms, financiers, lessors, finance brokers, financial advisers, franchisors, and high net-wealth families. Tom is also a regular presenter of seminars to various associations and professional bodies on a wide-range of business law topics. These include: The Tax Institute, Small Business Development Corporation, LegalWise, The Australian Institute of Conveyancers, Institute of Chartered Accountants of Australia, Law Society of WA, Institute of Public Accountants, National Electrical & Communications Association, Institute of Certified Bookkeepers, Mortgage & Finance Association of Australia, Stirling Business Enterprise Centre, Subiaco Business Association and Business Foundations Inc.
  3. 3. Disclaimer • The information presented in this seminar is intended only as a guide, as to the topic and the matters discussed. • This seminar is not legal advice and must not be relied on as such. • If you have a matter which relates to this seminar or you require legal advice, careful review and analysis of your matter’s particular facts, information and documents is required before proper legal advice can be given or applied to your matter. © Murfett Legal 2014
  4. 4. Overview © Murfett Legal 2014 • Privacy Act 1988 (Cth) • Amendments to the Privacy Act 1988 (Cth) • Australian Privacy Principles • Spam Act 2003 (Cth) • Data / Hosting – “The Cloud!”
  5. 5. Privacy Act 1988 (Cth) • Privacy Act regulates the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information, and access to and correction of that information. • The Privacy Act also: – Regulates the collection, storage, use disclosure, security and disposal of individuals’ tax file number. – permits the handling of health information for health and medical research purposes in certain circumstances, where researchers are unable to seek individuals' consent. © Murfett Legal 2014
  6. 6. Privacy Act 1988 (Cth) (cont.) – allows the Information Commissioner to approve and register enforceable APP codes that have been developed by an APP code developer, or developed by the Information Commissioner directly. – permits a small business operator, who would otherwise not be subject to the Australian Privacy Principles (APPs) and any relevant privacy code, to opt-in to being covered by the APPs and any relevant APP code. – allows for privacy regulations to be made. © Murfett Legal 2014
  7. 7. Who has responsibilities under the Privacy Act? • Australian and Norfolk Island Government agencies and all businesses and not-for-profit organisations with an annual turnover greater than $3 million have responsibilities under the Privacy Act subject to some exceptions. • As well some small business operators (organisations with a turnover of $3 million or less) are covered by the Privacy Act including: – private sector health service providers, including child care centres, private schools and private tertiary educational institutions. © Murfett Legal 2014
  8. 8. Who has responsibilities under the Privacy Act? (cont.) © Murfett Legal 2014 – businesses that sell or purchase personal information – credit reporting bodies – contracted service providers for a Commonwealth contract – employee associations registered or recognised under the Fair Work (Registered Organisations) Act 2009. – businesses that have opted-in to the Privacy Act – businesses prescribed by the Regulations.
  9. 9. Who has responsibilities under the Privacy Act? (cont.) © Murfett Legal 2014 • Others – activities of reporting entities or authorised agents relating to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and its Regulations and Rules – acts and practices to do with the operation of a residential tenancy database – activities related to the conduct of a protection action ballot • Specified persons – credit reporting information — including credit reporting bodies, credit providers (which includes energy and water utilities and telecommunication providers) and certain other third parties
  10. 10. Who has responsibilities under the Privacy Act? (cont.) © Murfett Legal 2014 – tax file numbers under the Tax File Number Guidelines – personal information contained on the Personal Property Securities Register – old conviction information under the Commonwealth Spent Convictions Scheme – ehealth record information under the Personally Controlled Electronic Health Records Act 2012 and Individual Healthcare Identifiers under the Healthcare Identifiers Act 2010
  11. 11. Privacy Act 1988 (Cth) Amendments • 12 March 2014 the Privacy (Enhancing Privacy Protection) Act 2012 (Cth) took effect. It was described as the biggest change to the Privacy Act in over 20 years. • The Privacy Act amendments include: – mandatory Australian Privacy Principles (APPs) - combines and replaces the National Privacy Principals and the Information Privacy Principals set out in the Privacy Act 1988 (Cth). – credit reporting provisions that apply to the handling of credit- related personal information that credit providers are permitted to disclose to credit reporting bodies for inclusion on individuals’ credit reports. © Murfett Legal 2014
  12. 12. Privacy Act 1988 (Cth) Amendments (cont.) – Enhanced powers for the Office of the Australian Information Commissioner (“OAIC”). – Recognising external dispute resolution schemes. – New provisions on codes of practice about information privacy (APP codes) and a code of practice for credit reporting (the CR code), including enabling the Information Commissioner to develop and register binding codes that are in the public interest. © Murfett Legal 2014
  13. 13. Changes to Credit Reporting Laws • What is the purpose of credit reporting? – To balance protecting your personal information with the need to credit providers to have enough information to help them decide whether or nor to give you credit. Such as a bank loan. • The Privacy Act now includes new credit reporting provisions including: – The introduction of more comprehensive credit reporting, a simplified and enhanced correction and complaints process – The introduction of civil penalties for breaches of certain credit reporting provisions © Murfett Legal 2014
  14. 14. Changes to Credit Reporting Laws (cont.) – A requirement for credit providers to be a member of an external dispute resolution scheme, recognised under the Privacy Act, to be able to participate in the credit reporting system © Murfett Legal 2014
  15. 15. Australian Privacy Principles (“APP”) • There are 13 Australian Privacy Principles (“APP”) that apply to the handling of personal information by most Australian and Norfolk Island Government agencies and some private sector organisations • This comprehensive set of APPs applies specifically to organisations that have an annual turnover greater than $3 million dollars and have direct sales to customers forming part of their business. © Murfett Legal 2014
  16. 16. Australian Privacy Principles (“APP”) (cont.) • APP 1 – open and transparent management of personal information • APP 2 – anonymity and pseudonymity • APP 3 – collection of solicited personal information • APP 4 – dealing with unsolicited personal information • APP 5 – notification of the collection of personal information • APP 6 – use or disclose of personal information • APP 7 – direct marketing • APP 8 – cross-border disclosure of personal information © Murfett Legal 2014
  17. 17. Australian Privacy Principles (“APP”) (cont.) • APP 9 – adoption, use or disclosure of government related identifiers • APP 10 – quality of personal information • APP 11 – security of personal information • APP 12 – access to personal information • APP 13 – correction of personal information © Murfett Legal 2014
  18. 18. Spam Act 2003 (Cth) • The purpose of the Spam Act was developed in response to the problems caused by the growing volume of unsolicited commercial electronic messages, or spam. • Spam threatens the viability and efficiency of electronic messaging. It damages consumer confidence, obstructs legitimate business activities and imposes many costs on users. • Preserves legitimate business communication activities and encouraging the responsible use of electronic messaging. © Murfett Legal 2014
  19. 19. Spam Act 2003 (Cth) (cont.) • The Australian Communications and Media Authority is responsible for enforcing the provisions of the Spam Act. • The National Office for the Information Economy is responsible for providing information and education material about the Spam Act during its implementation. © Murfett Legal 2014
  20. 20. Spam Act 2003 (Cth) (cont.) • The Spam Act prohibits the sending of unsolicited commercial electronic messages – known as spam – with an Australian link. • Spam Act defines a commercial electronic message as: – offers, advertises or promotes the supply of goods, services, land or business or investment opportunities – advertises or promotes a supplier of goods, services, land or a provider of business or investment opportunities – helps a person dishonestly obtain property, commercial advantage or other gain from another person • Spam Act defines a commercial message as: – offers, advertises or promotes the supply of goods, services, land or business or investment opportunities © Murfett Legal 2014
  21. 21. Spam Act 2003 (Cth) (cont.) – advertises or promotes a supplier of goods, services, land or a provider of business or investment opportunities – helps a person dishonestly obtain property, commercial advantage or other gain from another person • Spam Act defines an electronic message as ‘commercial’ by considering: – the content of the message – the way the message is presented – any links, phone numbers or contact information in the message that leads to content with a commercial purpose— as these may also lead the message to be defined as 'commercial' in nature © Murfett Legal 2014
  22. 22. Spam Act 2003 (Cth) (cont.) • Messages covered by the Spam Act include: – Email – Short Message Service (SMS) – Multimedia Message Service (MMS) – Instant Messaging (IM) • Messages not covered by the Spam Act are: – Non-electronic messages (such as ordinary mail, paper, flyers etc) – Voice to voice telemarketing – The majority of “pop up” windows that appear on the internet (they are usually an intrinsic part of a webpage that has been accessed, rather than a message sent to the recipient address); and – Messages without any commercial content that do no contain links or directions to a commercial website or location © Murfett Legal 2014
  23. 23. Social Media and Spam Act 2003 (Cth) • Facebook community standards – Phishing and Spam • We take the safety of our members seriously and work to prevent attempts to compromise their privacy or security. We also ask that you respect our members by not contacting them for commercial purposes without their consent. • Facebook Pages Term – III Page Features - A. Advertising on Pages • Third-party advertisements on Pages are prohibited, without our prior permission. © Murfett Legal 2014
  24. 24. Spam Act 2003 (Cth) Steps to follow • Step 1 – CONSENT • Step 2 – IDENTIFY • Step 3 – UNSUBSCRIBE © Murfett Legal 2014
  25. 25. Spam Act 2003 (Cth) STEP 1 - CONSENT • Only send when you have consent • Consent can either be – Express; or – Inferred • Express Consent – You have received specific consent from addressee. Examples include • The addressee has subscribed to your electronic advertising mailing list • The addressee has deliberately ticked a box consenting to receive messages or advertisements from you; or • The addressee has specifically requested such material from you over the telephone. © Murfett Legal 2014
  26. 26. Spam Act 2003 (Cth) STEP 1 – CONSENT (cont.) • Inferred Consent – The addressee has not directly instructed you to send them a message, but it is clear that there is a reasonable expectation that messages will be sent. – You may be able to reasonably infer consent after considering both the conduct of the addressee and their relationship with you. – Examples of where consent may be inferred are: • When purchasing goods or services an addressee has provided their electronic address in the general expectation that there will be follow-up communications © Murfett Legal 2014
  27. 27. Spam Act 2003 (Cth) STEP 1 – CONSENT (cont.) • When an addressee has provided their address with the understanding that it would be used in day-to-day transactions (such as online banking or business), and may be used for additional communications (for example notification of related services or products); • Online registration of a product or a warranty; • When an addressee conspicuously published their electronic address; • When an addressee has provided a business card containing their electronic address • Existing relationship – Possible for you to infer consent based on the status of your relationship with the addressee, as long as it is consistent with the reasonable expectations of the addressee, and their conduct. © Murfett Legal 2014
  28. 28. Spam Act 2003 (Cth) STEP 1 – CONSENT (cont.) • Examples that might suggest that a business, or other, relationship exists from which you may reasonably infer consent. – Shareholders – Contractors – Employers and employees – Bank account holders – Registered users of online services – Persons who have purchased goods or services which involves ongoing warranty and service providers – Professional association members – Bank account holders © Murfett Legal 2014
  29. 29. • If you are not sure if consent has been given, you should seek confirmation from that addressee that you can send commercial electronic messages to them. • Do not accept subscription by a third party on behalf of another. © Murfett Legal 2014 Spam Act 2003 (Cth) STEP 1 – CONSENT (cont.)
  30. 30. • Include accurate information about the person and business that is responsible for sending the commercial electronic message. • Accurate information included details that clearly identify your business (for example the business name) and details about how addressee may contact you. • Sender information must be reasonably likely to be accurate for a period of 30 days after the day on which you send your message. © Murfett Legal 2014 Spam Act 2003 (Cth) STEP 2– IDENTIFY
  31. 31. • You need to provide people the choice to opt out, or unsubscribe, from your future commercial electronic messages. • Must be clearly presented and easy to use. • Ensure that a functional unsubscribe facility is included in all your commercial electronic messages. • Deal with unsubscribe requests promptly. © Murfett Legal 2014 Spam Act 2003 (Cth) STEP 3– UNSUBSCRIBE
  32. 32. Spam Act 2003 (Cth) PENALTIES • Financial Penalties associated with a breach of the Spam Act are substantial: – May be subject to a Court imposed penalty of up to $220,000 for a single day’s contravention. If, after finding, the business contravenes the same provision, they may be subject to a penalty of up to $1.1 million. – The Spam Act specified a number of options that are available to enforce the legislation, depending on which is the most appropriate response to the contravention that has occurred. – The range of possible activities includes • Formal warnings • Infringement notices (similar to a speeding ticket) • Court action © Murfett Legal 2014
  33. 33. © Murfett Legal 2014
  34. 34. Data / Hosting – “The Cloud” • New powers to the Office of the Australian Information Commissioner (OAIC) to monitor how companies comply with the policy, which includes making sure companies are investing in new IT systems and staff training, and ensuring privacy complaints are handled in a timely, effective manner. • Affects all Australia-based organisations that store any personal data about their customers, including cloud and communications service providers. • Make explicitly clear whether that data is stored or processed outside of Australia, and all suppliers involved with that process – whether in or outside Australia – need to comply with those same policies. © Murfett Legal 2014
  35. 35. Data / Hosting – “The Cloud” (cont.) • The amendment makes clear that in the event of a privacy complaint or breach of the principles, even if it was, say, the US subsidiary or home office’s fault, legal fault still lies with the Australian company. Or if it’s a US company operating there, it needs to comply [with the principles] and can be penalised if it doesn’t. • Regulated by the – Office of the Australian Information Commissioner (OAIC) and – The Australian Communications and Media Authority (ACMA). © Murfett Legal 2014
  36. 36. Data / Hosting – “The Cloud” (cont.) • What is cloud computing? – Web based email (such as Gmail and Hotmail) and social networking websites (such As Facebook) are examples of Cloud services. – Can be delivered through a multitude of models. – The term “Cloud” generally refers to information technology services, for example web-based email and social networking sites that: • Are delivered via the internet (the “Cloud” being an icon for the internet); and • Typically have a de-centralised IT infrastructure (ie the supplier’s data centres are spread across multiple and sometimes offshore locations. © Murfett Legal 2014
  37. 37. Data / Hosting – “The Cloud” and The APP’s • Agencies and businesses that deal with personal information need to be mindful that: – APP5 – if a company collects personal information and is likely to disclose such information to overseas recipients, it must provide notice at the time of collection of the countries in which such recipients are likely to be located. – APP8 (cross-border disclosure of personal information) regulates the disclosure/transfer of personal information by an agency or business to a different entity (including a parent company) offshore. Before disclosure of personal information offshore, the Australian agency/business (Australian sender) must take reasonable steps to ensure the overseas recipient will comply with/not breach the APPs. © Murfett Legal 2014
  38. 38. Data / Hosting – “The Cloud” and The APP’s (cont.) – This can be done by appropriate contractual provisions. However, the Australian Sender will (subject to limited exceptions) remain liable for the overseas recipient's acts and practices in respect of the personal information sent as if the Australian Sender had engaged in such activities in respect of that personal information in Australia and, where relevant, be in breach of the APPs due to the overseas recipient's acts or omissions. © Murfett Legal 2014
  39. 39. Data / Hosting – “The Cloud” and The APP’s (cont.) – APP11 requires an organisation to destroy or de-identify personally identifiable information when it is no longer needed for any purpose for which it was collected. – APP11.1 (Security of personal information) requires that an organisation must "take reasonable steps to protect the personal information it holds from misuse, interference and loss and from unauthorised access, modification or disclosure". © Murfett Legal 2014
  40. 40. Data / Hosting – “The Cloud” – Practical Ways to Address Privacy Obligations • Businesses and agencies which rely on Cloud services commonly address their obligations under the Privacy Act by – Notifying/ obtaining any relevant consents from individuals whose personal information they collect to process and store their information in the Cloud – By placing appropriate Australian specific contractual obligations of privacy on the Cloud vendor. • From a privacy perspective, some of the most important matters for an agency or business to fully investigate and understand when negotiating an agreement with a Cloud vendor include: – the types and sensitivity of the information that the business/agency wants to put into the Cloud (eg personal and/or confidential information about customers and employees); © Murfett Legal 2014
  41. 41. Data / Hosting – “The Cloud” – Practical Ways to Address Privacy Obligations – what privacy and other obligations the business/agency has with respect to the information (eg contractual, regulatory or statutory obligations); – the mechanisms and protections that the vendor has in place to protect and manage the information, including disaster recovery processes to protect against data loss; – the locations of the vendor's data centres and other infrastructure and, if offshore locations are involved, what foreign laws will apply; and – the vendor's reputation and track record in relation to security and privacy. © Murfett Legal 2014
  42. 42. Data / Hosting – “The Cloud” – Practical Ways to Address Privacy Obligations • Ensure agreement places appropriate privacy related obligations on the vendor. • Customer needs to ensure that it understands (and does not try and impose on the vendor) the privacy obligations which are rightfully those of the customer or, practically, are best managed by the customer (eg around the original collection of the information). Some of the appropriate customer rights/vendor obligations to consider will relate to: – retention of ownership of the information (ie ensuring it is clear that this is owned by the agency/business customer); © Murfett Legal 2014
  43. 43. Data / Hosting – “The Cloud” – Practical Ways to Address Privacy Obligations – security arrangements to ensure that all information is safeguarded and secure, and rights to audit the vendor's compliance with those security arrangements; – reporting of information breaches and indemnities with respect to losses resulting from privacy related breaches; – disaster recovery measures to help protect against information loss; – storage of information only in nominated countries that have privacy protections which are compatible with Australian privacy law; and – rights to audit and access information, including a right to the return of information when the agreement ends © Murfett Legal 2014
  44. 44. Data / Hosting – “The Cloud” Penalties • OAIC will be able to hand out fines of up to $1.7m for any organisation found to be in breach of the Act. • Australian telco Telstra ordered to pay AU$10,200 after it was found to have compromised names, phone numbers and addresses of approximately 15,775 of its customers. © Murfett Legal 2014
  45. 45. Data / Hosting – “The Cloud” Penalties (cont.) • The fine was handed down because Telstra failed to comply with security guidelines it intended to set in place after a 2011 breach that saw the telco haemorrhage personal information of over 700,000 customers. © Murfett Legal 2014
  46. 46. © Murfett Legal 2013 THANK YOU! tom@murfett.com.au www.murfett.com.au
  47. 47. Seek professional, friendly legal advice so you can make an informed decision • Business / Commercial Law • Business Structures • Business Succession • Business Turnaround • Contract Advice • Debt Collection • Employment Law • Estate Planning • Franchising • Hospitality Law • Insolvency • Intellectual Property • Leasing • Liquor Licensing • Litigation • Property Law Advice • Restructuring • Settlements • Sports and Entertainment Law • Strategy and Negotiation • Superannuation • Taxation • Trusts • Wills © Murfett Legal 2014

×