Sourcing Reference Guide: A reference tool for customers and service providers explaining current best practice and thinking from our global team. (Australia)

more+
less-

Outsourcing and the New Australian Privacy Law:

In a nutshell -

In Australia all APP Entities which collect, use or disclose Personal Information must, under the Privacy Act 1988 (Cth) (“Act”), take reasonable steps to protect the information from misuse, interference, loss, unauthorised access, modification and disclosure. If an APP Entity discloses or outsources the handling of Personal Information to another APP Entity (ie a Service Provider in Australia) there is no specific requirement for the disclosing APP Entity to ensure that the Service Provider complies with Australian privacy law because the Service Provider is already subject to Australian privacy law. However, the disclosing APP Entity’s obligations to protect the information will extend to carrying out some due diligence to ensure that it selects a Service Provider (even one in Australia) which has compliant privacy practices and processes.

If an APP Entity discloses Personal Information to a foreign Service Provider (ie an Overseas Recipient) it must take reasonable steps to ensure that the Overseas Recipient will not breach the APPs in relation to the information disclosed and the disclosing APP Entity will remain responsible for ensuring that the Overseas Recipient handles the information in accordance with Australian privacy laws, unless the APP Entity obtains the informed consent of the relevant individuals to their information being disclosed to the Overseas Recipients. However, the disclosing APP Entity is not required to take these steps if the Overseas Recipient is subject to privacy laws and access to a complaints/determination system which are similar to those in Australia (or another of the limited exceptions applies). In practice, currently, this would be limited to disclosure to a recipient in the EU.

Please see full Guide below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Topics:  Australia, Cybersecurity, Notice Requirements, Personally Identifiable Information, Privacy Laws

Published In: General Business Updates, International Trade Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© DLA Piper | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »