Sourcing Reference Guide: A reference tool for customers and service providers explaining current best practice and thinking from our global team. (Australia)


Outsourcing and the New Australian Privacy Law:

In a nutshell -

In Australia all APP Entities which collect, use or disclose Personal Information must, under the Privacy Act 1988 (Cth) (“Act”), take reasonable steps to protect the information from misuse, interference, loss, unauthorised access, modification and disclosure. If an APP Entity discloses or outsources the handling of Personal Information to another APP Entity (ie a Service Provider in Australia) there is no specific requirement for the disclosing APP Entity to ensure that the Service Provider complies with Australian privacy law because the Service Provider is already subject to Australian privacy law. However, the disclosing APP Entity’s obligations to protect the information will extend to carrying out some due diligence to ensure that it selects a Service Provider (even one in Australia) which has compliant privacy practices and processes.

If an APP Entity discloses Personal Information to a foreign Service Provider (ie an Overseas Recipient) it must take reasonable steps to ensure that the Overseas Recipient will not breach the APPs in relation to the information disclosed and the disclosing APP Entity will remain responsible for ensuring that the Overseas Recipient handles the information in accordance with Australian privacy laws, unless the APP Entity obtains the informed consent of the relevant individuals to their information being disclosed to the Overseas Recipients. However, the disclosing APP Entity is not required to take these steps if the Overseas Recipient is subject to privacy laws and access to a complaints/determination system which are similar to those in Australia (or another of the limited exceptions applies). In practice, currently, this would be limited to disclosure to a recipient in the EU.

Please see full Guide below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© DLA Piper | Attorney Advertising

Written by:


DLA Piper on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.