On 12 March 2014 the Australian Privacy Principles (the Principles) entered into force. The Principles are found in Schedule 1 of the Privacy Act 1988 (Cth) (the Act). The Principles establish requirements for the way organisations collect, store and use an individual’s personal information. Bradley Allen Love Lawyers are subject to the Principles and are committed to the protection of individuals’ privacy in accordance with the Principles.
1. Collection of Information
Collection of Personal Information
The Firm may collect the following kinds of personal information from a client:
(a) their full name;
(b) their date of birth;
(c) their occupation;
(d) their contact details, including a postal and a residential address, email address and telephone number(s);
(e) in circumstances where the Firm requires money to be paid on account of costs and disbursements, the client’s bank account details;
(f) other personal information reasonably necessary for one or more of the Firm’s Purposes set out in clause 3 of this Policy;
(g) records and content of any communications between the client and the Firm; and
(h) their tax file number.
If the Firm collects an individual’s tax file number then the storage, use and disclosure of the tax file number will only occur as allowed by law.
The Firm will only collect personal information by lawful and fair means and where that information is reasonably necessary for one or more of the Firm’s functions or activities, as identified in the Firm’s Purposes at clause 3 of the Policy.
The Firm generally collects the personal information at subclauses 1(a) through (h) directly from the client with the client’s consent. The Firm will only collect personal information from a third party where it is unreasonable or impractical to collect the information directly from the client. Such third parties may include an individual’s employer, an organisation with whom the individual has dealt or which maintains a public record, or a credit reporting agency.
Collection of Sensitive Information
Sensitive information is defined in the Act as information about an individual’s ethnic origin, beliefs (whether political, religious or philosophical), sexual orientation, criminal history, health, genetics and membership of political or trade associations.
The Firm will collect sensitive information with the relevant individual’s consent and where the collection is reasonably necessary for one or more of the Firm’s Purposes.
An individual’s consent is not required to collect sensitive information where the collection of that information is required or authorised by or under any Australian law or a court order, or where a permitted general situation exists. The conditions which give rise to a ‘permitted general situation’ are defined in section 16A of the Act and include where:
(a) it is unreasonable or impracticable to obtain the individual’s consent to the collection, use or disclosure and the organisation reasonably believes that the collection, use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual;
(b) the organisation has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the organisation’s functions or activities has been, is being or may be engaged in and the organisation reasonably believes that the collection, use or disclosure is necessary for the organisation to take appropriate action in relation to the matter;
(c) the organisation reasonably believes that the collection, use or disclosure is reasonably necessary to assist in locating a person who has been reported missing; or
(d) the collection, use or disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim.
2. Storage of, and Access to, Personal Information
Storage and Security of Personal Information
The Firm strives to provide an environment which ensures that personal information is stored in a secure and confidential manner. The Firm employs a two-fold system for the storage of personal information. Personal information is stored in electronic format on a secure data base, and in hard copy documents in physical file(s) at our business premises. The Firm has systems in place for the security of both its computer network and business premises.
The Firm will take such steps as are reasonable in the circumstances to protect the personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure.
In circumstances where the Firm is no longer actively working on a client’s file(s) and no longer needs the information for any of its Purposes, those files are securely stored offsite for a period of seven (7) years using trusted third parties. Only authorised members of the Firm’s employees are permitted to visit the Firm’s offsite storage facility.
Destruction of Personal Information
The Firm has an existing policy whereby personal information about an individual that has not been used or disclosed for a period of seven (7) years is destroyed using trusted third parties.
Access to, and Correction of, Personal Information
A client is entitled to request access to the personal information the Firm holds about him or her by making a request to the Firm’s Privacy Officer, using the contact details specified at clause 6. The Firm must respond to the request and provide access to the information within a reasonable time. There will be no charges associated with the making of such a request or the subsequent provision of information.
Despite the above paragraph, the Firm is not required to give the individual access to personal information if any of the circumstances detailed in clause 12.3 of Schedule 1 of the Act exist.
Where an individual requests the Firm to correct the personal information it holds about that individual, the Firm must take such steps (if any) as are reasonable in the circumstances to correct the information. The Firm is entitled to refuse to correct the personal information, provided the Firm gives the individual a written notice containing the reasons for the refusal.
Where the Firm is satisfied that the information it holds about an individual is inaccurate, out-of-date, incomplete, irrelevant or misleading, the Firm must take such steps (if any) as are reasonable in the circumstances to correct the information.
3. The Purposes for which Personal Information is Collected
The Firm collects the personal information at subclauses 1(a) through (i) only to the extent that such information is reasonably necessary for, or directly related to, one or more of the Firm’s Purposes.
The “Purposes” of the Firm include (but are not limited to) the following functions and activities:
(a) the provision of legal advice to an individual or to a company which the individual represents;
(b) to consider making offers of employment or to maintain details of the Firm’s existing employees;
(c) the receipt of services by an organisation or its employees; and
(d) the provision of information on the law, whether through the Firm’s monthly newsletter, through seminars or other marketing events.
Please be aware that it is impractical for the Firm to deal with a client and carry out any of the Purposes if the client does not identify himself or herself sufficiently.
4. Disclosure of Personal Information
Disclosure of Information within Australia
In order for the Firm to carry out any one or more of the Purposes, it may be necessary for the Firm to disclose personal information to agents, barristers, solicitors and other experts who play a part in the carriage of a client’s matter.
The Firm must only use or disclose personal information for the Purpose or Purposes for which it was collected. The Firm must not use or disclose personal information for any other purpose (a secondary purpose) unless:
(a) the relevant individual consents to that use or disclosure of the information;
(b) the individual would reasonably expect the Firm to use or disclose the information for the secondary purpose and the secondary purpose is related to one or more of the Purposes;
(c) the use or disclosure of the information is required or authorised by or under an Australian Law;
(d) a permitted general situation exists as defined in clause 1 of the Policy; or
(e) the Firm reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by an enforcement body.
Disclosure of Information outside Australia
The Firm may only disclose personal information to a person or entity that is not in Australia (the Overseas Recipient) without that client’s consent in circumstances where:
(a) the Firm reasonably believes that the Overseas Recipient is subject to a law that affords protection of personal information that is substantially similar to the protection afforded under the Act and the Firm can enforce such protection under the overseas law; or
(b) the Firm takes reasonable steps to ensure that the Overseas Recipient acts in accordance with the Principles in relation to the storage, use and disclosure of the personal information.
5. Direct Marketing
Direct marketing occurs where entities use the personal information they collect to market related or other goods and services to the individual who provided the information. A common example is where an organisation emails individuals a monthly newsletter.
The Firm may use or disclose personal information for the purpose of direct marketing only where the Firm collected the personal information from the individual, the individual would reasonably expect the Firm to use or disclose the information for that purpose and the individual has not made a request pursuant to the below paragraph.
Requests not to receive Direct Marketing
An individual is entitled to request not to receive direct marketing communications from the Firm by contacting the Firm’s Privacy Officer, using the contact details specified at clause 6. The Firm will give effect to any such request.
6. Contact Details
Should you have any queries about the Policy or the Principles, or wish to lodge a complaint about a potential breach of the Principles by the Firm, please contact the Firm’s Privacy Officer using the contact details listed below.
Bradley Allen Love Lawyers
9th Floor, Canberra House
40 Marcus Clarke Street
Canberra City ACT 2601
Phone: 02 6274 0999
Fax: 02 6274 0888
The Firm will endeavour to respond to an individual communication within thirty (30) days. Should the Firm fail to respond within a thirty-day period, an individual may contact the Office of the Australian Information Commissioner, which can investigate queries or complaints in relation to a potential breach of the Principles.
The Policy may be updated from time to time by the Firm as necessary.