Rouse Lawyers

- The Law Firm For Business Owners and Entrepreneurs -

Call us: (07) 3648 9900

  • Home
  • Expertise
    • Corporate & Commercial
    • Private Wealth & Tax
    • Franchising
    • Technology
    • Intellectual Property
    • Commercial Litigation
    • Employment Law
    • Estate Planning
    • Property Law
  • About
    • Our Team
  • Reviews
  • Articles
  • Careers
  • Legal Guide
  • Contact

Do You Know Where Your Data Is?

If your business collects information about customers and stores it electronically, this is an important article to read.

The march of cloud computing is well underway.  Increasing numbers of Australian businesses are storing data “offsite”, and for many businesses, “offsite” also means “offshore”.  Some of the most advanced data hosting services are located outside of Australia, Amazon being the notable example.  The efficiencies of cloud computing are clear from a commercial perspective, but many people are unaware that storing (or disclosing) certain types of information to parties outside of Australia is a major legal issue.  The recently proposed changes to Privacy Law make it a more pressing consideration – a regime that has been criticised as “toothless” will include fines of up to $1.1 million for breaches if the new bill is passed in its current form.

HOW PRIVACY LAW AFFECTS OFFSHORING DATA

The storage and use of “Personal information” is covered by the Privacy Act 1988 (Cth) (‘Act’).  The definition of personal information in the act is very broad (and imprecise): personal information is any information that identifies a person or could be used to identify a person.  This includes obvious categories of information like names and addresses, but reaches as far as information like dates of birth and post codes in circumstances where data can be cross referenced to deduce someone’s identity.

THE CURRENT POSITION ON OFFSHORING DATA

The “National Privacy Principles” are legally binding under the Act.  Principle 9 deals with “Transborder data flows”.  The Principle mandates that personal information can only be transferred to a foreign country if one of the following conditions is satisfied:

  • the country to which the information is being transferred also has privacy law “substantially similar” to the National Privacy Principles;
  • the individual who is the subject of the personal information consents to the transfer;
  • the transfer is necessary for the performance of a contract between the individual and the transferring organisation;
  • the transfer is necessary for the performance of a contract concluded in the interest of the individual between the organisation and a third party;
  • the transfer is for the benefit of the individual, it is “impracticable” to obtain consent, and if consent were sought, the individual would likely give it;
  • the organisation has taken “reasonable steps” to ensure that the transferred information will not be used or disclosed in a way that is inconsistent with the National Privacy Principles.

THE CHANGES IMPOSED BY THE CURRENT VERSION OF THE BILL

The Privacy Amendment (Enhancing Privacy Protection) Bill 2012 was passed by the House of Representatives on 17 September 2012, and is currently under consideration by the senate.

The new Australian Privacy Principle number 8 deals with offshoring data in a different way to the current principle 9.  Under the principle, if an Australian business discloses personal information to a foreign entity, and the foreign entity breaches the Australian Privacy Principles in respect of that personal information, the Australian business will be treated as if it has breached the law itself.

It is possible to gain consent from individuals to avoid this burden, but the threshold for consent is much higher than under current law.  Currently, a business can gain consent by mentioning that it may offshore personal information in its terms and conditions of business.  Under the new law, in order to gain consent, the business must make it clear to an individual that the business will disclose to foreign entities and will not be required to take reasonable steps to ensure compliance of foreign entities with the Australian Privacy Principles.  Some experts are of the view that a legally conservative approach would be to put this disclaimer into an entirely new document outside of the terms to be agreed to specifically by individuals.

Under the current bill, a failure to comply with the new principles can result in fines of up to $1.1 million.

WHAT TO DO ABOUT IT

  • Speak with your IT professional about whether or not the personal information you collect is stored exclusively in Australia.
  • If your business is storing personal information offshore, make sure that you are obtaining the consent of the relevant individuals so that you comply with the laws in force at the moment.
  • Keep an eye out for more updates from us on this topic – if the current version of the bill is approved, it is likely that certain sections of your terms and conditions and Privacy Policies will need to be redrafted.

October 9, 2012 Filed Under: Technology

Enter your details below to contact a professional Technology lawyer.

↓

We add new contacts to Rouse Lawyers database. We may send you information or service offerings we believe may be relevant to you. If you agree to being contacted by us in the future, send your enquiry. Naturally, you can unsubscribe any time.

Client Reviews

"We have no hesitation in recommending the firm"

“At Smarterapps, we deal with a lot of new and exciting concepts – legal advice is very important. Having worked with Rouse Lawyers, we have no hesitation in recommending the firm to our own valued clients for the best legal advice and representation possible.”

Craig AitkenSmarterapps

"The team at Rouse Lawyers has been fantastic."

The team at Rouse Lawyers has been fantastic. As a new technology startup, we had some unique requirements around licensing and partner agreements, trademarking as well as off-shore contractor agreements. Matthew and Patrick have been great to deal with – not only from an advice perspective but also delivering these agreements in a timely manner. Dealing with Rouse Lawyers has allowed us to concentrate on our business knowing the legal side is in good hands.

Gareth Beachy-HeadHub3c

"We consider Rouse part of our team, and highly recommend them"

“Given the nature and size of our clients, we are constantly dealing with the big end of town when it comes to law firms. Matthew’s strategic advice has been utilised in negotiating software development agreements for our 3D interactive rendering engine, structuring our IP, employment matters, recoveries and corporate advice. We consider Rouse part of our team, and highly recommend them as a commercial law firm.”

Ben PowellRoam Interactive

PRIVACY POLICY DISCLAIMER TERMS

BRISBANE OFFICE

Ph: +61 7 3648 9900

Fx: +61 7 3648 9911

Level 2, 22 Wandoo St, Fortitude Valley, QLD 4006

17-Page Guide Reveals:

How To Protect Your Business and Your Assets While Allowing Your Business To Thrive

Written by Matthew Rouse, commercial lawyer and founder of Rouse Lawyers.

17-Page Guide Reveals:

How To Protect Your Business and Your Assets While Allowing Your Business To Thrive

Written by Matthew Rouse, commercial lawyer and founder of Rouse Lawyers.

Sign Up To Our Newsletter