New Requirements for Use of Client Data

New Requirements for Use of Client Data

Published Jun 06, 2018

Personal data is collected every day by a wide range of businesses and organisations. This can be beneficial in providing ease of access to information. However, a breach of this data could potentially damage the reputation of an entity and pose potential harm to individuals.

The Privacy Act 1988 was recently amended to include the Notifiable Data Breaches Scheme. The Office of the Australian Information Commissioner (OAIC) oversees this Scheme. As a result, all entities with existing obligations under the Act must comply with the Scheme. Examples of these entities include:

  • Government bodies
  • Businesses with an annual turnover of more than $3 million
  • Credit reporting bodies
  • Entities that trade in personal information
  • Tax File Number recipients

Those who do not comply may be liable for significant fines of up to $2.1 million.

For an eligible data breach to occur the following needs to be satisfied:

  • Unauthorised access to, or disclosure of information occurs; AND
  • A reasonable person would conclude this would be likely to result in serious harm to the individuals involved.

OR the information is lost in circumstances where:

  • Unauthorised access to, or unauthorised disclosure of information is likely to occur; AND
  • A reasonable person would conclude this would be likely to result in serious harm to the individuals involved.

The term “Serious Harm” is not defined in the Act. The OAIC, however, has noted: “in the context of a data breach, serious harm to an individual may include serious physical, psychological, emotional, financial or reputational harm”.

If an eligible data breach occurs, an entity must:

  1. Prepare a statement outlining details of the breach and steps the individuals should take in response to the breach.
  2. Take reasonable steps to notify the contents of the statement to the individuals at risk.
  3. If the above steps are not possible, to publish a copy on the company website and take reasonable steps to publicise the statement.
  4. Advise the OAIC of the breach and follow their recommended actions.

At Forsyths your privacy is important to us. We have a Privacy Policy that outlines the type of information we request from clients, as well as how we keep this information secure. We have also implemented a Notifiable Data Breach Scheme Policy to ensure the requirements of the Scheme are met. Click here to see the latest version of our Privacy Policy.

If you think your business may need to comply with the Scheme, please visit the OAIC website for more information https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme.



This document has been prepared for general information only and is not intended as personal advice. Any statements of law or proposals are based on Forsyths' interpretation as at the date of issue. Accounting & business services are provided by Forsyths Business Services Pty Ltd ABN 66 182 781 401, liability is limited under a scheme approved under Professional Standards Legislation.

Forsyths Business Services ABN 66 182 781 401
Liability limited by a scheme approved under Professional Standards Legislation.

Forsyths Financial Services Pty Limited ABN 89 103 898 988 AFSL 259938

Disclaimer: Any representations, opinions or statements are based on our understanding of the relevant legislation as at the date of issue. Although every effort has been made to verify the accuracy of the information contained in this material, Forsyths, its officers, representatives, employees and agents disclaim all liability (except for any liability which by law cannot be excluded), for any error, inaccuracy in, or omission from the information contained in this material or any loss or damage suffered by any person directly or indirectly through relying on this information.

Warning: This information is of general nature only and is not intended as a personal advice. It does not take in to account your particular investment objectives, financial situation and needs. Before making a financial decision, you should assess whether the advice is appropriate to your individual investment objectives, financial situation and particular needs. We recommend you consult a professional financial adviser who will assist you. Any references to past investment performance are not an indication of future investment returns. You should also obtain a copy of and consider the Product Disclosure Statement (PDS) for any financial product mentioned before making any decision to acquire a financial product.

© Copyright 2024 Forsyths | Privacy Policy
Website produced in Australia by 2 Creative Media