Free HR Services from our Employee Relations Experts. Find out more.

Our Business Services

Chamber of Commerce & Industry WA

With over 130 years of experience representing WA businesses, we’re ready to help with the resources and advice you need to succeed.

Employee Relations Helpline

Employee Relations Helpline

Get timely, reliable and practical employee relations advice on employment laws, the awards system and other human resource matters. CCIWA Members get unlimited access.

Legal Services

Legal Services

Our team of experienced, client-focused business lawyers offer a full range of Commercial Law & Employment Law services for all your essential legal needs.

Accounting & Taxation Services

Optima Partners and CCIWA

Innovative and personalised accounting, taxation and business advisory services that focus on delivering the best results to help your business grow.

Workplace Health & Safety Services

Workplace Health & Safety Services

Unlock the potential of your business with our suite of staff training and development programs, crafted by workplace relations experts and tailored to your business needs.

Construction & Mining IR Services

Construction & Mining IR Services

We offer extensive, independent and practical industrial and labour relations support to the engineering, construction and mining industries.

Workplace Training & Development

Workplace Training & Development

Unlock the potential of your business with our suite of staff training and development programs, crafted by workplace relations experts and tailored to your business needs.

Apprenticeship Support Australia WA

Apprenticeship Support Australia WA

Our dedicated team specialises in assisting employers maximise the benefits of investing in apprenticeships and traineeships to build local skills for the diverse WA workforce. Our team of experts will provide all the advice, support and services you need — free of charge.

Work Integrated Learning – Internships

Work Integrated Learning - Internships

Tap into WA’s future workforce with our Work Integrated Learning – Internships program. This free service facilitates university student work experience placements for your business.

Industry Capability Network WA

Industry Capability Network WA

Connecting your business with mining, construction, infrastructure, defence and other major projects using the ICN Gateway.

International Trade Services

International Trade Services

Take your business global using our comprehensive suite of international trade services to streamline importing and exporting, reduce risks and identify international partners.

You have one free articles for this month. Sign up for a CCIWA Membership for unlimited access.

Changes to privacy laws and what it means for your business

By CCIWA Editor 

Recent data breaches have sparked action by the Australian Government to review and implement changes surrounding the handling, use, and management of personal data. The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 (‘the Bill’) aims to increase penalties for privacy breaches and to provide new powers to the relevant authorities.  

Does the Privacy Act 1988 (Cth) apply to your business?

The Privacy Act applies to businesses with an annual turnover of more than $3 million, as well as some other specified businesses. Your annual turnover includes all income from all sources, such as the sale of goods and/or services, lease or hiring income, rental income, interest and other operating income.

Even if your business has an annual turnover of $3 million or less, your business may still need to comply with the Privacy Act if you are a: 

  • health service provider, including gyms, weight loss clinics, and child care centres;
  • trade in personal information;
  • contractor providing services under a contract with the Commonwealth;
  • credit reporting body;
  • operator of a residential tenancy database;
  • business that conducts Protection Action Ballots;
  • business that has opted in to be covered by the Act

Obligations under the Privacy Act

If the Privacy Act applies to your business, you must comply with the Australian Privacy Principles (‘APP’) on how to handle, use and manage personal information. ‘Personal information’ is information or an opinion about an identified individual, or an individual who is reasonably identifiable, regardless of whether or not the opinion is true, and regardless of whether the information or opinion is recorded.  

The Bill does not propose to make any changes to the APP, however, your business should ensure it complies with these principles. We have discussed some below. 

Privacy policy

Under the APP, your business must have a clear and up-to-date privacy policy. This policy should explain how your business handles personal information and should include things such as a name and contact details, what personal information is collected and stored, and where and how the personal information is stored. This policy must be updated and publicised whenever information handling practices change in your business.  

Security of personal information

Under the APP, your business must take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification, or disclosure. What is considered ‘reasonable steps’ depends on the circumstances, such as the nature of your entity, the amount and sensitivity of the personal information held, and the potential consequences for an individual if the data was breached.   

Changes to the Notifiable Data Breaches scheme

If the Privacy Act applies to your business, you must comply with the Notifiable Data Breaches scheme (‘NDB scheme’), which deals with notification requirements in the event of data breaches. A data breach occurs when personal information is lost or subjected to unauthorised access or disclosure.  

Under the NDB scheme, when a data breach is likely to result in serious harm to the affected individuals, your business must take reasonable steps to notify affected individuals and the  

Changes to the kind of information to be reported

Under the current NDB scheme, you must prepare a statement for the Office of the Australian Information Commissioner (‘OAIC’) out the ‘kind or kinds of information concerned’ in the data breach. The Bill proposes to amend the content of the statement to include the particular kind or kinds or kinds of information concerned’. This means that instead of reporting that ‘contact information’ was involved in a data breach, you would specify the kind of contact information involved, such as the phone number of email address. 

Conclusion 

We advise businesses to determine if the Privacy Act applies to their business. If applicable, you should review and confirm that your privacy policy is up to date and ensure that your business is meeting their obligations under the APP, NDB scheme and Privacy Act generally. 

The CCIWA Commercial Law Team can advise you on how to meet your obligations under the privacy laws or how the Bill may impact your business. Please contact the CCIWA Commercial Law Team at [email protected] or call (08) 9365 7560 to discuss further.   

 

Changes to privacy laws aim to increase penalties for privacy breaches and provide new powers to relevant authorities.