In a world where businesses are collecting increasing volumes of personal information, the privacy law landscape is evolving rapidly. This shift is accompanied by heightened scrutiny from the Office of the Australian Information Commissioner and other regulators, driven by growing public concern about how personal information is collected, used, and protected.
While the Privacy Act 1988 (Cth) (the Act), the leading piece of privacy legislation, generally applies to businesses with an annual turnover exceeding $3 million, there are several important exceptions to this threshold. These include but are not limited to businesses that provide health services, residential tenancy services, are contracted (including as subcontractors) to the Commonwealth Government, or trade in personal information.
Where the Act applies, businesses have a legal obligation to respect individual privacy and manage customer personal information responsibly and in accordance with the Act. This requires the implementation of a comprehensive privacy framework and effective data governance practices that underpin and guide strong, organisation-wide cybersecurity measures.
At Johnstone and Reimer, we understand that privacy law can be complex, and that meeting your legal obligations to safeguard the personal information you collect or store is critical, not only for the individuals whose data you hold, but also for the long-term success and reputation of your business.
If your business is subject to the Act, our team can assist by:
(a) Reviewing your existing privacy policy
(b) Drafting tailored privacy policies aligned with your business
(c) Preparing compliant collection statements and marketing consents
(d) Providing clear, practical guidance on regulatory compliance
(e) Advising on compliance with the Spam Act 2003 (Cth)
If you would like our team to assist you with privacy law compliance or would like to query whether your business is subject to the Act, please contact our team on (03) 8658 0040.
