Blog page img

Our Blog

Learn About The Latest Issues Facing The Technology and Telecommunications Industries. Subscribe To Our Blog And Get Regular Updates Automatically!

Some of our Satisfied Clients

Startups, SMEs, Public Listed Entities, Multinational Corporations and Government

featured in

OAIC releases advice regarding personal information collection for COVID-19 purposes

Clients come to seek advice for the law regarding privacy violations with the lawyer at the office.

The Office of the Australian Information Commissioner (OAIC) recently released an advice notice for entities that are collecting personal information for COVID-19 purposes. In its advice, the OAIC recommended that entities review their privacy and personal information practices and adjust as necessary to comply with changing privacy and health regulations.

The OAIC recommended considering three questions:

  1. Is collecting personal information still necessary?
  2. Is retaining personal information still necessary?
  3. When should you destroy personal information?

Entities must have clear and justifiable reasons to continue collecting personal information from individuals. For example, this may be on a legal basis to ensure compliance with public health order requirements. However, if there is no law requiring the collection of personal information, entities must then consider whether collecting the personal information is necessary for their continued operation. This generally falls under a test whereby a reasonable person would agree that collection is necessary. Where there is no longer a reasonably necessary need, it may become necessary to cease data collection.

Similarly, if personal information is no longer required, it must be destroyed or de-identified in accordance with the Australian Privacy Principles. If the entity requires the retention of information for a specified period of time, it must ensure there are processes and systems in place which enable regular review of the need to retain the information.

If retained information is no longer necessary and must be removed, entities must follow proper methods of destruction or de-identification. This will vary depending on the medium of the information, eg. physical, electronic, or cloud.

For a full reading of the OAIC’s release, see here.

At Arnotts Technology Lawyers, we have significant experience advising clients on their obligations under the Australian Privacy Act, GDPR and the privacy law that applies in other jurisdictions (such as New Zealand, California and Canada). Please contact us if you need assistance with your privacy obligations.

"Stellar Results Through Technology Contract Negotiations"

Are you putting your business at risk with lawyers who don’t understand Technology Contracts?

free book