SlideShare ist ein Scribd-Unternehmen logo

Privacy Act, Spam Act and "the Cloud" seminar (May 2014)

Tom Meagher
Tom Meagher

If you are interested in how the newly amended Privacy Act and the current Spam Act may affect your business and marketing plans, and also how such applies if you do business in the "cloud", you engage in eCommerce or use data-hosting facilities, then this is for you.

RechtTechnologieWirtschaft & Finanzen
1 von 47
THE PRIVACY ACT, THE SPAM ACT & “THE CLOUD” – A BUSINESS LAWYER’S GUIDE Presented by: Tom Meagher Director – Commercial Law © Murfett Legal 2014 All rights reserved – no reproduction permitted
© Murfett Legal 2014 Tom Meagher | Director | Commercial Law Tom has 25 years’ business experience; including working for major national and local law firms, owning and managing IT businesses, and being a director and in-house counsel for a public company. Tom’s clients include a broad range of local and national businesses and organisations (including not-for-profit entities), accounting firms, financiers, lessors, finance brokers, financial advisers, franchisors, and high net-wealth families. Tom is also a regular presenter of seminars to various associations and professional bodies on a wide-range of business law topics. These include: The Tax Institute, Small Business Development Corporation, LegalWise, The Australian Institute of Conveyancers, Institute of Chartered Accountants of Australia, Law Society of WA, Institute of Public Accountants, National Electrical & Communications Association, Institute of Certified Bookkeepers, Mortgage & Finance Association of Australia, Stirling Business Enterprise Centre, Subiaco Business Association and Business Foundations Inc.
Disclaimer • The information presented in this seminar is intended only as a guide, as to the topic and the matters discussed. • This seminar is not legal advice and must not be relied on as such. • If you have a matter which relates to this seminar or you require legal advice, careful review and analysis of your matter’s particular facts, information and documents is required before proper legal advice can be given or applied to your matter. © Murfett Legal 2014
Overview © Murfett Legal 2014 • Privacy Act 1988 (Cth) • Amendments to the Privacy Act 1988 (Cth) • Australian Privacy Principles • Spam Act 2003 (Cth) • Data / Hosting – “The Cloud!”
Privacy Act 1988 (Cth) • Privacy Act regulates the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information, and access to and correction of that information. • The Privacy Act also: – Regulates the collection, storage, use disclosure, security and disposal of individuals’ tax file number. – permits the handling of health information for health and medical research purposes in certain circumstances, where researchers are unable to seek individuals' consent. © Murfett Legal 2014
Privacy Act 1988 (Cth) (cont.) – allows the Information Commissioner to approve and register enforceable APP codes that have been developed by an APP code developer, or developed by the Information Commissioner directly. – permits a small business operator, who would otherwise not be subject to the Australian Privacy Principles (APPs) and any relevant privacy code, to opt-in to being covered by the APPs and any relevant APP code. – allows for privacy regulations to be made. © Murfett Legal 2014
Who has responsibilities under the Privacy Act? • Australian and Norfolk Island Government agencies and all businesses and not-for-profit organisations with an annual turnover greater than $3 million have responsibilities under the Privacy Act subject to some exceptions. • As well some small business operators (organisations with a turnover of $3 million or less) are covered by the Privacy Act including: – private sector health service providers, including child care centres, private schools and private tertiary educational institutions. © Murfett Legal 2014
Who has responsibilities under the Privacy Act? (cont.) © Murfett Legal 2014 – businesses that sell or purchase personal information – credit reporting bodies – contracted service providers for a Commonwealth contract – employee associations registered or recognised under the Fair Work (Registered Organisations) Act 2009. – businesses that have opted-in to the Privacy Act – businesses prescribed by the Regulations.
Who has responsibilities under the Privacy Act? (cont.) © Murfett Legal 2014 • Others – activities of reporting entities or authorised agents relating to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and its Regulations and Rules – acts and practices to do with the operation of a residential tenancy database – activities related to the conduct of a protection action ballot • Specified persons – credit reporting information — including credit reporting bodies, credit providers (which includes energy and water utilities and telecommunication providers) and certain other third parties
Who has responsibilities under the Privacy Act? (cont.) © Murfett Legal 2014 – tax file numbers under the Tax File Number Guidelines – personal information contained on the Personal Property Securities Register – old conviction information under the Commonwealth Spent Convictions Scheme – ehealth record information under the Personally Controlled Electronic Health Records Act 2012 and Individual Healthcare Identifiers under the Healthcare Identifiers Act 2010
Privacy Act 1988 (Cth) Amendments • 12 March 2014 the Privacy (Enhancing Privacy Protection) Act 2012 (Cth) took effect. It was described as the biggest change to the Privacy Act in over 20 years. • The Privacy Act amendments include: – mandatory Australian Privacy Principles (APPs) - combines and replaces the National Privacy Principals and the Information Privacy Principals set out in the Privacy Act 1988 (Cth). – credit reporting provisions that apply to the handling of credit- related personal information that credit providers are permitted to disclose to credit reporting bodies for inclusion on individuals’ credit reports. © Murfett Legal 2014
Privacy Act 1988 (Cth) Amendments (cont.) – Enhanced powers for the Office of the Australian Information Commissioner (“OAIC”). – Recognising external dispute resolution schemes. – New provisions on codes of practice about information privacy (APP codes) and a code of practice for credit reporting (the CR code), including enabling the Information Commissioner to develop and register binding codes that are in the public interest. © Murfett Legal 2014
Changes to Credit Reporting Laws • What is the purpose of credit reporting? – To balance protecting your personal information with the need to credit providers to have enough information to help them decide whether or nor to give you credit. Such as a bank loan. • The Privacy Act now includes new credit reporting provisions including: – The introduction of more comprehensive credit reporting, a simplified and enhanced correction and complaints process – The introduction of civil penalties for breaches of certain credit reporting provisions © Murfett Legal 2014
Changes to Credit Reporting Laws (cont.) – A requirement for credit providers to be a member of an external dispute resolution scheme, recognised under the Privacy Act, to be able to participate in the credit reporting system © Murfett Legal 2014
Australian Privacy Principles (“APP”) • There are 13 Australian Privacy Principles (“APP”) that apply to the handling of personal information by most Australian and Norfolk Island Government agencies and some private sector organisations • This comprehensive set of APPs applies specifically to organisations that have an annual turnover greater than $3 million dollars and have direct sales to customers forming part of their business. © Murfett Legal 2014
Australian Privacy Principles (“APP”) (cont.) • APP 1 – open and transparent management of personal information • APP 2 – anonymity and pseudonymity • APP 3 – collection of solicited personal information • APP 4 – dealing with unsolicited personal information • APP 5 – notification of the collection of personal information • APP 6 – use or disclose of personal information • APP 7 – direct marketing • APP 8 – cross-border disclosure of personal information © Murfett Legal 2014
Australian Privacy Principles (“APP”) (cont.) • APP 9 – adoption, use or disclosure of government related identifiers • APP 10 – quality of personal information • APP 11 – security of personal information • APP 12 – access to personal information • APP 13 – correction of personal information © Murfett Legal 2014
Spam Act 2003 (Cth) • The purpose of the Spam Act was developed in response to the problems caused by the growing volume of unsolicited commercial electronic messages, or spam. • Spam threatens the viability and efficiency of electronic messaging. It damages consumer confidence, obstructs legitimate business activities and imposes many costs on users. • Preserves legitimate business communication activities and encouraging the responsible use of electronic messaging. © Murfett Legal 2014
Spam Act 2003 (Cth) (cont.) • The Australian Communications and Media Authority is responsible for enforcing the provisions of the Spam Act. • The National Office for the Information Economy is responsible for providing information and education material about the Spam Act during its implementation. © Murfett Legal 2014
Spam Act 2003 (Cth) (cont.) • The Spam Act prohibits the sending of unsolicited commercial electronic messages – known as spam – with an Australian link. • Spam Act defines a commercial electronic message as: – offers, advertises or promotes the supply of goods, services, land or business or investment opportunities – advertises or promotes a supplier of goods, services, land or a provider of business or investment opportunities – helps a person dishonestly obtain property, commercial advantage or other gain from another person • Spam Act defines a commercial message as: – offers, advertises or promotes the supply of goods, services, land or business or investment opportunities © Murfett Legal 2014
Spam Act 2003 (Cth) (cont.) – advertises or promotes a supplier of goods, services, land or a provider of business or investment opportunities – helps a person dishonestly obtain property, commercial advantage or other gain from another person • Spam Act defines an electronic message as ‘commercial’ by considering: – the content of the message – the way the message is presented – any links, phone numbers or contact information in the message that leads to content with a commercial purpose— as these may also lead the message to be defined as 'commercial' in nature © Murfett Legal 2014
Spam Act 2003 (Cth) (cont.) • Messages covered by the Spam Act include: – Email – Short Message Service (SMS) – Multimedia Message Service (MMS) – Instant Messaging (IM) • Messages not covered by the Spam Act are: – Non-electronic messages (such as ordinary mail, paper, flyers etc) – Voice to voice telemarketing – The majority of “pop up” windows that appear on the internet (they are usually an intrinsic part of a webpage that has been accessed, rather than a message sent to the recipient address); and – Messages without any commercial content that do no contain links or directions to a commercial website or location © Murfett Legal 2014
Social Media and Spam Act 2003 (Cth) • Facebook community standards – Phishing and Spam • We take the safety of our members seriously and work to prevent attempts to compromise their privacy or security. We also ask that you respect our members by not contacting them for commercial purposes without their consent. • Facebook Pages Term – III Page Features - A. Advertising on Pages • Third-party advertisements on Pages are prohibited, without our prior permission. © Murfett Legal 2014
Spam Act 2003 (Cth) Steps to follow • Step 1 – CONSENT • Step 2 – IDENTIFY • Step 3 – UNSUBSCRIBE © Murfett Legal 2014
Spam Act 2003 (Cth) STEP 1 - CONSENT • Only send when you have consent • Consent can either be – Express; or – Inferred • Express Consent – You have received specific consent from addressee. Examples include • The addressee has subscribed to your electronic advertising mailing list • The addressee has deliberately ticked a box consenting to receive messages or advertisements from you; or • The addressee has specifically requested such material from you over the telephone. © Murfett Legal 2014
Spam Act 2003 (Cth) STEP 1 – CONSENT (cont.) • Inferred Consent – The addressee has not directly instructed you to send them a message, but it is clear that there is a reasonable expectation that messages will be sent. – You may be able to reasonably infer consent after considering both the conduct of the addressee and their relationship with you. – Examples of where consent may be inferred are: • When purchasing goods or services an addressee has provided their electronic address in the general expectation that there will be follow-up communications © Murfett Legal 2014
Spam Act 2003 (Cth) STEP 1 – CONSENT (cont.) • When an addressee has provided their address with the understanding that it would be used in day-to-day transactions (such as online banking or business), and may be used for additional communications (for example notification of related services or products); • Online registration of a product or a warranty; • When an addressee conspicuously published their electronic address; • When an addressee has provided a business card containing their electronic address • Existing relationship – Possible for you to infer consent based on the status of your relationship with the addressee, as long as it is consistent with the reasonable expectations of the addressee, and their conduct. © Murfett Legal 2014
Spam Act 2003 (Cth) STEP 1 – CONSENT (cont.) • Examples that might suggest that a business, or other, relationship exists from which you may reasonably infer consent. – Shareholders – Contractors – Employers and employees – Bank account holders – Registered users of online services – Persons who have purchased goods or services which involves ongoing warranty and service providers – Professional association members – Bank account holders © Murfett Legal 2014
• If you are not sure if consent has been given, you should seek confirmation from that addressee that you can send commercial electronic messages to them. • Do not accept subscription by a third party on behalf of another. © Murfett Legal 2014 Spam Act 2003 (Cth) STEP 1 – CONSENT (cont.)
• Include accurate information about the person and business that is responsible for sending the commercial electronic message. • Accurate information included details that clearly identify your business (for example the business name) and details about how addressee may contact you. • Sender information must be reasonably likely to be accurate for a period of 30 days after the day on which you send your message. © Murfett Legal 2014 Spam Act 2003 (Cth) STEP 2– IDENTIFY
• You need to provide people the choice to opt out, or unsubscribe, from your future commercial electronic messages. • Must be clearly presented and easy to use. • Ensure that a functional unsubscribe facility is included in all your commercial electronic messages. • Deal with unsubscribe requests promptly. © Murfett Legal 2014 Spam Act 2003 (Cth) STEP 3– UNSUBSCRIBE
Spam Act 2003 (Cth) PENALTIES • Financial Penalties associated with a breach of the Spam Act are substantial: – May be subject to a Court imposed penalty of up to $220,000 for a single day’s contravention. If, after finding, the business contravenes the same provision, they may be subject to a penalty of up to $1.1 million. – The Spam Act specified a number of options that are available to enforce the legislation, depending on which is the most appropriate response to the contravention that has occurred. – The range of possible activities includes • Formal warnings • Infringement notices (similar to a speeding ticket) • Court action © Murfett Legal 2014
© Murfett Legal 2014
Data / Hosting – “The Cloud” • New powers to the Office of the Australian Information Commissioner (OAIC) to monitor how companies comply with the policy, which includes making sure companies are investing in new IT systems and staff training, and ensuring privacy complaints are handled in a timely, effective manner. • Affects all Australia-based organisations that store any personal data about their customers, including cloud and communications service providers. • Make explicitly clear whether that data is stored or processed outside of Australia, and all suppliers involved with that process – whether in or outside Australia – need to comply with those same policies. © Murfett Legal 2014
Data / Hosting – “The Cloud” (cont.) • The amendment makes clear that in the event of a privacy complaint or breach of the principles, even if it was, say, the US subsidiary or home office’s fault, legal fault still lies with the Australian company. Or if it’s a US company operating there, it needs to comply [with the principles] and can be penalised if it doesn’t. • Regulated by the – Office of the Australian Information Commissioner (OAIC) and – The Australian Communications and Media Authority (ACMA). © Murfett Legal 2014
Data / Hosting – “The Cloud” (cont.) • What is cloud computing? – Web based email (such as Gmail and Hotmail) and social networking websites (such As Facebook) are examples of Cloud services. – Can be delivered through a multitude of models. – The term “Cloud” generally refers to information technology services, for example web-based email and social networking sites that: • Are delivered via the internet (the “Cloud” being an icon for the internet); and • Typically have a de-centralised IT infrastructure (ie the supplier’s data centres are spread across multiple and sometimes offshore locations. © Murfett Legal 2014
Data / Hosting – “The Cloud” and The APP’s • Agencies and businesses that deal with personal information need to be mindful that: – APP5 – if a company collects personal information and is likely to disclose such information to overseas recipients, it must provide notice at the time of collection of the countries in which such recipients are likely to be located. – APP8 (cross-border disclosure of personal information) regulates the disclosure/transfer of personal information by an agency or business to a different entity (including a parent company) offshore. Before disclosure of personal information offshore, the Australian agency/business (Australian sender) must take reasonable steps to ensure the overseas recipient will comply with/not breach the APPs. © Murfett Legal 2014
Data / Hosting – “The Cloud” and The APP’s (cont.) – This can be done by appropriate contractual provisions. However, the Australian Sender will (subject to limited exceptions) remain liable for the overseas recipient's acts and practices in respect of the personal information sent as if the Australian Sender had engaged in such activities in respect of that personal information in Australia and, where relevant, be in breach of the APPs due to the overseas recipient's acts or omissions. © Murfett Legal 2014
Data / Hosting – “The Cloud” and The APP’s (cont.) – APP11 requires an organisation to destroy or de-identify personally identifiable information when it is no longer needed for any purpose for which it was collected. – APP11.1 (Security of personal information) requires that an organisation must "take reasonable steps to protect the personal information it holds from misuse, interference and loss and from unauthorised access, modification or disclosure". © Murfett Legal 2014
Data / Hosting – “The Cloud” – Practical Ways to Address Privacy Obligations • Businesses and agencies which rely on Cloud services commonly address their obligations under the Privacy Act by – Notifying/ obtaining any relevant consents from individuals whose personal information they collect to process and store their information in the Cloud – By placing appropriate Australian specific contractual obligations of privacy on the Cloud vendor. • From a privacy perspective, some of the most important matters for an agency or business to fully investigate and understand when negotiating an agreement with a Cloud vendor include: – the types and sensitivity of the information that the business/agency wants to put into the Cloud (eg personal and/or confidential information about customers and employees); © Murfett Legal 2014
Data / Hosting – “The Cloud” – Practical Ways to Address Privacy Obligations – what privacy and other obligations the business/agency has with respect to the information (eg contractual, regulatory or statutory obligations); – the mechanisms and protections that the vendor has in place to protect and manage the information, including disaster recovery processes to protect against data loss; – the locations of the vendor's data centres and other infrastructure and, if offshore locations are involved, what foreign laws will apply; and – the vendor's reputation and track record in relation to security and privacy. © Murfett Legal 2014
Data / Hosting – “The Cloud” – Practical Ways to Address Privacy Obligations • Ensure agreement places appropriate privacy related obligations on the vendor. • Customer needs to ensure that it understands (and does not try and impose on the vendor) the privacy obligations which are rightfully those of the customer or, practically, are best managed by the customer (eg around the original collection of the information). Some of the appropriate customer rights/vendor obligations to consider will relate to: – retention of ownership of the information (ie ensuring it is clear that this is owned by the agency/business customer); © Murfett Legal 2014
Data / Hosting – “The Cloud” – Practical Ways to Address Privacy Obligations – security arrangements to ensure that all information is safeguarded and secure, and rights to audit the vendor's compliance with those security arrangements; – reporting of information breaches and indemnities with respect to losses resulting from privacy related breaches; – disaster recovery measures to help protect against information loss; – storage of information only in nominated countries that have privacy protections which are compatible with Australian privacy law; and – rights to audit and access information, including a right to the return of information when the agreement ends © Murfett Legal 2014
Data / Hosting – “The Cloud” Penalties • OAIC will be able to hand out fines of up to $1.7m for any organisation found to be in breach of the Act. • Australian telco Telstra ordered to pay AU$10,200 after it was found to have compromised names, phone numbers and addresses of approximately 15,775 of its customers. © Murfett Legal 2014
Data / Hosting – “The Cloud” Penalties (cont.) • The fine was handed down because Telstra failed to comply with security guidelines it intended to set in place after a 2011 breach that saw the telco haemorrhage personal information of over 700,000 customers. © Murfett Legal 2014
© Murfett Legal 2013 THANK YOU! tom@murfett.com.au www.murfett.com.au
Seek professional, friendly legal advice so you can make an informed decision • Business / Commercial Law • Business Structures • Business Succession • Business Turnaround • Contract Advice • Debt Collection • Employment Law • Estate Planning • Franchising • Hospitality Law • Insolvency • Intellectual Property • Leasing • Liquor Licensing • Litigation • Property Law Advice • Restructuring • Settlements • Sports and Entertainment Law • Strategy and Negotiation • Superannuation • Taxation • Trusts • Wills © Murfett Legal 2014

Empfohlen

28014_EY Safe Harbor_UK
28014_EY Safe Harbor_UK28014_EY Safe Harbor_UK
28014_EY Safe Harbor_UKNicola Hermansson
 
20131009 aon security breach legislation
20131009 aon security breach legislation20131009 aon security breach legislation
20131009 aon security breach legislationJos Dumortier
 
Quick Guide: EU General Data Protection Regulation and Smart Metering
Quick Guide: EU General Data Protection Regulation and Smart MeteringQuick Guide: EU General Data Protection Regulation and Smart Metering
Quick Guide: EU General Data Protection Regulation and Smart Meteringnuances
 
Privacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarPrivacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarLance Michalson
 
Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...
Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...
Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...OvationsGroup
 
POPI
POPI POPI
POPI POPI ACT Protection of Personal Info
 
The Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationThe Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationEndcode_org
 
Internet Regulation
Internet RegulationInternet Regulation
Internet RegulationRob Blamires
 

Empfohlen

28014_EY Safe Harbor_UK
28014_EY Safe Harbor_UK28014_EY Safe Harbor_UK
28014_EY Safe Harbor_UKNicola Hermansson
 
20131009 aon security breach legislation
20131009 aon security breach legislation20131009 aon security breach legislation
20131009 aon security breach legislationJos Dumortier
 
Quick Guide: EU General Data Protection Regulation and Smart Metering
Quick Guide: EU General Data Protection Regulation and Smart MeteringQuick Guide: EU General Data Protection Regulation and Smart Metering
Quick Guide: EU General Data Protection Regulation and Smart Meteringnuances
 
Privacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarPrivacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarLance Michalson
 
Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...
Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...
Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...OvationsGroup
 
POPI
POPI POPI
POPI POPI ACT Protection of Personal Info
 
The Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationThe Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationEndcode_org
 
Internet Regulation
Internet RegulationInternet Regulation
Internet RegulationRob Blamires
 
Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Quotient Consulting
 
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...Ben Allen
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020Christo W. Meyer
 
CIPS ON CASL presentation Mar 20 2014
CIPS ON CASL presentation Mar 20 2014CIPS ON CASL presentation Mar 20 2014
CIPS ON CASL presentation Mar 20 2014Lisa Abe-Oldenburg, B.Comm., JD.
 
European Legal and Privacy Update with FEDMA
European Legal and Privacy Update with FEDMAEuropean Legal and Privacy Update with FEDMA
European Legal and Privacy Update with FEDMARachel Aldighieri
 
Regulatory perspective in dealing with Cyber crime
Regulatory perspective in dealing with Cyber crimeRegulatory perspective in dealing with Cyber crime
Regulatory perspective in dealing with Cyber crimeCA
 
The dma legal update summer 2014
The dma legal update summer 2014 The dma legal update summer 2014
The dma legal update summer 2014 Rachel Aldighieri
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Benjamin Ang
 
Final Regulations Consultation Paper 12 March 2010
Final Regulations Consultation Paper 12 March 2010Final Regulations Consultation Paper 12 March 2010
Final Regulations Consultation Paper 12 March 2010OrthoSearch
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Strategy and experience of Spain in interoperability for eGovernment. Governm...
Strategy and experience of Spain in interoperability for eGovernment. Governm...Strategy and experience of Spain in interoperability for eGovernment. Governm...
Strategy and experience of Spain in interoperability for eGovernment. Governm...Miguel A. Amutio
 
Legal and policy framework -ICT week 2016
Legal and policy framework -ICT week 2016Legal and policy framework -ICT week 2016
Legal and policy framework -ICT week 2016CA
 
20120822 schubert alpbach_final
20120822 schubert alpbach_final20120822 schubert alpbach_final
20120822 schubert alpbach_finalISPA - Internet Service Providers Austria
 
Opportunities and benefits of POPI
Opportunities and benefits of POPIOpportunities and benefits of POPI
Opportunities and benefits of POPIPOPI ACT Protection of Personal Info
 
DMA Scotland: Legal update
DMA Scotland: Legal updateDMA Scotland: Legal update
DMA Scotland: Legal updateRachel Aldighieri
 
Research and The Law
Research and The LawResearch and The Law
Research and The LawMichael Bromby
 
Legislation
LegislationLegislation
Legislationmegabyte
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in MalaysiaMSC Malaysia Cybercentre @ Bangsar South City
 
Getting The Deal Through: Telecoms & Media Market Intelligence 2016
Getting The Deal Through: Telecoms & Media Market Intelligence 2016Getting The Deal Through: Telecoms & Media Market Intelligence 2016
Getting The Deal Through: Telecoms & Media Market Intelligence 2016Matheson Law Firm
 
Getting the Deal Through: Telecoms and Media 2016
Getting the Deal Through: Telecoms and Media 2016Getting the Deal Through: Telecoms and Media 2016
Getting the Deal Through: Telecoms and Media 2016Matheson Law Firm
 
C-Suite Workshop presented by Stephen Booth and Peter Stewart on 10 April 2019
C-Suite Workshop presented by Stephen Booth and Peter Stewart on 10 April 2019C-Suite Workshop presented by Stephen Booth and Peter Stewart on 10 April 2019
C-Suite Workshop presented by Stephen Booth and Peter Stewart on 10 April 2019LaraMartinsons
 
EC2017 United Kingdom
EC2017 United KingdomEC2017 United Kingdom
EC2017 United KingdomRobert Bond
 

Weitere ähnliche Inhalte

Was ist angesagt?

Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Quotient Consulting
 
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...Ben Allen
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020Christo W. Meyer
 
European Legal and Privacy Update with FEDMA
European Legal and Privacy Update with FEDMAEuropean Legal and Privacy Update with FEDMA
European Legal and Privacy Update with FEDMARachel Aldighieri
 
Regulatory perspective in dealing with Cyber crime
Regulatory perspective in dealing with Cyber crimeRegulatory perspective in dealing with Cyber crime
Regulatory perspective in dealing with Cyber crimeCA
 
The dma legal update summer 2014
The dma legal update summer 2014 The dma legal update summer 2014
The dma legal update summer 2014 Rachel Aldighieri
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Benjamin Ang
 
Final Regulations Consultation Paper 12 March 2010
Final Regulations Consultation Paper 12 March 2010Final Regulations Consultation Paper 12 March 2010
Final Regulations Consultation Paper 12 March 2010OrthoSearch
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Strategy and experience of Spain in interoperability for eGovernment. Governm...
Strategy and experience of Spain in interoperability for eGovernment. Governm...Strategy and experience of Spain in interoperability for eGovernment. Governm...
Strategy and experience of Spain in interoperability for eGovernment. Governm...Miguel A. Amutio
 
Legal and policy framework -ICT week 2016
Legal and policy framework -ICT week 2016Legal and policy framework -ICT week 2016
Legal and policy framework -ICT week 2016CA
 
Legislation
LegislationLegislation
Legislationmegabyte
 
Getting The Deal Through: Telecoms & Media Market Intelligence 2016
Getting The Deal Through: Telecoms & Media Market Intelligence 2016Getting The Deal Through: Telecoms & Media Market Intelligence 2016
Getting The Deal Through: Telecoms & Media Market Intelligence 2016Matheson Law Firm
 
Getting the Deal Through: Telecoms and Media 2016
Getting the Deal Through: Telecoms and Media 2016Getting the Deal Through: Telecoms and Media 2016
Getting the Deal Through: Telecoms and Media 2016Matheson Law Firm
 

Was ist angesagt? (20)

Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711
 
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
 
CIPS ON CASL presentation Mar 20 2014
CIPS ON CASL presentation Mar 20 2014CIPS ON CASL presentation Mar 20 2014
CIPS ON CASL presentation Mar 20 2014
 
European Legal and Privacy Update with FEDMA
European Legal and Privacy Update with FEDMAEuropean Legal and Privacy Update with FEDMA
European Legal and Privacy Update with FEDMA
 
Regulatory perspective in dealing with Cyber crime
Regulatory perspective in dealing with Cyber crimeRegulatory perspective in dealing with Cyber crime
Regulatory perspective in dealing with Cyber crime
 
The dma legal update summer 2014
The dma legal update summer 2014 The dma legal update summer 2014
The dma legal update summer 2014
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)
 
Final Regulations Consultation Paper 12 March 2010
Final Regulations Consultation Paper 12 March 2010Final Regulations Consultation Paper 12 March 2010
Final Regulations Consultation Paper 12 March 2010
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
 
Strategy and experience of Spain in interoperability for eGovernment. Governm...
Strategy and experience of Spain in interoperability for eGovernment. Governm...Strategy and experience of Spain in interoperability for eGovernment. Governm...
Strategy and experience of Spain in interoperability for eGovernment. Governm...
 
Legal and policy framework -ICT week 2016
Legal and policy framework -ICT week 2016Legal and policy framework -ICT week 2016
Legal and policy framework -ICT week 2016
 
20120822 schubert alpbach_final
20120822 schubert alpbach_final20120822 schubert alpbach_final
20120822 schubert alpbach_final
 
Opportunities and benefits of POPI
Opportunities and benefits of POPIOpportunities and benefits of POPI
Opportunities and benefits of POPI
 
DMA Scotland: Legal update
DMA Scotland: Legal updateDMA Scotland: Legal update
DMA Scotland: Legal update
 
Research and The Law
Research and The LawResearch and The Law
Research and The Law
 
Legislation
LegislationLegislation
Legislation
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
Getting The Deal Through: Telecoms & Media Market Intelligence 2016
Getting The Deal Through: Telecoms & Media Market Intelligence 2016Getting The Deal Through: Telecoms & Media Market Intelligence 2016
Getting The Deal Through: Telecoms & Media Market Intelligence 2016
 
Getting the Deal Through: Telecoms and Media 2016
Getting the Deal Through: Telecoms and Media 2016Getting the Deal Through: Telecoms and Media 2016
Getting the Deal Through: Telecoms and Media 2016
 

Ähnlich wie Privacy Act, Spam Act and "the Cloud" seminar (May 2014)

C-Suite Workshop presented by Stephen Booth and Peter Stewart on 10 April 2019
C-Suite Workshop presented by Stephen Booth and Peter Stewart on 10 April 2019C-Suite Workshop presented by Stephen Booth and Peter Stewart on 10 April 2019
C-Suite Workshop presented by Stephen Booth and Peter Stewart on 10 April 2019LaraMartinsons
 
EC2017 United Kingdom
EC2017 United KingdomEC2017 United Kingdom
EC2017 United KingdomRobert Bond
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!catherinecoulter
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!catherinecoulter
 
KYC AML regulation in EU
KYC AML regulation in EUKYC AML regulation in EU
KYC AML regulation in EUMuthu Siva
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About PrivacyNow Dentons
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!Now Dentons
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
 
Regulations and Legislation for E-Commerce in the UK
Regulations and Legislation for E-Commerce in the UKRegulations and Legislation for E-Commerce in the UK
Regulations and Legislation for E-Commerce in the UKPatrick John McGee
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Edouard Nguyen
 
Legal update Leeds - 7 October 2014
Legal update Leeds - 7 October 2014Legal update Leeds - 7 October 2014
Legal update Leeds - 7 October 2014Rachel Aldighieri
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Cyber Security Unit laws_and_regulatory_requirements.pptx
Cyber Security Unit laws_and_regulatory_requirements.pptxCyber Security Unit laws_and_regulatory_requirements.pptx
Cyber Security Unit laws_and_regulatory_requirements.pptxSourabhNath4
 
Your Big Data Opportunity
Your Big Data OpportunityYour Big Data Opportunity
Your Big Data OpportunityiCrossing
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 

Ähnlich wie Privacy Act, Spam Act and "the Cloud" seminar (May 2014) (20)

C-Suite Workshop presented by Stephen Booth and Peter Stewart on 10 April 2019
C-Suite Workshop presented by Stephen Booth and Peter Stewart on 10 April 2019C-Suite Workshop presented by Stephen Booth and Peter Stewart on 10 April 2019
C-Suite Workshop presented by Stephen Booth and Peter Stewart on 10 April 2019
 
EC2017 United Kingdom
EC2017 United KingdomEC2017 United Kingdom
EC2017 United Kingdom
 
ClientAdvisoryNote - Obama's Privacy Action Plan
ClientAdvisoryNote - Obama's Privacy Action PlanClientAdvisoryNote - Obama's Privacy Action Plan
ClientAdvisoryNote - Obama's Privacy Action Plan
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!
 
POPI Update 2013
POPI Update 2013POPI Update 2013
POPI Update 2013
 
KYC AML regulation in EU
KYC AML regulation in EUKYC AML regulation in EU
KYC AML regulation in EU
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About Privacy
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
Regulations and Legislation for E-Commerce in the UK
Regulations and Legislation for E-Commerce in the UKRegulations and Legislation for E-Commerce in the UK
Regulations and Legislation for E-Commerce in the UK
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?
 
Legal update Leeds - 7 October 2014
Legal update Leeds - 7 October 2014Legal update Leeds - 7 October 2014
Legal update Leeds - 7 October 2014
 
Legal update - Leeds
Legal update - LeedsLegal update - Leeds
Legal update - Leeds
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Cyber Security Unit laws_and_regulatory_requirements.pptx
Cyber Security Unit laws_and_regulatory_requirements.pptxCyber Security Unit laws_and_regulatory_requirements.pptx
Cyber Security Unit laws_and_regulatory_requirements.pptx
 
Your Big Data Opportunity
Your Big Data OpportunityYour Big Data Opportunity
Your Big Data Opportunity
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
 

Mehr von Tom Meagher

Use of Deposits in Sale Contracts
Use of Deposits in Sale ContractsUse of Deposits in Sale Contracts
Use of Deposits in Sale ContractsTom Meagher
 
Commercial Property Due Diligence - a Lawyer's Practical Guide
Commercial Property Due Diligence - a Lawyer's Practical GuideCommercial Property Due Diligence - a Lawyer's Practical Guide
Commercial Property Due Diligence - a Lawyer's Practical GuideTom Meagher
 
Franchising systems - when they work and what to do when they don't!
Franchising systems - when they work and what to do when they don't!Franchising systems - when they work and what to do when they don't!
Franchising systems - when they work and what to do when they don't!Tom Meagher
 
"SMSF and Trusts' Transactions for Real Property Matters" seminar
"SMSF and Trusts' Transactions for Real Property Matters" seminar"SMSF and Trusts' Transactions for Real Property Matters" seminar
"SMSF and Trusts' Transactions for Real Property Matters" seminarTom Meagher
 
Sale of a Business - Legal Risk Factors and Due diligence
Sale of a Business - Legal Risk Factors and Due diligenceSale of a Business - Legal Risk Factors and Due diligence
Sale of a Business - Legal Risk Factors and Due diligenceTom Meagher
 
Contract Reviews and Negotiations -
Contract Reviews and Negotiations - Contract Reviews and Negotiations -
Contract Reviews and Negotiations - Tom Meagher
 
Debt Management And Recovery Guide Murfett Legal
Debt Management And Recovery Guide Murfett LegalDebt Management And Recovery Guide Murfett Legal
Debt Management And Recovery Guide Murfett LegalTom Meagher
 

Mehr von Tom Meagher (7)

Use of Deposits in Sale Contracts
Use of Deposits in Sale ContractsUse of Deposits in Sale Contracts
Use of Deposits in Sale Contracts
 
Commercial Property Due Diligence - a Lawyer's Practical Guide
Commercial Property Due Diligence - a Lawyer's Practical GuideCommercial Property Due Diligence - a Lawyer's Practical Guide
Commercial Property Due Diligence - a Lawyer's Practical Guide
 
Franchising systems - when they work and what to do when they don't!
Franchising systems - when they work and what to do when they don't!Franchising systems - when they work and what to do when they don't!
Franchising systems - when they work and what to do when they don't!
 
"SMSF and Trusts' Transactions for Real Property Matters" seminar
"SMSF and Trusts' Transactions for Real Property Matters" seminar"SMSF and Trusts' Transactions for Real Property Matters" seminar
"SMSF and Trusts' Transactions for Real Property Matters" seminar
 
Sale of a Business - Legal Risk Factors and Due diligence
Sale of a Business - Legal Risk Factors and Due diligenceSale of a Business - Legal Risk Factors and Due diligence
Sale of a Business - Legal Risk Factors and Due diligence
 
Contract Reviews and Negotiations -
Contract Reviews and Negotiations - Contract Reviews and Negotiations -
Contract Reviews and Negotiations -
 
Debt Management And Recovery Guide Murfett Legal
Debt Management And Recovery Guide Murfett LegalDebt Management And Recovery Guide Murfett Legal
Debt Management And Recovery Guide Murfett Legal
 

Kürzlich hochgeladen

Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.2020000445musaib
 
Right to life and personal liberty under article 21
Right to life and personal liberty under article 21Right to life and personal liberty under article 21
Right to life and personal liberty under article 21vasanthakumarsk17
 
OMassmann - Investment into the grid and transmission system in Vietnam (2024...
OMassmann - Investment into the grid and transmission system in Vietnam (2024...OMassmann - Investment into the grid and transmission system in Vietnam (2024...
OMassmann - Investment into the grid and transmission system in Vietnam (2024...Dr. Oliver Massmann
 
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Rich Bergeron
 
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Rich Bergeron
 
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsTown of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsRich Bergeron
 
Labour legislations in India and its history
Labour legislations in India and its historyLabour legislations in India and its history
Labour legislations in India and its historyprasannamurthy6
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfssuser3e15612
 
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment CaseTown of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment CaseRich Bergeron
 
ENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened to
ENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened toENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened to
ENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened toirenelavilla52178
 
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxThe Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxgurcharnsinghlecengl
 
1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in SalesMelvinPernez2
 
RA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxRA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxJFSB1
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesChesley Lawyer
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Centerejlfernandez22
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxjennysansano2
 
Choosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in TexasChoosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in TexasBrandy Austin
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideillinoisworknet11
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksFinlaw Associates
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklosbeduinpower135
 

Kürzlich hochgeladen (20)

Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.
 
Right to life and personal liberty under article 21
Right to life and personal liberty under article 21Right to life and personal liberty under article 21
Right to life and personal liberty under article 21
 
OMassmann - Investment into the grid and transmission system in Vietnam (2024...
OMassmann - Investment into the grid and transmission system in Vietnam (2024...OMassmann - Investment into the grid and transmission system in Vietnam (2024...
OMassmann - Investment into the grid and transmission system in Vietnam (2024...
 
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
 
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
 
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsTown of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
 
Labour legislations in India and its history
Labour legislations in India and its historyLabour legislations in India and its history
Labour legislations in India and its history
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
 
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment CaseTown of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
 
ENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened to
ENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened toENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened to
ENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened to
 
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxThe Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
 
1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales
 
RA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxRA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptx
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Center
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docx
 
Choosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in TexasChoosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in Texas
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guide
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklos
 

Privacy Act, Spam Act and "the Cloud" seminar (May 2014)

  • 1. THE PRIVACY ACT, THE SPAM ACT & “THE CLOUD” – A BUSINESS LAWYER’S GUIDE Presented by: Tom Meagher Director – Commercial Law © Murfett Legal 2014 All rights reserved – no reproduction permitted
  • 2. © Murfett Legal 2014 Tom Meagher | Director | Commercial Law Tom has 25 years’ business experience; including working for major national and local law firms, owning and managing IT businesses, and being a director and in-house counsel for a public company. Tom’s clients include a broad range of local and national businesses and organisations (including not-for-profit entities), accounting firms, financiers, lessors, finance brokers, financial advisers, franchisors, and high net-wealth families. Tom is also a regular presenter of seminars to various associations and professional bodies on a wide-range of business law topics. These include: The Tax Institute, Small Business Development Corporation, LegalWise, The Australian Institute of Conveyancers, Institute of Chartered Accountants of Australia, Law Society of WA, Institute of Public Accountants, National Electrical & Communications Association, Institute of Certified Bookkeepers, Mortgage & Finance Association of Australia, Stirling Business Enterprise Centre, Subiaco Business Association and Business Foundations Inc.
  • 3. Disclaimer • The information presented in this seminar is intended only as a guide, as to the topic and the matters discussed. • This seminar is not legal advice and must not be relied on as such. • If you have a matter which relates to this seminar or you require legal advice, careful review and analysis of your matter’s particular facts, information and documents is required before proper legal advice can be given or applied to your matter. © Murfett Legal 2014
  • 4. Overview © Murfett Legal 2014 • Privacy Act 1988 (Cth) • Amendments to the Privacy Act 1988 (Cth) • Australian Privacy Principles • Spam Act 2003 (Cth) • Data / Hosting – “The Cloud!”
  • 5. Privacy Act 1988 (Cth) • Privacy Act regulates the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information, and access to and correction of that information. • The Privacy Act also: – Regulates the collection, storage, use disclosure, security and disposal of individuals’ tax file number. – permits the handling of health information for health and medical research purposes in certain circumstances, where researchers are unable to seek individuals' consent. © Murfett Legal 2014
  • 6. Privacy Act 1988 (Cth) (cont.) – allows the Information Commissioner to approve and register enforceable APP codes that have been developed by an APP code developer, or developed by the Information Commissioner directly. – permits a small business operator, who would otherwise not be subject to the Australian Privacy Principles (APPs) and any relevant privacy code, to opt-in to being covered by the APPs and any relevant APP code. – allows for privacy regulations to be made. © Murfett Legal 2014
  • 7. Who has responsibilities under the Privacy Act? • Australian and Norfolk Island Government agencies and all businesses and not-for-profit organisations with an annual turnover greater than $3 million have responsibilities under the Privacy Act subject to some exceptions. • As well some small business operators (organisations with a turnover of $3 million or less) are covered by the Privacy Act including: – private sector health service providers, including child care centres, private schools and private tertiary educational institutions. © Murfett Legal 2014
  • 8. Who has responsibilities under the Privacy Act? (cont.) © Murfett Legal 2014 – businesses that sell or purchase personal information – credit reporting bodies – contracted service providers for a Commonwealth contract – employee associations registered or recognised under the Fair Work (Registered Organisations) Act 2009. – businesses that have opted-in to the Privacy Act – businesses prescribed by the Regulations.
  • 9. Who has responsibilities under the Privacy Act? (cont.) © Murfett Legal 2014 • Others – activities of reporting entities or authorised agents relating to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and its Regulations and Rules – acts and practices to do with the operation of a residential tenancy database – activities related to the conduct of a protection action ballot • Specified persons – credit reporting information — including credit reporting bodies, credit providers (which includes energy and water utilities and telecommunication providers) and certain other third parties
  • 10. Who has responsibilities under the Privacy Act? (cont.) © Murfett Legal 2014 – tax file numbers under the Tax File Number Guidelines – personal information contained on the Personal Property Securities Register – old conviction information under the Commonwealth Spent Convictions Scheme – ehealth record information under the Personally Controlled Electronic Health Records Act 2012 and Individual Healthcare Identifiers under the Healthcare Identifiers Act 2010
  • 11. Privacy Act 1988 (Cth) Amendments • 12 March 2014 the Privacy (Enhancing Privacy Protection) Act 2012 (Cth) took effect. It was described as the biggest change to the Privacy Act in over 20 years. • The Privacy Act amendments include: – mandatory Australian Privacy Principles (APPs) - combines and replaces the National Privacy Principals and the Information Privacy Principals set out in the Privacy Act 1988 (Cth). – credit reporting provisions that apply to the handling of credit- related personal information that credit providers are permitted to disclose to credit reporting bodies for inclusion on individuals’ credit reports. © Murfett Legal 2014
  • 12. Privacy Act 1988 (Cth) Amendments (cont.) – Enhanced powers for the Office of the Australian Information Commissioner (“OAIC”). – Recognising external dispute resolution schemes. – New provisions on codes of practice about information privacy (APP codes) and a code of practice for credit reporting (the CR code), including enabling the Information Commissioner to develop and register binding codes that are in the public interest. © Murfett Legal 2014
  • 13. Changes to Credit Reporting Laws • What is the purpose of credit reporting? – To balance protecting your personal information with the need to credit providers to have enough information to help them decide whether or nor to give you credit. Such as a bank loan. • The Privacy Act now includes new credit reporting provisions including: – The introduction of more comprehensive credit reporting, a simplified and enhanced correction and complaints process – The introduction of civil penalties for breaches of certain credit reporting provisions © Murfett Legal 2014
  • 14. Changes to Credit Reporting Laws (cont.) – A requirement for credit providers to be a member of an external dispute resolution scheme, recognised under the Privacy Act, to be able to participate in the credit reporting system © Murfett Legal 2014
  • 15. Australian Privacy Principles (“APP”) • There are 13 Australian Privacy Principles (“APP”) that apply to the handling of personal information by most Australian and Norfolk Island Government agencies and some private sector organisations • This comprehensive set of APPs applies specifically to organisations that have an annual turnover greater than $3 million dollars and have direct sales to customers forming part of their business. © Murfett Legal 2014
  • 16. Australian Privacy Principles (“APP”) (cont.) • APP 1 – open and transparent management of personal information • APP 2 – anonymity and pseudonymity • APP 3 – collection of solicited personal information • APP 4 – dealing with unsolicited personal information • APP 5 – notification of the collection of personal information • APP 6 – use or disclose of personal information • APP 7 – direct marketing • APP 8 – cross-border disclosure of personal information © Murfett Legal 2014
  • 17. Australian Privacy Principles (“APP”) (cont.) • APP 9 – adoption, use or disclosure of government related identifiers • APP 10 – quality of personal information • APP 11 – security of personal information • APP 12 – access to personal information • APP 13 – correction of personal information © Murfett Legal 2014
  • 18. Spam Act 2003 (Cth) • The purpose of the Spam Act was developed in response to the problems caused by the growing volume of unsolicited commercial electronic messages, or spam. • Spam threatens the viability and efficiency of electronic messaging. It damages consumer confidence, obstructs legitimate business activities and imposes many costs on users. • Preserves legitimate business communication activities and encouraging the responsible use of electronic messaging. © Murfett Legal 2014
  • 19. Spam Act 2003 (Cth) (cont.) • The Australian Communications and Media Authority is responsible for enforcing the provisions of the Spam Act. • The National Office for the Information Economy is responsible for providing information and education material about the Spam Act during its implementation. © Murfett Legal 2014
  • 20. Spam Act 2003 (Cth) (cont.) • The Spam Act prohibits the sending of unsolicited commercial electronic messages – known as spam – with an Australian link. • Spam Act defines a commercial electronic message as: – offers, advertises or promotes the supply of goods, services, land or business or investment opportunities – advertises or promotes a supplier of goods, services, land or a provider of business or investment opportunities – helps a person dishonestly obtain property, commercial advantage or other gain from another person • Spam Act defines a commercial message as: – offers, advertises or promotes the supply of goods, services, land or business or investment opportunities © Murfett Legal 2014
  • 21. Spam Act 2003 (Cth) (cont.) – advertises or promotes a supplier of goods, services, land or a provider of business or investment opportunities – helps a person dishonestly obtain property, commercial advantage or other gain from another person • Spam Act defines an electronic message as ‘commercial’ by considering: – the content of the message – the way the message is presented – any links, phone numbers or contact information in the message that leads to content with a commercial purpose— as these may also lead the message to be defined as 'commercial' in nature © Murfett Legal 2014
  • 22. Spam Act 2003 (Cth) (cont.) • Messages covered by the Spam Act include: – Email – Short Message Service (SMS) – Multimedia Message Service (MMS) – Instant Messaging (IM) • Messages not covered by the Spam Act are: – Non-electronic messages (such as ordinary mail, paper, flyers etc) – Voice to voice telemarketing – The majority of “pop up” windows that appear on the internet (they are usually an intrinsic part of a webpage that has been accessed, rather than a message sent to the recipient address); and – Messages without any commercial content that do no contain links or directions to a commercial website or location © Murfett Legal 2014
  • 23. Social Media and Spam Act 2003 (Cth) • Facebook community standards – Phishing and Spam • We take the safety of our members seriously and work to prevent attempts to compromise their privacy or security. We also ask that you respect our members by not contacting them for commercial purposes without their consent. • Facebook Pages Term – III Page Features - A. Advertising on Pages • Third-party advertisements on Pages are prohibited, without our prior permission. © Murfett Legal 2014
  • 24. Spam Act 2003 (Cth) Steps to follow • Step 1 – CONSENT • Step 2 – IDENTIFY • Step 3 – UNSUBSCRIBE © Murfett Legal 2014
  • 25. Spam Act 2003 (Cth) STEP 1 - CONSENT • Only send when you have consent • Consent can either be – Express; or – Inferred • Express Consent – You have received specific consent from addressee. Examples include • The addressee has subscribed to your electronic advertising mailing list • The addressee has deliberately ticked a box consenting to receive messages or advertisements from you; or • The addressee has specifically requested such material from you over the telephone. © Murfett Legal 2014
  • 26. Spam Act 2003 (Cth) STEP 1 – CONSENT (cont.) • Inferred Consent – The addressee has not directly instructed you to send them a message, but it is clear that there is a reasonable expectation that messages will be sent. – You may be able to reasonably infer consent after considering both the conduct of the addressee and their relationship with you. – Examples of where consent may be inferred are: • When purchasing goods or services an addressee has provided their electronic address in the general expectation that there will be follow-up communications © Murfett Legal 2014
  • 27. Spam Act 2003 (Cth) STEP 1 – CONSENT (cont.) • When an addressee has provided their address with the understanding that it would be used in day-to-day transactions (such as online banking or business), and may be used for additional communications (for example notification of related services or products); • Online registration of a product or a warranty; • When an addressee conspicuously published their electronic address; • When an addressee has provided a business card containing their electronic address • Existing relationship – Possible for you to infer consent based on the status of your relationship with the addressee, as long as it is consistent with the reasonable expectations of the addressee, and their conduct. © Murfett Legal 2014
  • 28. Spam Act 2003 (Cth) STEP 1 – CONSENT (cont.) • Examples that might suggest that a business, or other, relationship exists from which you may reasonably infer consent. – Shareholders – Contractors – Employers and employees – Bank account holders – Registered users of online services – Persons who have purchased goods or services which involves ongoing warranty and service providers – Professional association members – Bank account holders © Murfett Legal 2014
  • 29. • If you are not sure if consent has been given, you should seek confirmation from that addressee that you can send commercial electronic messages to them. • Do not accept subscription by a third party on behalf of another. © Murfett Legal 2014 Spam Act 2003 (Cth) STEP 1 – CONSENT (cont.)
  • 30. • Include accurate information about the person and business that is responsible for sending the commercial electronic message. • Accurate information included details that clearly identify your business (for example the business name) and details about how addressee may contact you. • Sender information must be reasonably likely to be accurate for a period of 30 days after the day on which you send your message. © Murfett Legal 2014 Spam Act 2003 (Cth) STEP 2– IDENTIFY
  • 31. • You need to provide people the choice to opt out, or unsubscribe, from your future commercial electronic messages. • Must be clearly presented and easy to use. • Ensure that a functional unsubscribe facility is included in all your commercial electronic messages. • Deal with unsubscribe requests promptly. © Murfett Legal 2014 Spam Act 2003 (Cth) STEP 3– UNSUBSCRIBE
  • 32. Spam Act 2003 (Cth) PENALTIES • Financial Penalties associated with a breach of the Spam Act are substantial: – May be subject to a Court imposed penalty of up to $220,000 for a single day’s contravention. If, after finding, the business contravenes the same provision, they may be subject to a penalty of up to $1.1 million. – The Spam Act specified a number of options that are available to enforce the legislation, depending on which is the most appropriate response to the contravention that has occurred. – The range of possible activities includes • Formal warnings • Infringement notices (similar to a speeding ticket) • Court action © Murfett Legal 2014
  • 34. Data / Hosting – “The Cloud” • New powers to the Office of the Australian Information Commissioner (OAIC) to monitor how companies comply with the policy, which includes making sure companies are investing in new IT systems and staff training, and ensuring privacy complaints are handled in a timely, effective manner. • Affects all Australia-based organisations that store any personal data about their customers, including cloud and communications service providers. • Make explicitly clear whether that data is stored or processed outside of Australia, and all suppliers involved with that process – whether in or outside Australia – need to comply with those same policies. © Murfett Legal 2014
  • 35. Data / Hosting – “The Cloud” (cont.) • The amendment makes clear that in the event of a privacy complaint or breach of the principles, even if it was, say, the US subsidiary or home office’s fault, legal fault still lies with the Australian company. Or if it’s a US company operating there, it needs to comply [with the principles] and can be penalised if it doesn’t. • Regulated by the – Office of the Australian Information Commissioner (OAIC) and – The Australian Communications and Media Authority (ACMA). © Murfett Legal 2014
  • 36. Data / Hosting – “The Cloud” (cont.) • What is cloud computing? – Web based email (such as Gmail and Hotmail) and social networking websites (such As Facebook) are examples of Cloud services. – Can be delivered through a multitude of models. – The term “Cloud” generally refers to information technology services, for example web-based email and social networking sites that: • Are delivered via the internet (the “Cloud” being an icon for the internet); and • Typically have a de-centralised IT infrastructure (ie the supplier’s data centres are spread across multiple and sometimes offshore locations. © Murfett Legal 2014
  • 37. Data / Hosting – “The Cloud” and The APP’s • Agencies and businesses that deal with personal information need to be mindful that: – APP5 – if a company collects personal information and is likely to disclose such information to overseas recipients, it must provide notice at the time of collection of the countries in which such recipients are likely to be located. – APP8 (cross-border disclosure of personal information) regulates the disclosure/transfer of personal information by an agency or business to a different entity (including a parent company) offshore. Before disclosure of personal information offshore, the Australian agency/business (Australian sender) must take reasonable steps to ensure the overseas recipient will comply with/not breach the APPs. © Murfett Legal 2014
  • 38. Data / Hosting – “The Cloud” and The APP’s (cont.) – This can be done by appropriate contractual provisions. However, the Australian Sender will (subject to limited exceptions) remain liable for the overseas recipient's acts and practices in respect of the personal information sent as if the Australian Sender had engaged in such activities in respect of that personal information in Australia and, where relevant, be in breach of the APPs due to the overseas recipient's acts or omissions. © Murfett Legal 2014
  • 39. Data / Hosting – “The Cloud” and The APP’s (cont.) – APP11 requires an organisation to destroy or de-identify personally identifiable information when it is no longer needed for any purpose for which it was collected. – APP11.1 (Security of personal information) requires that an organisation must "take reasonable steps to protect the personal information it holds from misuse, interference and loss and from unauthorised access, modification or disclosure". © Murfett Legal 2014
  • 40. Data / Hosting – “The Cloud” – Practical Ways to Address Privacy Obligations • Businesses and agencies which rely on Cloud services commonly address their obligations under the Privacy Act by – Notifying/ obtaining any relevant consents from individuals whose personal information they collect to process and store their information in the Cloud – By placing appropriate Australian specific contractual obligations of privacy on the Cloud vendor. • From a privacy perspective, some of the most important matters for an agency or business to fully investigate and understand when negotiating an agreement with a Cloud vendor include: – the types and sensitivity of the information that the business/agency wants to put into the Cloud (eg personal and/or confidential information about customers and employees); © Murfett Legal 2014
  • 41. Data / Hosting – “The Cloud” – Practical Ways to Address Privacy Obligations – what privacy and other obligations the business/agency has with respect to the information (eg contractual, regulatory or statutory obligations); – the mechanisms and protections that the vendor has in place to protect and manage the information, including disaster recovery processes to protect against data loss; – the locations of the vendor's data centres and other infrastructure and, if offshore locations are involved, what foreign laws will apply; and – the vendor's reputation and track record in relation to security and privacy. © Murfett Legal 2014
  • 42. Data / Hosting – “The Cloud” – Practical Ways to Address Privacy Obligations • Ensure agreement places appropriate privacy related obligations on the vendor. • Customer needs to ensure that it understands (and does not try and impose on the vendor) the privacy obligations which are rightfully those of the customer or, practically, are best managed by the customer (eg around the original collection of the information). Some of the appropriate customer rights/vendor obligations to consider will relate to: – retention of ownership of the information (ie ensuring it is clear that this is owned by the agency/business customer); © Murfett Legal 2014
  • 43. Data / Hosting – “The Cloud” – Practical Ways to Address Privacy Obligations – security arrangements to ensure that all information is safeguarded and secure, and rights to audit the vendor's compliance with those security arrangements; – reporting of information breaches and indemnities with respect to losses resulting from privacy related breaches; – disaster recovery measures to help protect against information loss; – storage of information only in nominated countries that have privacy protections which are compatible with Australian privacy law; and – rights to audit and access information, including a right to the return of information when the agreement ends © Murfett Legal 2014
  • 44. Data / Hosting – “The Cloud” Penalties • OAIC will be able to hand out fines of up to $1.7m for any organisation found to be in breach of the Act. • Australian telco Telstra ordered to pay AU$10,200 after it was found to have compromised names, phone numbers and addresses of approximately 15,775 of its customers. © Murfett Legal 2014
  • 45. Data / Hosting – “The Cloud” Penalties (cont.) • The fine was handed down because Telstra failed to comply with security guidelines it intended to set in place after a 2011 breach that saw the telco haemorrhage personal information of over 700,000 customers. © Murfett Legal 2014
  • 46. © Murfett Legal 2013 THANK YOU! tom@murfett.com.au www.murfett.com.au
  • 47. Seek professional, friendly legal advice so you can make an informed decision • Business / Commercial Law • Business Structures • Business Succession • Business Turnaround • Contract Advice • Debt Collection • Employment Law • Estate Planning • Franchising • Hospitality Law • Insolvency • Intellectual Property • Leasing • Liquor Licensing • Litigation • Property Law Advice • Restructuring • Settlements • Sports and Entertainment Law • Strategy and Negotiation • Superannuation • Taxation • Trusts • Wills © Murfett Legal 2014