- New privacy legislation due to commence in early 2018 will require the mandatory reporting of certain data breaches for organisations which are required to comply with the Privacy Act.
- Be aware that the new legislation could apply to your firm and to your clients.
- Consider a ‘privacy audit’ involving a review of employees’ access to information, the quality of your cyber security measures and the adequacy of training programs.
Solicitors have always been custodians of confidential information. Our obligations to maintain the confidentiality of information received during the solicitor/client relationship arise through the common law, contract and equity. More recently, privacy legislation has put additional obligations upon many organisations that hold sensitive personal information.
These obligations are not limited to clients and may extend to personal information held about any individuals.
While there has always been a need for solicitors to keep information confidential, there is now increased awareness of the need to prevent or respond to data breaches in a world where digital communications are the norm and where technology amplifies the risk of information being illegally accessed or unwittingly disclosed to a wider audience.
Law practices that fall within the ambit of the Privacy Act 1988 (Cth) (‘Privacy Act’) are required to take reasonable steps to protect the personal information they hold from misuse, interference and loss, and from unauthorised access, modification or disclosure (Australian Privacy Principle 11).