Key Considerations When Sharing Personal Information with Overseas Contractors

Engaging overseas contractors can be an effective way for businesses to respond to their business needs. However, while there are many advantages to hiring overseas contractors, you must consider this against legal risks, such as the risk of sharing the personal information of Australian individuals with overseas parties.

.

This article considers how you can comply with your privacy obligations under the Australian Privacy Principles outlined in the Privacy Act 1988 (Cth) when disclosing information with overseas contractors.

Are You an APP Entity?

Before sharing information with an overseas contractor, you must determine if you are an APP entity. This distinction is important because if an APP entity shares information overseas and that overseas party breaches the APPs, that breach will be taken to be a breach by the APP entity itself.

For example, suppose your business generates more than $3 million in annual turnover. In that case, it will likely be considered an APP entity and will have obligations under the Privacy Act, including concerning the disclosure of personal information overseas.

Sharing Information With Overseas Contractors

Suppose you are an APP entity. If so, let us explore several precautionary measures you can take when sharing information with your overseas contractors.

1. Privacy Policy

Before sharing information with any third party (including overseas contractors), you should review the terms of your privacy policy to ensure that you have informed your customers that you will share their personal information with overseas contractors.

If you have yet to inform customers of this intended use, you can update your privacy policy and provide notice of this to your customers. You should aim to give your customers at least 30 days’ notice before the privacy policy comes into effect. Accordingly, this will allow your customers to inform you of any issues with your intended use of their personal information before you disclose it.

2. Risk Mitigation

As a best practice, you should only share information essential for your overseas contractors to be able to deliver the services.

When engaging an overseas contractor, consider the following questions.

1. Whether the volume of information you are sharing with the contractor is necessary to enable them to perform the services?

  • Tip: As a rule, do not provide the contractor with more personal information than is necessary. The more information you share, the higher the risk of individuals using data in a way that breaches the APPs.

2. What is the nature of the information?

  • Tip: You should consider the nature of the information, and whether it is personal or sensitive information. Sensitive data requires a higher level of confidentiality due to its delicate nature.

3. How much access does the contractor have to my existing databases?

  • Tip: Ensure that you only provide access to the databases that the contractor needs to perform their services. All other access should be limited or subject to your approval.

3. Contractual Terms

You should ensure that the terms of your contractor agreement impose strong privacy obligations on the contractor, particularly concerning any personal information they receive or have access to during the term.

You can include clauses addressing the following:

  • an acknowledgement by the contractor that you are required to comply with the APPs;
  • a warranty that the contractor will not breach the APPs;
  • an indemnity by the overseas contractor if it breaches the APPs (for example, by disclosing personal information to an unauthorised party); and
  • a data breach response plan that includes a straightforward process for reporting a data breach.

 

 

 

Saya Hussain
April 18
legalvision.com.au

Mark Lisle

Mark Lisle

Mark is our managing partner and has been with the firm for over 36 years. He brings a wealth of experience in all areas of our business, including business advisory, taxation and self managed superannuation.

Mark’s ethos is that good advice stems from working closely with our clients and being prepared to go that extra step to assist them in meeting their goals and optimising their financial position.

Mark is a Fellow of Chartered Accountants Australia and New Zealand, an accredited SMSF Specialist and a registered SMSF auditor.

Outside of work, Mark enjoys trying to keep fit and spending time down at his “second home” in Port Fairy.

Josh Laing

Josh Laing

Joshua began working at Rundles in 1999 whilst still completing his Bachelor of Business (Accountancy) degree at RMIT. After graduating in 2001 he was admitted to the Institute of Chartered Accountants Australia and New Zealand in 2004. Joshua spent two years working in London before returning to Rundles in 2006.

Josh has a wealth of knowledge across a broad range of industries as well as in Self Managed Superannuation. Josh enjoys working with family groups and businesses to ensure they’re structured correctly to maximise asset protection, succession planning and management of tax.

Married with 2 children, Josh spends his weekends with his family and following the Tigers.

Brad Roach

Brad Roach

Brad has been a part of the Rundles Team since 1996 and became a Partner of the firm in 2014. During his time at Rundles, Brad has developed a strong relationship with his clients across a wide range of industries and is dedicated to assisting them to reach their personal and business goals.

Brad is passionate about seeing his clients succeed and utilises his extensive experience in public practice to provide a holistic service to his clients. He also has a wealth of experience in superannuation, particularly self managed superannuation funds.

In his spare time, Brad likes to play a round of golf with friends and enjoys watching his two sons play various sports.

Peter Davison

Peter Davison

Peter graduated from RMIT with a Bachelor of Business (Accountancy) with distinction in 1976. He joined Rundles upon graduating. Peter has been a member of the Institute of Chartered Accountants since 1979 and a Fellow since 1991. As an active yachtie of many years, Peter can often be found on the water. Otherwise, he and his wife spend time with their friends and extended family.

Sandy Gilbert

Sandy Gilbert

Sandy was admitted to the Institute of Chartered Accountants in 1973 and has been a Fellow since 1983. He gained extensive experience in auditing and accounting services over seven years at Pannell Kerr Forster before joining Rundles in 1973. Sandy is married with three children. A former amateur footballer of some note, Sandy is still an avid follower of the game and enjoys weekends at his country retreat.