Original article by Saya Hussain, Lawyer, LegalVision.
Engaging overseas contractors can be an effective way for businesses to respond to their business needs. However, while there are many advantages to hiring overseas contractors, you must consider this against legal risks, such as the risk of sharing the personal information of Australian individuals with overseas parties. This article considers how you can comply with your privacy obligations under the Australian Privacy Principles outlined in the Privacy Act 1988 (Cth) when disclosing information with overseas contractors.
Before sharing information with an overseas contractor, you must determine if you are an APP entity. This distinction is important because if an APP entity shares information overseas and that overseas party breaches the APPs, that breach will be taken to be a breach by the APP entity itself.
An APP entity is a business that needs to comply with the Australian Privacy Principles (APPs) outlined in the Privacy Act 1988 (Cth) (Privacy Act).
For example, suppose your business generates more than $3 million in annual turnover. In that case, it will likely be considered an APP entity and will have obligations under the Privacy Act, including concerning the disclosure of personal information overseas.
Suppose you are an APP entity. If so, let us explore several precautionary measures you can take when sharing information with your overseas contractors.
As a best practice, you should only share information essential for your overseas contractors to be able to deliver the services.
When engaging an overseas contractor, consider the following questions.
Tip: As a rule, do not provide the contractor with more personal information than is necessary. The more information you share, the higher the risk of individuals using data in a way that breaches the APPs.
Tip: You should consider the nature of the information, and whether it is personal or sensitive information. Sensitive data requires a higher level of confidentiality due to its delicate nature.
Tip: Ensure that you only provide access to the databases that the contractor needs to perform their services. All other access should be limited or subject to your approval.
You should ensure that the terms of your contractor agreement impose strong privacy obligations on the contractor, particularly concerning any personal information they receive or have access to during the term.
You can include clauses addressing the following:
It’s now easier than ever to start a business online. But growing and sustaining an online business requires a great deal of attention and planning.
This How to Start an Online Business Manual covers all the essential topics you need to know about starting your online business.
The publication also includes eight case studies featuring leading Australian businesses and online influencers.
If you are an APP entity looking to engage an overseas contractor, be aware of your obligations under the Privacy Act. Likewise, implement robust processes to mitigate any risk of overseas disclosure breaching your legal obligations. Some steps you can take include:
What is an APP entity?
An APP entity is a business that must comply with the Australian Privacy Principles outlined in the Privacy Act 1998 (Cth).