Good information privacy practices are an everyday part of the way HWL Ebsworth runs its practice. We have developed a privacy culture within the firm by promoting sound privacy practices, procedures and systems for the management of personal information in accordance with the Privacy Act 1988 (Cth) (the Act).
In addition to our obligations under the Act, we are legal practitioners with strict professional obligations to our clients and the courts, including obligations of confidentiality. Also, our clients will often have legal professional privilege over records and communications in connection with our services.
1. What is personal information?
‘Personal information’ is information or opinion (in recorded form or otherwise) about an identified, or reasonably identifiable, individual. This includes your name, your date of birth and your contact details, and may also include information about your dealings with us.
‘Sensitive information’ is a sub-set of personal information and includes information or opinions about your racial or ethnic origin, political opinions, memberships, religious beliefs, sexual orientation, health or criminal record.
2. Collection and storage of personal information
Where possible, we collect your personal information directly from you during the course of our business relationship. Where it is not practicable or reasonable to collect your information directly from you, we may collect it from other sources. We usually collect and hold the following kinds of personal information:
- name, address, occupation, professional membership and contact information;
- interests in areas of legal practice or events;
- information about people’s dealings with us or our clients; and
- information provided by or on behalf of applicants for employment.
We only collect, use or disclose sensitive information about you if it is reasonably necessary for us to do so in order to perform our functions and if you have consented to us doing so or the law allows us to do so without that consent.
3. Our purposes for handling your personal information
We collect, hold, use or disclose personal information:
- to provide our legal services;
- to provide you with our communications;
- to obtain the services of third party service providers as part of providing our services;
- to manage and improve our legal services and client relationships;
- where we are otherwise required or authorised to do so by law; and
- otherwise, to run our business.
We may disclose personal information to:
- other entities as part of providing our services to our clients, including barristers, experts and/or valuers we have engaged, and other parties involved in dispute resolution;
- third party service providers, such as imaging firms and couriers;
- our professional advisers and insurers; and
- others where you have provided your consent for us to do so.
We do not routinely disclose personal information overseas. We do disclose personal information overseas when it is specifically appropriate to providing our legal services for a particular client.
If we do disclose your information, where it is lawful and appropriate, we ensure that the recipient is bound by an obligation of confidentiality.
Where we have a business relationship with you, or you have consented, we may send legal updates or other communications to you. You may opt out at any time if you no longer wish to receive our marketing information. You can make this request by using the contact details provided below, or by ‘unsubscribing’ from our email marketing messages.
We do not disclose your personal information (including your email address) to any third party for the purpose of allowing them to market their products or services to you.
6. Data quality
The accuracy of your personal information is important to us and is fundamental to providing you with proper legal services. We seek to ensure that the personal information we collect, use and disclose is accurate, complete and up-to-date and, in the case of use or disclosure, relevant.
7. Data security
We hold your personal information in paper-based and electronic files and we take stringent measures to protect that information from misuse, interference and loss and from unauthorised access, modification or disclosure. We have a broad range of security safeguards in place to protect your personal information, including that:
- all electronic databases incorporate strict password access and virus and firewall protection procedures;
- sensitive personal information is only accessible by designated staff bound by duties of confidentiality; and
- physical and logical security measures are employed to deal with external threats and the possibility of internal ones.
When we no longer require your personal information, it is securely destroyed and/or deleted from our systems. For matter related information, this usually occurs seven years after the completion of your matter.
You may request access to the personal information we hold about you at any time, by using our contact details below. We will promptly acknowledge your request for access and let you know when we will provide you with the requested information. If we refuse access, we will provide you with a written notice which sets out (unless the law allows us not to specify a reason) the reasons for the refusal and how you can complain about our refusal. We may recover our reasonable costs for giving access to your personal information. Please be aware that due to our professional obligations, we may not be able to confirm that we act for a particular client or whether we hold any information about any person at a particular time or at all.
We seek to ensure that the personal information we hold is accurate, up-to-date, complete and, in the case of use and disclosure, relevant.
Where we believe that the information we hold is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will take reasonable steps to correct that information and (if you ask and it is reasonable and practicable for us to do so) to notify that correction to third parties that may have received the incorrect information from us. If you believe that information we hold about you should be corrected, you may also request that we do so, by using our contact details below.
If we do not agree with the corrections you have requested, we are not obliged to alter your personal information. Instead, we will give you a written notice which sets out (unless the law allows us not to specify a reason) the reasons for our refusal and how you can complain about our refusal. You can also ask us to associate a statement with the relevant information that puts your view that it is inaccurate, out-of-date, incomplete, irrelevant or misleading. We will not charge you for making a correction request, for correcting your information or for associating a statement with your information.
10. Enquiries and complaints
If you would like to make an inquiry or complaint about how we handle your personal information, you can contact the Office of the Australian Information Commissioner on 1300 363 992 or via email at firstname.lastname@example.org.