Good information privacy practices are an everyday part of the way HWL Ebsworth runs its practice. We have developed a privacy culture within the firm by promoting sound privacy practices, procedures and systems for the management of personal information in accordance with the Privacy Act 1988 (Cth) (the Act).
In addition to our obligations under the Act, we are legal practitioners with strict professional obligations to our clients and the courts, including obligations of confidentiality. Also, our clients will often have legal professional privilege over records and communications in connection with our services.
1. What is personal information?
‘Personal information’ is information or opinion (in recorded form or otherwise) about an identified, or reasonably identifiable, individual. This includes your name, your date of birth and your contact details, and may also include information about your dealings with us.
‘Sensitive information’ is a sub-set of personal information and includes information or opinions about your racial or ethnic origin, political opinions, memberships, religious beliefs, sexual orientation, health or criminal record.
2. Collection and storage of personal information
Where possible, we collect your personal information directly from you during the course of our business relationship. Where it is not practicable or reasonable to collect your information directly from you, we may collect it from other sources. Information is often collected from our clients but may also be collected from sources such as your employer or colleagues, government registers, and online publications.
We usually collect and hold the following kinds of personal information:
- Information about people’s dealings with us or our clients;
- Name, address, job title, professional membership and contact information;
- If you are a client or potential client, information about your organisation and your role, information on other employees and management in your organisation, payment information and information about your legal matters;
- Interests in areas of legal practice or events; and
- Information provided by or on behalf of applicants for employment.
We only collect, use or disclose sensitive information about you if it is reasonably necessary for us to do so in order to perform our functions and if you have consented to us doing so, or if the law allows us to do so without that consent.
3. Our purposes for handling your personal information
We collect, hold, use or disclose personal information:
- To provide our legal services;
- To provide you with our communications;
- To provide you with events or seminars;
- To obtain the services of third party service providers as part of providing our services;
- To manage and improve our legal services and client relationships;
- Where we are otherwise required or authorised to do so by law; and
- Otherwise, to run our business.
Without collecting personal information we would not be able to provide you with some of our services.
Subject to our professional obligations to our clients, we may disclose personal information:
- To other entities (such as barristers, experts and/or valuers we have engaged, and other parties involved in dispute resolution) as part of providing our services to our clients;
- To third party service providers, agents and contractors such as imaging firms, marketing firms and couriers;
- To our professional advisers and insurers;
- To regulators, government agencies, and law enforcement agencies or as otherwise required or authorised by law; and
- To others where you have provided your consent for us to do so.
We do not routinely disclose personal information overseas. We do disclose personal information overseas when it is specifically appropriate to providing our legal services for a particular client.
If we do disclose your information we ensure that the recipient is bound by an obligation of confidentiality, where it is lawful and appropriate to do so. (If information is disclosed to a court or a government body, it will usually not be possible to require that it be kept confidential.)
Where we have a business relationship with you, or you have consented, we may send legal updates or other communications to you. You may opt out at any time if you no longer wish to receive our marketing information. You can make this request by using the contact details provided below, or by ‘unsubscribing’ from our email marketing messages.
We do not disclose your personal information (including your email address) to any third party for the purpose of allowing them to market their products or services to you.
6. Data quality
The accuracy of your personal information is important to us and is fundamental to providing you with proper legal services. We seek to ensure that the personal information we collect, use and disclose is accurate, complete and up-to-date and, in the case of use or disclosure, relevant.
7. Data security
We hold your personal information in paper-based and electronic files and we take stringent measures to protect that information from misuse, interference and loss and from unauthorised access, modification or disclosure.
We have a broad range of security safeguards in place to protect your personal information, including that:
- All electronic databases incorporate strict password access and virus and firewall protection procedures;
- Sensitive personal information is only accessible by designated staff bound by duties of confidentiality; and
- Physical and logical security measures are employed to deal with external threats and the possibility of internal ones.
When we no longer require your personal information, it is securely destroyed and/or deleted from our systems. For matter related information, this usually occurs seven years after the completion of your matter.
You may request access to the personal information we hold about you at any time, by using our contact details below. We will promptly acknowledge your request for access and let you know when we will provide you with the requested information. If we refuse access, we will provide you with a written notice which sets out (unless the law allows us not to specify a reason) the reasons for the refusal and how you can complain about our refusal. We may recover our reasonable costs for giving access to your personal information. Please be aware that due to our professional obligations, we may not be able to confirm that we act for a particular client or whether we hold any information about any person at a particular time or at all.
We seek to ensure that the personal information we hold is accurate, up-to-date, complete and, in the case of use and disclosure, relevant.
Where we believe that the information we hold is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will take reasonable steps to correct that information and (if you ask and it is reasonable and practicable for us to do so) to notify that correction to third parties that may have received the incorrect information from us. If you believe that information we hold about you should be corrected, you may also request that we do so, by using our contact details below.
If we do not agree with the corrections you have requested, we are not obliged to alter your personal information. Instead, we will give you a written notice which sets out (unless the law allows us not to specify a reason) the reasons for our refusal and how you can complain about our refusal. You can also ask us to associate a statement with the relevant information that puts your view that it is inaccurate, out-of-date, incomplete, irrelevant or misleading. We will not charge you for making a correction request, for correcting your information or for associating a statement with your information.
10. Enquiries and complaints
We usually respond in writing within 30 days, unless we need further information to respond to your enquiry, concern or complaint.
If you would like to make an inquiry or complaint about how we handle your personal information, you can contact the Office of the Australian Information Commissioner on 1300 363 992 or via email at firstname.lastname@example.org.
12. Personal information about employees
We collect information in relation to employees as part of their application and during the course of their employment, either from them or in some cases from third parties such as recruitment agencies. Under the Privacy Act, personal information about a current or former employee may be held, used or disclosed in any way that is directly connected to the employment relationship. We handle employee information in accordance with legal requirements and our applicable policies in force from time to time.