You must consider privacy responsibilities if your business collects personal information. Importantly, this includes ensuring that you do not disclose any inaccurate personal information to third-parties. This is because individuals expect that you treat data that is associated with their identity with care, such as their:

  • name;
  • address;
  • phone number;
  • medical records; and
  • credit card details.

If Australian privacy law applies to your business practices, you will also have a responsibility to ensure the quality of the personal information you hold and disclose. Failing to do so can result in penalties that could harm your reputation and finances. This article looks at: 

  • the obligation to hold and disclose accurate information; and 
  • a case study concerning the Commonwealth Bank.

Personal Information Must Be Accurate

Australian privacy law is primarily governed by the Privacy Act (the Act). The Act applies to businesses with an annual turnover of over $3 million. 

It also applies to businesses that:

  • hold health information and provide a health service; 
  • contract with the Commonwealth; or 
  • provide or receive a benefit for personal information. 

These tests are not exhaustive, so you should check whether any other factors outlined under the Act capture your business.

If your business does need to comply with the Act, you will need to consider the Australian Privacy Principles (APPs). Among other guidelines, these principles require that you reasonable steps to ensure that data you collect, use and disclose is:

  • accurate;
  • up-to-date;
  • complete; and
  • relevant.

This means that disclosing inaccurate personal information of your customers or clients can lead to harsh consequences.

What Are Reasonable Steps?

Whether your actions constitute taking reasonable steps will depend on the: 

  • type of information you are collecting and disclosing; and 
  • the circumstances around that collection or disclosure. 

You must consider several factors, such as the: 

  • sensitivity of the data; 
  • possible adverse consequences if it is inaccurate; and 
  • time and cost involved in managing the data. 

For example, reasonable steps might involve:

  • offering customers access to an online portal to check and update their own personal information;
  • training staff how to properly handle personal information and to check its accuracy at the time of collection; and
  • contacting the individual to confirm whether their personal information is correct before you share it with another party, especially if it was collected a long time ago.

Therefore, you must take reasonable steps to ensure the quality of personal information. This helps to protect individuals from incorrect information being held about them and disclosed to third parties, as this can harm their business and personal opportunities.

Case Study: The Commonwealth Bank

The Office of the Australian Information Commissioner (OAIC) made a privacy determination against the Commonwealth Bank in June 2019. This decision uncovered the potential consequence of disclosing inaccurate personal information. It also demonstrates the harsh penalties imposed against businesses that fail to comply with their privacy obligations.

In this case, an individual applied for several home loans with a variety of financial institutions. After each bank denied his applications, the individual brought a claim against the Commonwealth Bank for interfering with their privacy. 

This is because the bank gave at least one of the other financial institutions incorrect information about the individual’s credit history. The Commonwealth Bank suggested that the individual had not paid off their credit card debt. However, the debt had actually been transferred by the Commonwealth Bank to the Credit Corp Group (CCG). The individual had then paid off their debt with CCG. 

The Commonwealth Bank failed to record or share this extra information with the other financial institutions. Therefore, the OAIC found that the bank had breached the requirement to disclose personal information that is: 

  • accurate;
  • up-to-date;
  • complete; and 
  • relevant. 

In finding that the bank had breached the Act, the OAIC awarded monetary compensation of $15,000 to the individual. They also required the bank to issue a written apology and amend its: 

  • policies;
  • operation processes; and 
  • procedures.

This demonstrates the harsh penalties that you could face for disclosing inaccurate personal information. Therefore, you should always take reasonable steps to ensure the information you share with third-parties is up-to-date and relevant.

Key Takeaways

If your business is required to comply with the Privacy Act, you will have an obligation to collect and disclose information that is:

  • accurate;
  • up-to-date; and 
  • complete. 

You will need to take reasonable steps to ensure that the information you hold is correct. This will depend on what is considered reasonable for the: 

  • type of information you are collecting; and 
  • the type of disclosure you are making. 

If you fail to do so, you may be investigated by the OAIC for breaching your privacy obligations. This may include a fine and could harm your reputation. If you would like legal advice concerning your obligations to ensure accurate personal information, contact LegalVision’s privacy lawyers on 1300 544 755 or fill out the form on this page.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.
Jacqueline Gibson
Get a Free Quote Now

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • We will be in touch shortly with a quote. By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.
Our Awards
  •  Top 20 Startups in Australia - 2018 LinkedIn Startups List Top 20 Startups in Australia - 2018 LinkedIn Startups List
  • NewLaw Firm of the Year – 2019 Australian Law Awards NewLaw Firm of the Year – 2019 Australian Law Awards
  • Law Firm of the Year Finalist – 2018 Australasian Law Awards Law Firm of the Year Finalist – 2018 Australasian Law Awards
  • AFR Fast 100 List – 2018 Australian Financial Review AFR Fast 100 List – 2018 Australian Financial Review
  • NewLaw Firm of the Year – 2017 Australian Law Awards NewLaw Firm of the Year – 2017 Australian Law Awards
  • Most Innovative Law Firm - 2019 Australasian Lawyer Most Innovative Law Firm - 2019 Australasian Lawyer

Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at info@legalvision.com.au

View Privacy Policy