Engaging overseas contractors can be an effective way for businesses to respond to their business needs. However, while there are many advantages to hiring overseas contractors, you must consider this against legal risks, such as the risk of sharing the personal information of Australian individuals with overseas parties.
.
This article considers how you can comply with your privacy obligations under the Australian Privacy Principles outlined in the Privacy Act 1988 (Cth) when disclosing information with overseas contractors.
Before sharing information with an overseas contractor, you must determine if you are an APP entity. This distinction is important because if an APP entity shares information overseas and that overseas party breaches the APPs, that breach will be taken to be a breach by the APP entity itself.
For example, suppose your business generates more than $3 million in annual turnover. In that case, it will likely be considered an APP entity and will have obligations under the Privacy Act, including concerning the disclosure of personal information overseas.
Suppose you are an APP entity. If so, let us explore several precautionary measures you can take when sharing information with your overseas contractors.
Before sharing information with any third party (including overseas contractors), you should review the terms of your privacy policy to ensure that you have informed your customers that you will share their personal information with overseas contractors.
If you have yet to inform customers of this intended use, you can update your privacy policy and provide notice of this to your customers. You should aim to give your customers at least 30 days’ notice before the privacy policy comes into effect. Accordingly, this will allow your customers to inform you of any issues with your intended use of their personal information before you disclose it.
As a best practice, you should only share information essential for your overseas contractors to be able to deliver the services.
When engaging an overseas contractor, consider the following questions.
1. Whether the volume of information you are sharing with the contractor is necessary to enable them to perform the services?
2. What is the nature of the information?
3. How much access does the contractor have to my existing databases?
You should ensure that the terms of your contractor agreement impose strong privacy obligations on the contractor, particularly concerning any personal information they receive or have access to during the term.
You can include clauses addressing the following:
Saya Hussain
April 18
legalvision.com.au