Personal and confidential information
2. The Act broadly applies to organisations that during the course of their business invariably come into contact with or collect personal information from individuals.
3. “Personal information” means information, or an opinion, and whether recorded in a material form or not, about an individual in circumstances where the individual’s identity can reasonably be ascertained from the information or opinion. Personal information also includes information that can be described as “sensitive information” but does not include information that is publicly available.
4. “Confidential Information” means information about an individual or organisation that is not publicly available, and that which we reasonably consider an individual or organisation would not wish us to disclose to third parties without express consent.
6. We also take pride in maintaining confidentiality of clients’ affairs in circumstances where the client is an organisation as opposed to an individual, and often in addition to our obligations pursuant to the Act.
How we come into contact with personal or confidential information
7. While performing work as lawyers, financial advisers, or financiers we will need to obtain details from clients such as their name, address, telephone and other contact details. The clients often also provide us similar details of other parties relevant to the matter or transaction.
8. In order to provide appropriate advice we may also obtain details in relation to our clients personal relationships; assets or accounts held; information in relation to their business associations, contractors, subcontractors, employees, and their clients. Occasionally we will also come into contact with sensitive information; for example information related to a medical condition to which a client, or friend or relation of the clients’, has suffered or has undergone investigation, or in relation to our client’s criminal history. Often these details may be obtained directly from our client or indirectly through third parties with our authority.
9. We often come into contact with personal or confidential information about individuals or organisations without their direct or express authority. For example, when a client provides us information about a third party or another party involved in the matter or transaction in which we are instructed, or documents are produced by an entity whether or not pursuant to a court order.
Security of personal or confidential information
11. We ensure that we protect all personal and confidential information from misuse, loss, unauthorised access and disclosure. We do this by securing the personal and confidential information in files, computer systems, safes, locked storage rooms, as we consider reasonable and appropriate. We also take advantage of modern technology, including firewalls and security databases, to ensure that only those whom an individual or organisation would reasonably expect come into contact with the information.
12. We ensure that all of our offices are securely locked and protected after hours. We also employ staff whose responsibilities specifically include to ensure that systems are in place to ensure that personal and confidential information held by us is maintained securely and that only those whom the individual or organisation would reasonably expect have access to the information.
13. We endeavour to contact individuals or organisations if we come to hold personal or confidential information about them that they would not reasonably expect us to hold, in circumstances where we believe the information is of such a personal and confidential nature that they would reasonably expect us to inform them that we hold the information.
Use of personal or confidential information
14. We primarily will use personal or confidential information that comes into our possession for the purpose of the matter or transaction in which we are instructed.
15. We will also use personal information obtained for our own internal marketing purposes, for example to promote financial products, provide an update to individuals or organisations about legal developments, to suggest that an individual or organisation may wish to consider seeking advice from us in relation to their affairs, for our policy planning and research and development of our services, to perform credit and fraud and other checks, and to maintain and develop our business systems and infrastructure including the testing and upgrading of these systems.
Disclosure of personal or confidential information
16. We often will need to disclose relevant personal or confidential information for the purpose of obtaining opinions from experts, including accountants, financial advisers, medical practitioners, and so on. If a matter involves a dispute we may need to serve the personal or confidential information on another party to the dispute or disclose it to a tribunal or court to protect or advance that particular client’s position.
17. In circumstances where we are involved in a joint-venture or other business project we may need to disclose, or the other joint-venturer or entity involved in the business project may invariably come into contact with, our clients personal or confidential information.
18. Occasionally, the use of the personal or confidential information may result in the disclosure taking place in another State, Territory, or Country.
19. We may also be compelled by a court, or other regulatory order to disclose personal or confidential information. In these circumstances, we will consider whether we are entitled to refrain from making the information available on the basis that we can exercise a right to exercise legal professional privilege over the personal information.
20. We do not intentionally disclose personal or confidential information unless it is incidental to the conduct a matter or transaction in which we are involved or unless we have an individual or organisation’s express or implied authority to do so. In particular, we do not disclose personal information, other than to related organisations for the purpose of allowing them to directly market their products and services to an individual or organization.
21. We take reasonable steps to ensure that third parties deal with personal information according to the same standards that we subscribe to.
Access to your personal or confidential information that we hold
22. An individual or organisation can write to our director of knowledge management, to update or correct personal or confidential information that we hold about them.
23. Should an individual or organisation no longer wish for us to use personal or confidential information that we hold about them for our internal marketing purposes, they can write to us and request that we refrain from using the personal or confidential information for that purpose and we will take reasonable steps to ensure that this use no longer occurs.
24. Should an individual or organisation wish to consider personal or confidential information that we hold about them, they can make written request to us and we will endeavour to make that information available. We require identification from the individual or organisation as we reasonably consider appropriate and for the individual or organisation requesting the availability of the information to pay the reasonable costs and expenses that we incur in complying with the request.
25. On occasions, we may consider that it is not reasonable or appropriate to comply with an individual’s or organisation’s request to make personal or confidential information about them available. For example, if we consider that the costs and work that we would incur in making personal or confidential information available would be disproportionate to the personal or confidential nature or importance of the information, or if we consider that it would invariably result in the disclosure of other entities personal or information and we reasonably consider that we may expose ourselves to risk of a breach of the National Privacy Principles, breach of fiduciary or other duty, or an allegation that it is inappropriate professional conduct to make the disclosure. If we deny access we will provide the reason for doing so.