What do your owners think happens to the personal information they provide to you? Do you warn owners that their personal information may be made available to those inspecting the books and records of the scheme? This could include postal address, telephone number and email address. Do you know what the Australian Privacy Principles are and whether they apply to your business and your schemes? Do you have a privacy policy and does it accurately set out the legal rights and obligations of your business, your owners and your schemes?
If your answers to the above questions are “I don’t know” or “no”, then you have some catching up to do.
The 13 Australian Privacy Principles (APPs) commenced on 12 March 2014. They regulate the handling of personal information by Australian government agencies and private sector organisations with an annual turnover of $3 million or more (“APP Entity”). The 13 APPs are contained in schedule 1 to the Privacy Act 1988.
An APP Entity must have a clearly expressed and up to date policy about its management of personal information. The policy must include the following information (amongst other things):-
- the kinds of personal information that the entity collects and holds;
- how the entity collects and holds personal information;
- the purposes for which the entity collects, holds, uses and discloses personal information;
- how an individual may access personal information about the individual that is held by the entity and seek the correction of such information;
- how an individual may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the entity, and how the entity will deal with such a complaint.
A strata managing agent’s privacy policy should include:-
- a statement that personal information is collected pursuant to section 118 of the Strata Schemes Management Act;
- the reasons why personal information is collected;
- how personal information is used;
- when personal information will be disclosed, including that it may be disclosed to third parties under s 108 and 109 of the Act;
- what to do about updating personal information, or correcting inaccurate personal information.
This list is not exhaustive.
The law requires an APP Entity to regularly review its privacy policy and associated procedures.
We suggest you obtain professional advice and assistance when it comes to reviewing and updating your privacy policies and privacy statements. For strata managers, such assistance should come from a lawyer familiar with strata law, practice and procedure.