Reparation Legal/Withuu Gurlpaa (RLWG or “we”) is committed to protecting the privacy of individuals’ personal information.
We are bound by the provisions of the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). In certain circumstances we may also be required to comply with other privacy laws, including health privacy laws enacted by some of the Australian States and Territories, including the Health Records and Information Privacy Act 2002 (NSW) and its Health Privacy Principles.
All of these information privacy laws require us to develop a publicly available policy that sets out how we go about:
- collecting, using and disclosing personal information
- keeping that information secure
- providing you with access to your personal information
- handling inquiries, complaints and disputes about information privacy.
This policy is designed to fulfil these obligations.
Who we are and what we do
We are a New South Wales law firm that provides a range of legal services. We particularly seek to serve those who have suffered damage as a result of abuse.
The relationship between laws that govern the legal profession and information privacy
Lawyers are required to comply with a range of laws that regulate the way in which they go about practising their profession.
We are governed by a range of NSW laws that can affect the way in which we collect and handle information. Some of these include:
- Legal Profession Uniform Law (NSW)
- Legal Profession Uniform Regulations 2015 (NSW)
- Legal Profession Uniform General Rules 2015 (NSW);
- Legal Profession Uniform Admission Rules 2015 (NSW);
- Legal Profession Uniform Law Australian Solicitors’ Conduct Rules 2015 (NSW);
- Legal Profession Uniform Legal Practice (Solicitors) Rules 2015 (NSW); and
- Legal Profession Uniform Continuing Professional Development (Solicitors) Rules 2015 (NSW).
We are also covered by common law rules governing client confidentiality and legal professional privilege.
In general the laws governing the obligations of lawyers to use client information only for the purposes of the client’s benefit override more general information privacy obligations. Where there is a conflict between the laws that govern the relationship between lawyer and client and information privacy laws, the laws that govern the relationship between lawyer and client prevail.
What is personal information?
Personal information is information or an opinion whether true or not and whether recorded in a material form or not about an individual who is identified or is identifiable.
What is sensitive information?
Sensitive information is a sub-category of personal information that is given additional protection under information privacy laws.
Sensitive information is personal information that also constitutes information or an opinion about an individual’s:
- racial or ethnic origin; or
- political opinions; or
- membership of a political association; or
- religious beliefs or affiliations; or
- philosophical beliefs; or
- membership of a professional or trade association; or
- membership of a trade union; or
- sexual orientation or practices; or
- criminal record;
that is also personal information; or
(b) health information about an individual; or
(c) genetic information about an individual that is not otherwise health information; or
(d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
(e) biometric templates.
Why we collect personal information
The main purposes for which we collect personal information are to:
- provide our clients with legal services;
- maintain protective and cyber security;
- send you information if you are on one of our mailing lists;
- obtain goods and services;
- perform research and statistical analysis, including for client satisfaction and service improvement purposes;
- protect the security of our offices, staff, clients and the property held on our premises;
- answer queries and resolve complaints; and
- recruit staff and contractors.
We may also collect personal information for other purposes explained at the time of collection or which are:
- required or authorised by or under law (including, without limitation, privacy legislation); or
- for which you have provided your consent.
How we collect your personal information
In the course of providing legal services or the other activities described in the last paragraph, we collect personal information in a number of ways, including:
- in person (for example, at a meeting, conference or function);
- through one of our websites (see below);
- over the telephone (including through voice mail messages left on our telephone system);
- through electronic conferencing and messaging;
- through written correspondence (such as emails, letters and faxes);
- from third parties, including individuals who may be able to provide evidence in connection with any legal proceedings we undertake for or in relation to you
- from regulatory authorities; and
- from public registers (for example, searches of ASIC databases or from other publicly available sources).
How do we use or disclose your personal information?
We use and disclose personal information for the purposes for which it was collected. We may share your personal information with third parties where appropriate for the purposes set out under the heading ‘Why we collect personal information’, including:
- financial institutions for payment processing;
- barristers, experts (including external law firms) or other relevant third parties in relation to your matter;
- overseas law firms if advice on foreign laws is needed;
- government regulators (for example to update ASIC records or where required under anti-money laundering and counter-terrorism laws);
- referees whose details are provided to us by job applicants; and
- contractors who provide services to us including information and communication technology providers, data storage and archive services and organisations that provide research and statistical analysis services.
Cross border disclosure of personal information
We may disclose personal information to parties located overseas or outside of New South Wales where we engage an overseas or interstate law firm to provide advice on foreign or interstate laws or to obtain services in connection with providing you with legal advice.
If this occurs we will comply with the requirements of the Privacy Act that apply to cross border disclosures of personal information.
Data quality and security
We hold personal information in a number of ways, including in hard copy and in electronic documents and files, in electronic databases and in paper-based filing systems.
We take reasonable steps to:
- make sure that the personal information that we collect, use and disclose is accurate, up to date and complete;
- protect personal information we hold from misuse, interference and loss and from unauthorised access, modification or disclosure; and
- destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the APPs.
You can help us keep your information up to date, by letting us know about any changes to your details, such as your address, email address or phone number.
The steps we take to secure the personal information we hold include website protection measures (such as firewalls and anti-virus software), security restrictions on access to our computer systems including two factor password protection practices for document creation and secure digital storage and observance of current and emerging best practice policies.
Information privacy and our website
Access and correction
Please contact us if you would like to access or correct personal information we hold about you.
In order to process such a request we may need to verify your identity to make sure that the personal information we hold is properly protected.
We will generally provide you with access to your personal information, subject to some exceptions permitted by law. We will also generally provide access in the manner that you have requested (eg by providing photocopies or allowing a file to be viewed), provided it is reasonable and practicable for us to do so. We may however charge a fee to cover our reasonable costs of locating the information and providing it to you.
If you ask us to correct personal information that we hold about you, or if we are satisfied that the personal information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.
We will endeavour to respond to access and correction requests within 30 days.
If you have a complaint about how we have collected or handled your personal information, please contact our Privacy Officer (see below), who will endeavour in the first instance to deal with your complaint and take any steps necessary to resolve the matter within a week.
If your complaint can’t be resolved at the first instance, we will ask you to complete a Privacy Complaint Form, which asks you to explain the circumstances of the matter that you are complaining about, how you believe your privacy has been interfered with and how you believe your complaint should be resolved.
We will acknowledge receipt of the Privacy Complaint Form within 5 business days of receiving it and will investigate your complaint in a timely manner. This may include, for example, gathering the relevant facts, locating and reviewing documents and speaking to individuals.
In most cases, we expect that complaints will be investigated, and a response provided within 30 days of receipt of the Privacy Complaint Form. If the matter is more complex and our investigation takes longer, we will contact you to let you know.
If you are not satisfied with our response, you can refer your complaint to the Office of the Australian Information Commissioner.
Contacting our privacy officer
Please contact our privacy officer Suzie O’Toole via email at firstname.lastname@example.org or phone 0420-920 760 if you would like to access or correct personal information we hold about you.