Skip to content

  • Home
  • COVID-19 Guide
  • COVID-19 AV library
  • Client results
  • Expertise
  • News & Insights
  • People
  • Our DNA
  • Inclusion and Diversity
  • Join us
  • Contact Us
Home / NEWS & INSIGHTS / Insight / Australian Bushfire Declaration – your rights and obligations
Insight 30 January 2020

Australian Bushfire Declaration – your rights and obligations


WHO SHOULD READ THIS
  • Entities assisting individuals that may be involved in the current Australian bushfire emergencies as well as affected individuals.
WHAT YOU NEED TO KNOW
  • Privacy (Australian Bushfires Disaster) Emergency Declaration (No 1) 2020 enlivens the provisions of the Privacy Act 1988 (Cth) which authorise entities to collect, use and disclose personal information about an individual for certain purposes that directly relate to the Commonwealth’s response to the declared bushfire emergency. These purposes go beyond the collection, use and disclosure of personal information which would otherwise be permitted under the Australian Privacy Principles.

On 20 January, the Attorney-General made the Privacy (Australian Bushfires Disaster) Emergency Declaration (No 1) 2020 (Declaration) under s80J of the Privacy Act 1988 (Cth) (Privacy Act) as a response to bushfires in Australia resulting in death, injury and/or property damage from August 2019 into 2020. The Declaration enlivens Part VIA of the Privacy Act (Emergency Provisions) and is effective for 12 months. It will expire on 20 January 2021.   

The Emergency Provisions

Part VIA of the Privacy Act provides that agencies, organisations and people (entities) may collect, use or disclose personal information for a purpose that is directly related to the Commonwealth’s response to an emergency (Permitted Purpose) if the entity reasonably believes that the individual may be involved in the emergency.  Examples of Permitted Purposes include:

  • identifying individuals who are, or may be, injured, missing or dead, or involved in the emergency or disaster;
  • assisting individuals to obtain services, including repatriation, medical or other treatment, health services and financial or other humanitarian assistance;
  • helping law enforcement with the emergency or disaster;
  • coordinating or managing the emergency or disaster; and
  • ensuring that responsible persons for individuals are kept appropriately informed about the matters that are relevant to those individuals, or the response to emergency or disaster relating to those individuals.

It is important to note that, if the disclosing entity is an Australian Government agency, any disclosure of personal information under the Emergency Provisions must only be to:

  • another Australian Government agency;
  • a State or Territory authority;
  • an organisation as defined under the Privacy Act, including health service provider and private sector businesses with a turnover of more than $3 million;
  • a responsible person for the individual (e.g. parent or guardian; spouse or de facto partner; a relative of the individual, provided the relative is over 18 years old); or
  • any other entity that is, or likely to be, involved in the managing, or assisting in the management of, the emergency,

and individual officers or employees of an agency may only collect, use or disclose personal information if authorised to do so by the agency.

If an organisation or person is disclosing personal information under the Emergency Provisions, it can only make the disclosure to:

  • an agency; or
  • any entity that is directly involved in providing repatriation services, medical or other treatment, health services or financial or other humanitarian assistance services to individuals involved in bushfire emergency.

Updating your Privacy Policy or Personal Information Handling Plan

Entities who intend to take advantage of the Emergency Provisions should take extra care to ensure its employees understand the additional authorisations and its other obligations under the Privacy Act. We recommend updating your privacy policy or preparing a standalone ‘Personal Information Handling Plan’ to supplement your standard privacy policy. The updated policy or supplementary plan should outline:

  • what the Permitted Purposes are (including those which are most likely to be applicable to your particular entity);
  • how an individual (e.g. an employee) should form a reasonable belief that a Permitted Purpose exists based on the circumstances, including the entity’s role and responsibility during the emergency; and the entities to whom personal information may be disclosed; and
  • any additional data security processes and procedures which are in place.

Other points of note

It is also worth noting that:

  • there are certain secrecy provisions (such as under the Office of National Intelligence Act 2018 (Cth)) which continue to apply, so care should be exercised before disclosing information which is otherwise the subject of a secrecy provision;
  • no disclosure is permitted to a media organisation under the Emergency Provisions (and any such disclosure would need to be compliant with Australian Privacy Principle 6);
  • entities must ensure that they comply with their other obligations (including notice and information security requirements) as required under the Privacy Act; and
  • for the purposes of the Privacy Act, personal information includes such information about a person who is deceased.

For further information on any of the issues raised in this alert, please contact our below team.

This publication covers legal and technical issues in a general way. It is not designed to express opinions on specific cases. It is intended for information purposes only and should not be regarded as legal advice. Further advice should be obtained before taking action on any issue dealt with in this publication.

About the authors

  • Matthew McMillan

    Partner

REBECCA LINDHOUT
Special Counsel
DONNA LIN
Lawyer

In other news

Queensland’s new project trust regime to commence on 1 March 2021

15 February 2021BIF Act Amendment Series, Insight

McCullough Robertson strengthens its National Construction and Infrastructure team with key Partner hire in Brisbane

27 January 2021News

New Industrial Relations Laws – What it means for you

22 December 2020Insight

Payment Times Reporting Scheme

21 December 2020Insight

VIEW ALL NEWS & INSIGHTS

BRISBANE

Level 11, 66 Eagle Street
Brisbane QLD 4000
GPO Box 1855
Brisbane QLD 4001
Tel +61 7 3233 8888
Fax +61 7 3229 9949

 

GET IN TOUCH

    Contact form

    We handle your personal information in accordance with our privacy policy.

    sydney

    Level 32, MLC Centre
    19 Martin Place
    Sydney NSW 2000
    GPO Box 462
    Sydney NSW 2001

    Tel +61 2 8241 5600
    Fax +61 2 8241 5699

     

    GET IN TOUCH

      Contact form


      We handle your personal information in accordance with our privacy policy.

      melbourne

      Level 27, 101 Collins Street
      Melbourne VIC 3000
      GPO Box 2924
      Melbourne VIC 3001

      Tel +61 3 9067 3100
      Fax +61 3 9067 3199

       

      GET IN TOUCH

        Contact form

        We handle your personal information in accordance with our privacy policy.

        follow us

        CLIENT LOGIN

        newcastle

        Level 2, 16 Telford Street
        Newcastle NSW 2300
        PO Box 394
        Newcastle NSW 2300

        Tel +61 2 4914 6900
        Fax +61 2 4914 6999

         

        GET IN TOUCH

          Contact form


          We handle your personal information in accordance with our privacy policy.

          canberra

          Level 9, 2 Phillip Law Street
          Canberra ACT 2601

          Tel +61 2 6243 3699
          Fax +61 2 8241 5699

           

          GET IN TOUCH

            Contact form


            We handle your personal information in accordance with our privacy policy.

            © 2017 McCullough Robertson. Site map Disclaimer Privacy Policy Credit Reporting Policy

            X