Do the Privacy Law changes affect Mortgage brokers?
Almost definitely! If you are acting as an agent for a lender to collect personal information such as ID, then you are required to follow.
Even more specifically, though - in the introducer agreement that you have with the lenders, it is very common that they will specify that you need to meet the requirements set by the Privacy Act.
What do the Privacy Law changes mean for my business?
In the event that you suspect you have had a data breach - that is, client information is lost or stolen, you will now have an obligation to investigate your suspicions and if you find that there has been a breach, notify anyone affected and the Office of Information Commissioner if the breach is likely to cause 'Serious Harm'.
What does the Privacy Act mean by 'Serious Harm'?
'Serious Harm' could include serious physical, psychological, emotional, economic and financial harm, as well as reputation and other forms of serious harm that a reasonable person (this is the same 'reasonable person' as when you're completing your responsible lending obligations) would identify as a possible outcome of the data breach.
Even though just having data stolen may cause a certain level of psychological or emotional shock, this is not considered to be sufficient in and of itself - there has to be some other level of harm that could be reasonably foreseen.
Should I make changes to my privacy disclosures?
If your business had a particularly high exposure to leaks, either because they are more likely or the impact to your business would be more significant, it may be prudent to have a more comprehensive data control and breach management policy and procedure prepared.
For more information, review the 2018 Quarter 1 QED CompliFast Information Pack or give the QED team a call on 1300 817 662, option 1