Know Your Privacy Rights
In most cases privacy legislation and related rules allows individuals to:
- Know why information is being collected, how it will be used, and who it can be disclosed to.
- Give an option to opt out of being identified or using a pseudonym.
- Ask for access to your own personal information.
- Stop receiving unwanted direct marketing. Ask for incorrect information to be corrected.
- Make a complaint about an entity covered by the legislation if you believe they have mishandled your information.
Following the introduction of new notifiable data breach laws in Australia, organisations with obligations under the Privacy Act 1998 (Cth) must now notify you of certain data breaches. Please see our Data breaches & your rights fact sheet.
It is important to take steps to maintain the safety of your privacy.
- Always read privacy policies to understand how your information will be used
- Always ask why, how, and who. If you don’t think they need it, don’t supply it
- Keep yourself safe online.
- Make sure the websites you are visiting are secure before providing any personal information.
- Avoid using unsecured Wi-Fi.
- Use strong, diverse passwords for all your accounts.
- Use security software on all devices.
- Be careful with what you share on social media and store on your devices.
- Store your private information inconspicuously and securely dispose of hard copy and electronic records.
- Keep up to date on the latest scams. Block cookies and think about whether you are happy to lose control of your private information.
Privacy and Identity Theft
- You have a right to know what personal information of yours was used to commit a crime. Be persistent. Businesses are expected to have procedures for identifying and responding to privacy issues.
- Note that whilst an organisation is not required to provide you details about the person that is suspected of impersonating you, there are ways that good organisations can validate whether your credentials have been used, such as parties confirming the first and last numbers of a credential.
- Ensure that all communications and decisions made with the business are recorded.
- Some industries have a national ombudsman, or a state and territory industry ombudsman. These offices may be able to resolve disputes on your behalf.
- We’ve seen organisations facilitate the further compromise of personal information because they have willingly divulged details to perpetrators thinking it is to the real customer – it’s important to understand whether this has happened and what the service provider proposes to do in response.
- If your information has been data breached, please see our Data Breaches Fact Sheet on data breaches for consumers.
Identity Care Australia & New Zealand Ltd (IDCARE) provides identity and cyber security incident response services (the Services) in accordance with the following disclaimer of service:
IDCARE is Australia and New Zealand’s national identity and cyber incident community support service. We are a not-for-profit charity.
- The Services provide do not constitute legal advice. IDCARE recommends that you consult a solicitor in relation to your legal rights and obligations, including but not limited to your legal rights or obligations under Australian and international privacy and data protection laws.
- While every effort has been made to ensure the accuracy of the information in this product or service, to the maximum extent permitted by law all conditions, terms, representations, and warranties (in each case, whether express or implied) in connection with the provision of the Services which might otherwise be binding upon IDCARE are excluded.
- IDCARE’S liability for any loss or damage suffered by any person or organisation (including, without limitation, any direct, indirect or consequential loss or damage) arising out of or in connection with the Services (including without limitation liability for any negligent act or omission, or statement, representation or misrepresentation of any officers, employees, agents, contractors or consultants of IDCARE) shall be limited to the fees paid by you to IDCARE in respect of the Services. For the avoidance of doubt, this limitation of liability extends to any liability arising from any actions performed or not performed as a result of any recommendations made in course of providing the Services.
- The Services provided by IDCARE are intended to be provided solely to the initial recipient of this document or service and IDCARE will not be liable to any other person who may receive this document.
While every effort has been made to ensure the accuracy of the information in this alert, IDCARE disclaims any liability to any person in respect to any actions performed or not performed as a result of the contents of the alert or any accompanying data provided. Wider dissemination may be permitted by authority in writing from IDCARE’s Managing Director. If you would like to provide feedback please use our Feedback Form.