Cross-border data transfer affects all organizations that engage online IT services, cloud-based services, remote access services and global HR databases.
Data transfers are allowed in Australia, but the local entity remains responsible for any data processed outside of the country. Under the Privacy Act, entities are expected to take reasonable steps to ensure personal data processed overseas is protected (Chapter 8: APP 8, 2015). Employers can meet the data protection obligation through due diligence measures and contractual provisions. There are some very limited exceptions to the entity’s accountability (e.g. an individual providing fully informed consent after being told the entity will not take steps to protect their personal information processed overseas).
Restrictions apply when transferring Personally Identifiable Information (PII) out of the State or Territory where health information is regulated. Exceptions to this include:
HR Best Practices: When transferring data outside of Australia, take all reasonable steps to ensure the overseas data recipient meets the requirements outlined in Australia’s Privacy Principles. Enter into enforceable, contractual agreements with the data recipient and perform due diligence measures before transferring any PII.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.
