C orcoran Lawyers take privacy and confidentiality very seriously. We are also bound by and comply with the Australian Privacy Principles derived from the Privacy Act 1988 (Commonwealth).
This privacy and confidentiality explains how we collect and use information that is provided to us in the usual course of investigating potential legal claims, acting for those who later retain us and conducting our legal services. This policy applies to all information that we collect.
The Type of Information Collected
The type of information that we collect includes personal information concerning clients, potential clients who contact us as well as suppliers, consultants, employees and applicants for employment.
Personal information is information that allows us to identify individuals, such as names, contact details and dates of birth. Personal information also includes any fact or opinion provided that is connected to an enquiry.
We may also need to collect sensitive information. Sensitive information is a subset of personal information, such as information or opinion concerning racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a profession or trade association, membership of a trade union, sexual orientation and practice, criminal record or health information.
Purpose of Collection
We will not collect personal or sensitive information unless such information is reasonably necessary for the primary purposes of:
- Assessing whether we are able to act for an individual or group of individuals;
- Marketing our legal services;
- Providing legal services and advice;
- Conducting the effective management of our business;
We collect personal information from individuals at the pre-client stage when a legal enquiry is made so that we can identify and assess whether we are able to act on that individual’s behalf. We will not consider acting for any individual who does not properly identify themselves as this could lead to a conflict of interest developing between our clients in the future.
In some instances, we may also need to collect sensitive information at the initial stage of an enquiry if it is directly relevant to the advice being sought. For our internal business purposes, we retain and safely store the personal and sensitive information that is provided to us at the pre-client stage as this enables us to respond more efficiently and to inform such persons of our other legal services or developments that may be of interest to them at a later stage.
We also collect the personal and sensitive information (“Information”) provided to us by our clients who have commenced instructing us to act in their matter. We collect all Information that is necessary to effectively conduct legal matters. Such Information is stored on our computer systems and within paper based files as appropriate.
At the conclusion of legal matters, we are required to keep legal files for a minimum period of 7 years from the closure of a legal file unless we are instructed to the contrary. In some cases, we may be required to retain documents for a longer period of time (e.g. documents that inform the making of a Will).
Method of Collection
In most circumstances, we will collect Information through completed questionnaires and forms that have been provided to us, interviews and telephone conversations.
Often, in the context of providing legal services, we collect Information from external professional sources (ie. health professionals, financial advisors, accountants, other legal parties and their legal advisors). With the exception of Information obtained from opposing legal parties, this Information will, in the usual course, be obtained under our clients’ express authority and will be securely stored on their file.
Personal information is collected from people utilising our Information Kits, such as the DIY Estate Planning Toolkit. This information is regarded in the pre-client stage and is not used in any capacity other than that expressly requested by the person (e.g. to email them a copy of the information requested or a reminder to update).
How we handle Client Information
We believe that it is essential that all Information is kept confidential. We will not disclose Information to third parties, without consent, unless it becomes necessary to lessen or prevent a serious and imminent threat to life, health or safety or unless otherwise compelled by law.
We utilise international cloud computing services for e-mail storage, practice management and the provision of our website. In every case, data is encrypted (where access can only be obtained through a secure username and password system) to protect confidential Information from unauthorised access and inadvertent disclosure.
Email data is stored in The United Kingdom, Singapore and the United States. Our practice management and website systems are hosted in data centres in Sydney.
Because the security of our clients’ (and pre-clients’) Information is of a paramount concern to us, we undertake appropriate due diligence on proposed cloud computing service providers prior to retaining them. As part of this due diligence, we seek confirmation that we will possess effective control over the Information and that such service providers comply with the Australian Privacy Principles or are subject to a binding law or scheme that offers substantially similar protection.
The Information that is provided to us is stored on computer and paper based files as appropriate. We endeavour to keep all Information safe by taking all reasonable precautions to protect Information from misuse, loss and unauthorised access, modification or disclosure. Our security measures include: educating all of our personnel about the vital importance of client confidentiality and privacy protection, username and password protected access to all of our IT and telephone systems, anti-virus protection to all of our IT systems, effective document destruction (when legally appropriate), security access to and surveillance over all of our office premises and the secure physical storage of archived Information.
We may be compelled to disclose Information by law, for example, under court orders or statutory notices to produce documents under laws relating to social security, taxation, bankruptcy, anti-money laundering, counterterrorism and the management of incorporated entities.
Disclosure to Third Party Service Providers
In the course of providing legal services and conducting the effective management of our business, disclosure to third party professionals and service providers may occur (e.g. barristers, document reproduction service providers and debt recovery agents). We have contractual arrangements in place with all of our service providers to protect personal and sensitive Information up to the same standards as if we stored the Information ourselves and to prevent them from using the Information for any purposes other than our own. We also conduct due diligence on any third party service provider to ensure that they comply with the Australian Privacy Principles (or equivalent privacy laws) and most importantly that they take the protection of our clients’ Information as seriously as we do.
As part of our on-going professional relationship with our pre-client and existing client base, we do not send out marketing material in written or electronic form under any circumstances. Correspondence is restricted to legal matters and practice availability notifications (e.g. notifications of the practice closure during the Christmas break).
Information Quality, Access and Correction Processes
From time to time, we may take steps to update or verify personal information by collecting personal information from publicly available resources, for example, telephone directories or electoral rolls to improve the integrity of the personal information that we hold.
We provide a transparent system of allowing individuals to access their personal Information and seek corrections to any inaccuracies. Requests for access and correction to personal Information for pre-clients (ie, people who have made an enquiry but did not instruct us to act on their behalf) should be made by contacting our office during business hours.
In certain circumstances, we are permitted to deny the request for access, or limit the access that we provide. For example, we will give an explanation of a decision not to offer an individual a client retainer, rather than direct access to the evaluative information connected to the final decision. We are also entitled to withhold a legal file unless and until a satisfactory arrangement has been agreed concerning the payment of outstanding legal costs.