Superannuation
In addition to the private sector privacy regime, trustees of superannuation funds are
subject to obligations of confidentiality and access to information owed to
members and beneficiaries as a result of their fiduciary relationship and under
superannuation legislation.
Trustees of superannuation funds have obligations of confidentiality and access to information owed to members and beneficiaries as a result of their fiduciary relationship and under superannuation legislation
(for more detail, see our general law obligations section.) They are also
required to have a formal complaints process.
These obligations apply in addition to the NPPs. Most trustees handle
sensitive information, especially health information and need to comply with the
standards imposed by the
special protection for health information
in the NPPs.
The private sector privacy regime applies to trusts so it affects most superannuation trustees. It is unlikely that many superannuation trustees, including non-profit funds, would qualify for any
exemptions.
Arguably no superannuation fund can qualify for exemption as a small business operator because the activities of a fund are not a
'business'. Further, funds which provide insurance benefits may be regarded as trading in personal information because the fund, not the member, receives the benefit of the insurance and any claims paid. For the purposes of the small business exemption,
'annual turnover' includes taxable contributions and other amounts reported as instalment income in the fund's business activity statement.
The personal affairs exemption may apply to self-managed funds with individuals as trustees, but not a single corporate trustee.
Even if a trustee could claim an exemption, the exemption would not extend to the fund's administrators and other service providers. Trustees cannot avoid their privacy obligations by outsourcing to a service provider (even one who claims to be exempt as a small business operator) and will be liable for the service provider's breaches of the privacy laws. Trustees must include provisions in service contracts requiring service providers comply with their own and the trustee's privacy obligations and monitor performance to ensure service providers can and do comply in practice.
|
 |
|
State or Territory legislation (such as the Victorian Health Records
Act
2001,
Health Records and Information Privacy
Act 2002
(NSW) and the ACT
Health Records (Privacy and Access) Act
1997) may apply to health records held by superannuation funds, instead of or in addition to the
federal private sector privacy regime and may create additional compliance obligations. In some cases, these requirements may extend to health records held:
- outside the relevant State or Territory by an organisation in that State or Territory; or
- in the State or Territory by organisations outside that State or Territory.
Provisions in the Family Law Act dealing with division of superannuation benefits on breakdown of marriage require superannuation trustees to provide personal information about a member's benefits to the member's spouse and the Family Court. Members should be informed of these potential disclosures in the collection statement provided to comply with
NPP 1.
If you participate now or in the future in the Supermatch programme conducted by the Australian Taxation Office to match members with lost benefits, you'll need to tell members about this and obtain consent to use their personal information and tax file number.
We've put together a checklist to give you some guidance.
Members of The Association of Superannuation Funds of Australia Limited (ASFA) should refer to the Trustee Best Practice Paper on
Implementing Privacy.
|
top
of page