Request for documentation
I have received a document via post requesting personal information.
"Your service will be restricted if you don't submit required documents"
This is not secure at all and MYOB should not ask for personal details, as they are not necessary for the business’ functions or activities.
I would say MYOB is breaching privacy.
Is MYOB an APP entity?
Please read here: https://legalvision.com.au/collecting-id-documentation/
Personal users' IDs are irrelevant to the functioning of the system.
https://www.legislation.gov.au/Details/C2021C00452
https://www.oaic.gov.au/privacy/guidance-and-advice/protecting-customers-personal-information
Also MYOB cannot ask for personal ID without disclosing terms of use, terms and conditions and privacy policy. In addition to this a data breach preparation and response plan must be supplied prior requesting ID.
Does a ground of refusal exist?
- There are ten grounds on which you may refuse to give access to personal information. These grounds are:
- you reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety
- giving access would have an unreasonable impact on the privacy of other individuals
- the request for access is frivolous or vexatious
- the information relates to existing or anticipated legal proceedings between you and the individual, and would not be accessible by the process of discovery in those proceedings
- giving access would reveal your intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations
- giving access would be unlawful
- denying access is required or authorised by or under an Australian law or a court/tribunal order
- you have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to your functions or activities has been, is being or may be engaged in and giving access would be likely prejudice the taking of appropriate action in relation to the matter
- giving access would be likely to prejudice one or more enforcement related activities conduct by, or on behalf of, an enforcement body
- giving access would reveal evaluative information generated within your organisation in connection with a commercially sensitive decision-making process.