04 November 2019

Recent complaints against sporting organisations by individuals have highlighted the need for sporting organisations to understand their obligations when collecting and storing member information.

Privacy Law is a complex area which is increasingly subject to scrutiny and can have adverse consequences for National Sporting Organisations (NSOs), State Sporting Organisations (SSOs) and Clubs.

The nature of private member information highlights the risk of a privacy breach along with the associated consequences unless appropriate precautions are taken.

All sporting organisations (NSOs, SSOs and clubs) should be aware that the Commonwealth Privacy Act 1988 (the Act), which governs the way an organisation must handle information collected, and report any privacy breaches, will likely apply to them.

Whilst the Act generally applies only to organisations that have an annual turnover of $3 million or more, the Act may also apply if:

• the organisation falls under the umbrella of a state or national organisation which has a turnover of $3 million or more; or
• the organisation collects and holds health information about a participant or member (e.g. illness, injury, or medication requirements); or
• the organisation provides a “health service” even if that is not its primary activity. “Health service” is defined in the Act, and an organisation can be held out as providing such a service if it, amongst other things:
  • assesses, maintains or improves an individual’s physical or psychological health;
  • records an individual’s health to assess, maintain, improve or manage it.

This would include, for example, collecting health-related information to assess and monitor athlete safety, or to identify performance barriers, at a training camp.

Accordingly, all sporting organisations should ensure that they comply with the Act and can do so by adhering to the Australian Privacy Principles (APPs).

The Office of the Australian Information Commissioner (OAIC) provides on its website valuable information for sporting organisations, opens in a new tab and on the APPs, opens in a new tab (an APP quick reference poster can be accessed here, opens in a new tab). Some key points to keep in mind are as follows:

• An organisation can only collect personal information that is reasonably necessary for its work.
• An organisation must ask for an individual’s consent to collect sensitive information, which includes health information. Information on consent can be found here, opens in a new tab.
• When collecting personal information, the organisation must take reasonable steps to tell the individual a number of things, including the reason the organisation is collecting the information.

For further information on how you can ensure compliance with the Act, please obtain independent legal advice and/or contact the Sport Governance & Strategy team at SportsGovernance@sportaus.gov.au