The privacy laws specify that if Monash University provides personal, sensitive or health information to a third party, and that third party breaches the privacy of the individual then both Monash University and the third party may be liable for the breaches.
Monash can implement steps to protect itself against breaches of the privacy laws by a third party by including in the contract the necessary privacy clauses.
The contract between Monash and the third party should contain a requirement that the third party is bound by the privacy laws (Information Privacy Act and Health Records Act) with respect to any personal, sensitive or health information Monash provides the third party during the course of the relationship.
If the contract has the appropriate privacy clauses any act or practice by the third party which is contrary or inconsistent with the privacy laws is capable of being enforced against the third party in accordance with the procedures set out in the privacy laws.
IMPORTANT: When providing personal, sensitive or health information to third parties, it is important to ensure that the appropriate contractual provisions are included in the contract. If no contract exists, stand alone privacy agreements are available. For advice about the appropriate privacy clauses in contracts please contact the Monash University Privacy Officer or the Solicitor's office.