We respect your privacy. We owe all clients a duty of confidentiality and will comply with all privacy laws.

We will comply with the Australian Privacy Principles unless authorised or required by law to depart from them.

If you have any enquiries about our privacy policy, or to make an access or amendment request or complaint, please contact our Principal David Jacobson, on 07 3878 5098.

You can see our website terms of use here.

You can see our compliance course site privacy policy here.

Why we collect information

We will only use your personal information for work you ask us to do or to tell you about our services or events. We will protect the security of your personal information once we receive it but we cannot guarantee the security of transmission from you. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of your Personal Information.

We will only collect personal information if:

  • it is for a lawful purpose that is directly related to one of our services, and
  • it is reasonably necessary for us to have the information.

How we will collect personal information

We will collect personal information directly from the individual concerned unless it is unreasonable or impractical.

We will not collect personal information by unlawful means.

We will not collect personal information that is intrusive or excessive.

We will take reasonable steps to ensure that the personal information we collect is relevant, accurate, up-to-date and complete.

Use of information

When collecting personal information, we will tell the person:

  • what it will be used for
  • what other organisations (if any) routinely receive this type of personal information from us
  • how the person can access their personal information held by us
  • whether the collection is required by law
  • what the consequences will be for the person if they do not provide the information to us

Access to information
We will enable anyone to know, upon request, whether we are likely to hold their personal information, and if so:

  • what type of information we hold about them
  • the purposes for which it will be used
  • how they can access their own personal information

We will allow people to access their personal information without unreasonable expense or delay.

We aim to respond to requests within 30 days

We will only refuse access where authorised by law, and we will provide written reasons.

Security safeguards

We will take reasonable security measures to protect personal information from loss, unauthorised access, use, modification or disclosure.

We will take reasonable steps to ensure personal information is stored securely, not kept longer than necessary, and disposed of appropriately.

If a data breach involving your Information occurs, or we suspect that a data breach has occurred, whether the entity experiencing the data breach is Bright Law or third parties we use, such as contractors or subcontractors, we will expeditiously conduct an investigation and assessment.

Based on this assessment, we will determine whether any steps need to be taken by us to ensure your Information is not accessed by unauthorised persons or whether we need to notify you with recommendations about the steps that you should take in response to the data breach.

If there is a serious data breach we will tell you about any action we have taken, or we are intending to take, to prevent reoccurrence.


We will allow people to update, correct or amend their personal information where necessary, to ensure it is accurate, relevant, up-to-date, complete or not misleading.

Where possible, we will notify any other recipients of any changes.


Before using or disclosing personal information, we will take appropriate steps to ensure that the information is relevant, accurate, up-to-date, complete, and not misleading

Direct marketing

We will use personal information for direct marketing only if:

  • the person has consented
  • they would reasonably expect it
  • we provide you with an opportunity to opt out
  • you have not opted out.

We do not use linked health records, nor do we use unique personal identifiers. It is not practicable for us to provide anonymous services.


Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.