3. Privacy


Students Learn About:

Privacy

  • need to protect an individual’s data and identity



    Students Learn To:

    • identify ways in which privacy can be protected

    Privacy is about protecting an individual’s personal information

    • Personal information is any information that allows others to identify you.
    • Privacy is a fundamental principle of our society, we have the right to know who holds our personal information. 
    • Privacy is a feeling of seclusion, where we can be safe from observation and intrusion.  
    • For this to occur we need to feel confident that our personal information will not be collected, disclosed or otherwise used without our knowledge or permission.
    Personal information is required, quite legitimately by many organisations when carrying out their various functions. 
    • This creates a problem, 
      • how do we ensure this information is used only for its intended task and 
      • how do we know what these intended tasks are? 

    • Laws are needed that require organisations to provide individuals with answers to these questions. In this way individuals can protect their privacy.
    Privacy In Australia

    In Australia, privacy is legally protected under the Privacy Act 1988 and its subsequent amendments. 

    This act contains ten National Privacy Principles, that set standards that organisations are required to meet when dealing with personal information


    Australian Privacy Principles

    The Australian Privacy Principles (or APPs) are the cornerstone of the privacy protection framework in the Privacy Act 1988 (Privacy Act). They apply to any organisation or agency the Privacy Act covers.

    There are 13 Australian Privacy Principles and they govern standards, rights and obligations around:

    The Australian Privacy Principles are principles-based law. This gives an organisation or agency flexibility to tailor their personal information handling practices to their business models and the diverse needs of individuals. They are also technology neutral, which allows them to adapt to changing technologies.

    A breach of an Australian Privacy Principle is an ‘interference with the privacy of an individual’ and can lead to regulatory action and penalties.


    What are the ten National Privacy Principles?

    Principle

    Title

    Purpose

    APP 1

    Open and transparent management of personal information

    Ensures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed and up to date APP privacy policy.

    APP 2

    Anonymity and pseudonymity

    Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.

    APP 3

    Collection of solicited personal information

     

    Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of sensitive information.

    APP 4

    Dealing with unsolicited personal information

    Outlines how APP entities must deal with unsolicited personal information.

    APP 5

    Notification of the collection of personal information

    Outlines when and in what circumstances an APP entity that collects personal information must tell an individual about certain matters.

    APP 6

    Use or disclosure of personal information

    Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.

    APP 7

    Direct marketing

    An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.

    APP 8

    Cross-border disclosure of personal information

    Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.

    APP 9

    Adoption, use or disclosure of government related identifiers

    Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.

    APP 10

    Quality of personal information

    An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.

    APP 11

    Security of personal information

    An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.

    APP 12

    Access to personal information

    Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.

    APP 13

    Correction of personal information

    Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals.



    Consequences of the Privacy Act 1988 mean that information systems that contain personal information must legally be able to:
    • explain why personal information is being collected and how it will be used
    • provide individuals with access to their records
    • correct inaccurate information
    • divulge details of other organisations that may be provided with information from
    • the system
    • describe to individuals the purpose of holding the information
    • describe the information held and how it is managed









    Comments