|
Privacy - what it means for your business
The Australian Federal Government passed the Privacy
Amendment (Private Sector) Act 2000 in December 2000. The act, which
came into effect on the 21st December 2001, includes a number of
National Privacy Principles (NPPs) regulating the collection, storage,
access to, use, disclosure and de-identification of personal information.
The Principles establish a minimum standard that private sector
organisations must observe when handling personal information.
If your organisation has revenues of $3M or over,
you will need to comply with the act. The act is overseen by the
Office of the Federal Privacy Commissioner who actively investigate
complaints from the Public.
The Ten National Privacy Principles are:
|
|
|
|
1.
|
Collection
Collection of personal information must be fair, lawful and
not intrusive. A person must be told the organisation’s
name, the purpose of collection, that the person can get access
to their personal information and what happens if the person
does not give the information. |
|
2.
|
Use &
Disclosure
An organisation should only use or disclose information for
the purpose it was collected unless the person has consented,
or the secondary purpose is related to the primary purpose and
a person would reasonably expect such use or disclosure, or
the use is for direct marketing in specified circumstances,
or in circumstances related to public interest such as law enforcement
and public or individual health and safety. |
|
3.
|
Data
Quality
An organisation must take reasonable steps to make sure that
the personal information it collects, uses or discloses is accurate,
complete and up-to date. |
|
4.
|
Data
Security
An organisation must take reasonable steps to protect the personal
information it holds from misuse and loss and from unauthorised
access modification or disclosure. |
|
5.
|
Openness
An organisation must have a policy document outlining its information
handling practices and make this available to anyone who asks. |
|
6.
|
Access
& Correction
Generally speaking, an organisation must give an individual
access to personal information it holds about that individual
on request. |
|
7.
|
Identifiers
Generally speaking an organisation must not adopt, use or disclose,
an identifier that has been assigned by a Commonwealth government
‘agency’. |
|
8.
|
Anonymity
Organisations must give people the option to interact anonymously
whenever it is lawful and practicable to do. |
|
9.
|
Transborder
Data Flows
An organisation can only transfer personal information to a
recipient in a foreign country in circumstances where the information
will have appropriate protection. |
|
10.
|
Sensitive
Information
An organisation must not collect sensitive information unless
the individual has consented, it is required by law – or
in other special specified circumstances, for example, relating
to health services provision and individual or public health
or safety. |
Individual organisations may develop, adopt and
enforce their own codes, which must be approved by the Privacy Commissioner
as being at least equivalent to the NPPs. In the absence of a specific
code, an organisation must comply with the NPPs. Try our Spot
Test for a quick check.
Linus can help you comply with specialist serivces
and solutions to assist. We:
-
Have a structured methodology to assess your
Privacy and Security exposure
-
Will develop a cost effective strategy for
your compliance
-
Can amend/facilitate required changes to:
- application forms
- web pages
- business process
- access control
-
Have a number of solutions to address your
organisation’s needs.
Ask the experts 
|
|
