1 / 15

IS IT ONLY NAUGHTY IF YOU GET CAUGHT? Complying with the new Privacy Laws

IS IT ONLY NAUGHTY IF YOU GET CAUGHT? Complying with the new Privacy Laws. Kimberley Heitman AACS www.kheitman.com. Who cares? Why take an interest in privacy?. It’s the law! … But also It’s a ‘hot’ issue Particularly on-line Evidence of public concern – survey research

althea
Download Presentation

IS IT ONLY NAUGHTY IF YOU GET CAUGHT? Complying with the new Privacy Laws

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IS IT ONLY NAUGHTY IF YOU GET CAUGHT?Complying with the new Privacy Laws Kimberley Heitman AACS www.kheitman.com

  2. Who cares?Why take an interest in privacy? • It’s the law! … But also • It’s a ‘hot’ issue • Particularly on-line • Evidence of public concern – survey research • Linked to wider issues – individual vs big organisations – trust, power, accountability • Can’t afford to ignore

  3. Different types of privacy • Bodily privacy – searches, drug tests, psych tests • Territorial privacy – home and property • Communications privacy – post, telephone, email, internet • Information privacy – what others know about you – transactions, behaviour, movements, financial affairs, health, relationships, political views • We all have something to hide – human dignity

  4. Information Privacy laws • Privacy Act 1988 (Cwth) • Commonwealth agencies & TFNs 1989 • Credit Reporting 1990 • Private sector 2001 • State & Territory Laws or rules for government agencies • Privacy & Personal Information Protection Act 1998 (NSW) • Information Privacy Act 2000 (Vic) • WA, SA, QLD & TAS – administrative rules • ACT – Privacy Act 1988, NT – Bill pending

  5. New rules for private sector • Amendments to Privacy Act 1988 • Businesses and associations • Since 21 December 2001 unless < $3million annual turnover and do not ‘trade’ in personal data • Employee records exempt • National Privacy Principles (NPPs)

  6. Identifying Personal Information • “Information or opinion … whether true or not … about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion” (s.6) • No need for name – indirect identification enough • Only if ‘recorded’ (s.16B – except TFNs and Credit)

  7. Privacy Principles • More than just security • Cover life cycle of data from collection through storage, use, disclosure, disposal • Collection • Fair and lawful • Specified purpose • Notice to individuals. • Anonymity • Special rules for sensitive data & identifiers

  8. Privacy Principles (2) • Use & Disclosure • only for original purpose without consent • exceptions • Special rules for Overseas transfer • Data Quality • Security • Access & Correction

  9. Codes of Practice • Can ‘replace’ the NPPs • Can have own complaint handling mechanism – Code Adjudicator • Will generally be sectoral codes • General Insurance • Recruitment • Internet Industry • Direct Marketing? Banking?

  10. Complaints • Individuals can complain about breaches of principles • Complaint to Privacy Commissioner or approved industry ombudsman • Determination can instruct you to take action, pay compensation

  11. Commissioner’s powers • Audits/inspections only for Commonwealth agencies, credit reporting and tax file numbers • Privacy Commissioner can investigate allegations without a complaint

  12. Practical compliance • Ensuring information is needed and relevant for a lawful purpose • Giving notice • General privacy policy/statement • Specific – when collecting • Seeking consent • Ensuring new collections and uses comply • Ensuring data quality • Reviewing security and disposal

  13. Practical compliance (2) • Handling access requests • Locating information • Considering exemptions • Dealing with requests for correction • Handling Complaints • Point of contact • Liaison with Privacy Commissioner or Code Adjudicator

  14. Conclusion • Information (& communications) privacy • Fundamental human right • Its none of their business! • Consumer protection tool • Risk of harm through incorrect information or taken out of context • New rights, new responsibilities

  15. Questions? Useful URLs Privacy Commissioner www.privacy.gov.au Australian Privacy Foundation www.privacy.org.au Electronic Frontiers Australia www.efa.org.au Questions

More Related