1 / 22

CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013

CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013. Introduction The changes Future reform. Malte Spitz. “The fall of the Berlin Wall would never have happened if the Stasi had known what the mobile companies know now.”. Introduction The changes Future reform.

reuben
Download Presentation

CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013

  2. Introduction • The changes • Future reform

  3. Malte Spitz “The fall of the Berlin Wall would never have happened if the Stasi had known what the mobile companies know now.”

  4. Introduction • The changes • Future reform

  5. What are the changes? • Privacy Amendment (Enhancing Privacy Protection) Act 2012 • New Australian Privacy Principles (APPs) • Powers of the Commissioner

  6. APP 1 – Open and transparent management of personal information • Organisations must have a privacy policy that is clear and current • Organisations must take reasonable steps to comply with the APPs

  7. APP 2 – Anonymity and pseudonymity • Individuals may interact with organisations anonymously or using a pseudonym • There are exceptions

  8. APP 3 – Collection of personal and sensitive information • Collection of personal information must be reasonably necessary for the organisation’s functions or activities • Collection of sensitive information must be reasonably necessary for the organisation’s functions or activities and the individual must consent to the collection of the information

  9. APP 4 – Dealing with unsolicited personal information • Was the organisation entitled to collect the information under APP3? • If not, the information must be destroyed or de-identified

  10. APP 5 – Notification of collection • Organisations must tell individuals certain things when personal information is collected, including: • Who the organisation is and how to contact it • The purpose(s) of the collection • Consequences of non-collection • Complaint handling process • Potential overseas disclosure

  11. APP 6 – Use or disclosure • Outlines the circumstances in which an organisation may use or disclose the personal information that it holds about an individual. • Limited exceptions to permit use or disclosure for some secondary purposes.

  12. APP 7 – Direct marketing • Personal information must not be used for direct marketing except in the specified circumstances • Does not limit other laws about direct marketing

  13. APP 8 – Cross border disclosure • Organisations must take reasonable steps to ensure overseas recipients to not breach the APPs • Subject to some exceptions, organisations can be liable for breaches by overseas recipients

  14. APP 9 – Adoption, use or disclosure of government related identifiers • Subject to some exceptions, organisations must not adopt or use government related identifiers

  15. APP 10 – Quality • Organisations must take reasonable steps to ensure personal information it collects, uses or discloses is accurate, up-to-date and complete • Organisations must also ensure that personal information that is used or disclosed is also relevant to the purpose of the use or disclosure

  16. APP 11 – Security • Organisations must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure • Subject to some exceptions, personal information that is no longer needed must be destroyed or de-identified

  17. APP 12 – Access • Organisations must meet certain standards when asked for access to personal information • Within a reasonable timeframe • In the requested manner • If refused, reasons to be provided • Complaint mechanism • Charges must not be excessive

  18. APP 13 – Correction • Organisations must take reasonable steps to correct personal information to ensure it is accurate, up-to-date, relevant and not misleading • Statement required if organisation refuses to correct information and the individual requests it

  19. Introduction • The changes • Future reform

  20. Future reform • A statutory cause of action for breach of privacy?

  21. Single parent’s pension • Rent subsidy • Subsidised school fees • Subsidised child care fees • $55,000 judgment for fraud

More Related