390 likes | 522 Views
Privacy and You. How to use this program. This training program has been designed to give you the fundamental principles of the laws governing privacy, our obligations and your responsibilities. To navigate this program use the buttons in the bottom right hand corner of the screen.
E N D
How to use this program This training program has been designed to give you the fundamental principles of the laws governing privacy, our obligations and your responsibilities. To navigate this program use the buttons in the bottom right hand corner of the screen. To move forward To move back To return to the beginning X To exit
Why this training is important … This program will take approximately 30 minutes to complete. At the end of this program you will be asked to complete an assessment. The assessment will consist of 10 questions. You can refer to the content of this program to assist with your answers. When you have completed this program ask your leader to debrief with you.
What you will learn This program consists of 6 modules: • Background to AUSTRALIAN PRIVACY ACT 1988 • NATIONAL PRIVACY PRINCIPLES • The Office of the PRIVACY COMMISSIONER • Completing a CUSTOMER REQUEST • Case Studies • Summary
Definition of personal information Before we look at the Privacy Act and National Privacy Principles we need to understand what the definition of personal information is. Personal information is information or an opinion whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Background to the PrivacyAct1988 The Privacy Act was passed by the Australian Federal Parliament at the end of 1988. The Act gave effect to Australia's agreement to implement Guidelines adopted in 1980 by the Organisation for Economic Cooperation and Development (OECD) for the Protection of Privacy and Transborder Flows of Personal Data. It also fulfils its obligations under Article 17 of the International Covenant on Civil and Political Rights.
Background to the PrivacyAct1988 Government sector The Act had two objectives: The protection of personal information in the possession of federal government departments and agencies • To provide safeguards for the collection and use of tax file numbers
Background to the PrivacyAct1988 In May 1989 following public controversy over the credit industry's intention to introduce a system of routine monitoring of consumers' management of their loans, the federal government announced its intention to regulate credit reporting practices by amending the Privacy Act. These amendments, which received Royal Assent on 24 December 1990, are contained in Part IIIA of the Privacy Act 1988. The amendments included section 18A(1) which required the Privacy Commissioner to issue a Code of Conduct on credit reporting.
Background to the PrivacyAct1988 Private sector In December 2000, the Privacy Amendment (Private Sector) Act 2000 (the Amendment Act) was passed by Federal Parliament. It covered most private sector organisations. The new scheme came into effect for most organisations covered by the Privacy Act on 21 December 2001.
Background to the PrivacyAct1988 The NATIONAL PRIVACY PRINCIPLES (NPPs) in the Privacy Act set out how private sector organisations should: • collect • use • keep secure and • disclose personal information. The principles give individuals a right to know what information an organisation holds about them and a right to correct that information if it is wrong.
An individual can now: • know why their personal information is being collected and how it will be used • ask for access to their records, including their health information • take up opportunities to stop receiving direct marketing material (opt-out) • correct inaccurate information about themselves • know which organisations will be given their personal information • ensure organisations only use their information for purposes they have told you about • find out what information an organisation holds on them and how they manage it
National Privacy Principles There are TEN National Privacy Principles relating to personal information: • Collection • Use & Disclosure • Data Quality • Data Security • Openness • Access & Correction • Identifiers • Anonymity • Transborder Data Flows • Sensitive Information
NPP 1 - Collection Collection of personal information must be fair, lawful, and not intrusive. A person must be told: • the organisation’s name that is collecting or will hold the information • the purpose of the information collection • that they can get access to their information • what happens if they do not provide the information.
NPP 2 - Use & Disclosure An organisation should only use or disclose the information for the purpose it was collected, unless: • the person has consented to another use, or • the secondary purpose is related to the primary purpose and a person would reasonably expect such use or disclosure, or • the use is for direct marketing in specified circumstances, or • in circumstances related to public interest such as law enforcement and public or individual health and safety
NPP 3 - Data Quality An organisation must take reasonable steps to ensure that the personal information it collects, uses or discloses is accurate, complete and up to date. Updating Change Of Address details provided by cardmembers’ in a timely manner When you are entering file notes be sure you only state factual information. It is not appropriate to add notes of a subjective or malicious nature. (eg: “the customer was stupid”)
NPP 4 - Data Security An organisation must take reasonable steps to protect the personal information it holds from misuse or loss and from unauthorised modification or disclosure. We have various system security controls to protect our customers’ data (eg: secure logins to various systems) We must ensure that any printouts with cardmember information are either filed or destroyed after use.
NPP 5 - Openness An organisation must have a policy document outlining its information handling practices and make this available to anyone who requests it. The Boston Group has a Privacy Policy statement which can be obtained from management at any time.
NPP 5 - Openness Our policy covers: • Our commitment to card members privacy • Types of personal information we collect • Why we collect personal information • How we collect personal information • How we store personal information • When we may disclose card members personal information • Accessing personal information
NPP 6 - Access & Correction Generally speaking, an organisation must give an individual access to personal information it holds about that individual, on request. There are exceptions: • it would be unlawful to provide the information • it would pose a serious and imminent threat to the life or health of any individual • it would have an unreasonable impact upon the privacy of other individuals or • the request is frivolous or vexatious.
NPP 7 - Identifiers Generally speaking an organisation must not use or disclose an identifier that has been assigned by an Australian government ‘agency’. An identifier is any piece of information that we hold on a cardmember that could possible lead to their being identified. (i.e. Tax file number, Medicare Number)
NPP 8 - Anonymity Organisations must give individuals the option to interact anonymously whenever it is lawful and practicable to do. In complying with the National Privacy Principles American Express will allow its cardmembers and clients to interact anonymously wherever it is lawful and practical to do so. You must always follow the established ID procedures when speaking with card members.
NPP 9 - Transborder Data Flows An organisation in Australia must take steps to protect an individual's privacy if personal information is sent outside Australia. Information may only be transferred if: • the organisation reasonably believes a law, binding scheme or contract applies at the destination which effectively delivers privacy standards substantially similar to the NPPs • the individual consents to the transfer • the transfer is for the benefit of the individual and it's impracticable to obtain consent, but it's likely consent would have been given • the organisation has taken reasonable steps to ensure the information won't be held, used or disclosed by its recipient inconsistently with the NPPs
NPP 10 - Sensitive Information Generally, an organisation is not allowed to collect sensitive information from an individual unless: • the individual has consented • collection is required or authorised by law • the information is required to establish or defend a legal or equitable claim • the individual is incapable of consenting and the information is needed because of a serious and imminent threat to the life or health of the individual Examples of sensitive information include: religious beliefs, ethnic origin, Political and trade union affiliation.
Office of the Privacy Commissioner Individuals can complain if there has been an ‘interference’ with their privacy. An Organisation must have been given a chance by the individual to resolve the complaint. If still unresolved, the Office of Privacy Commissioner will work with both parties conciliate the complaint. If still unresolved, the Commissioner will make a formal determination.
Tax File Numbers Tax file numbers (TFNs) are unique numbers issued by the Australian Taxation Office (ATO) to identify individuals, companies and others who lodge income tax returns with the ATO. Individuals who do not quote their TFN to employers and financial institutions have tax deducted from their income or interest payments at the highest marginal rate. Quotation of TFNs is also a condition of receipt of most Commonwealth government assistance payments.
Tax File Numbers The Tax File Number Guidelines issued under s.17 of the Privacy Act 1988 protect the privacy of natural persons by regulating the collection, storage, use and security of tax file number information. The Guidelines do not protect tax file number information relating to entities such as corporations, partnerships, superannuation funds and trusts. The Guidelines are legally binding. A breach amounts to an interference with the privacy of an individual, who may complain to the Federal Privacy Commissioner and where appropriate, seek compensation.
What should I do if I receive a request? Under the provision of NPP 6 – Access & Correction to Personal Information a customer may make a request for their personal information held by Boston. You should determine from the debtor if they want access to any specific information or all the information we hold. EG: 12 months of payment history, information about a dispute etc
Details of the Request The following details should be collected from the debtor: • Name • Address • Reference/Account/Card Number • Contact Details • Request details (ie: what information does the customer want to see) Once you have collected the information pass it onto your team leader for action.
Compliance Contacts If you need to speak to a someone about this contact: Louise Taylor Group General Manager, Boston Corporate Holdings Pty Ltd OR Brad Gower Solicitor, Insight Litigation & Legal Services Pty Ltd
Privacy Responsibilities Why protect personal information? Information is a valuable asset, especially given developments in eCommerce and the drive towards a global economy. There are real concerns about how information is used and shared. These concerns are even stronger where the information is sensitive or very personal. We must balance this against our need to handle and use personal information in the course of our business.
Privacy Advantages Complying with the new privacy regime comes with benefits for our business. Such as: • generating good customer or consumer relations • helping the free flow of data between organisations inside and outside Australia • providing an opportunity to review and potentially improve efficiencies in information handling procedures • effective complaints handling procedures should mean that customers who would otherwise have walked away dissatisfied are more likely to stay
Summary This program has covered: • Background to AUSTRALIAN PRIVACY ACT 1988 • NATIONAL PRIVACY PRINCIPLES • The Office of the PRIVACY COMMISSIONER • Completing a CUSTOMER REQUEST • Case Studies • Summary
Congratulations …. … you have completed the Privacy program. You will now need to complete an assessment made up of 10 questions – remember you can refer to this program to help with the answers (use ALT TAB to toggle between the Quiz and this program) You must obtain 100% to pass the assessment. • Click on the Q button below to take you to the assessment – you will be redirected to the QUIA assessment website. • Enter your name and click the START NOW button • After you have answered all the questions click the SUBMIT ANSWERS button – your results will be displayed • If you do not obtain 100% please redo the assessment • Exit the QUIA website and return to this program • Click on the X button to exit. Q
EXIT …. … you have chosen to EXIT the program!! Are you sure you want to EXIT. If so press the ESCAPE button on your keyboard. The ESCAPE button is located on the top left hand side of your keyboard.