1 / 27

An Introduction to the Privacy Act

An Introduction to the Privacy Act. Privacy Act 1993. Promotes and protects individual privacy Is concerned with the privacy of information about people rather than physical intrusions into privacy

sadah
Download Presentation

An Introduction to the Privacy Act

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Introduction to the Privacy Act

  2. Privacy Act 1993 • Promotes and protects individual privacy • Is concerned with the privacy of information about people rather than physical intrusions into privacy • Establishes 12 information privacy principles which regulate the collection, storage, use and disclosure of personal information and give people the right to access and correct their information • Allows the Privacy Commissioner to issue industry specific codes of practice • Sets out rules for information matching • Provides a set of principles regulating how information on public registers can be used • Sets up a complaints procedure • Sets out how law enforcement information is to be dealt with • Provides for the appointment of a Privacy Commissioner and sets out his role and functions

  3. Definition of Personal Information • Information about an identifiable individual • Does not include information about a corporate body

  4. Agency • Any person or body of persons • Corporate or unincorporate • Public or private sector • Some exceptions: MPs, courts and tribunals, news media in relation to its news activities • Sections 3 and 4

  5. Breach of IPPANDAdverse ConsequenceResults in Interference With Individual’s Privacy Breach Loss Interference

  6. Interference With Privacy (Access) • Referral • Failure to respond within 20 working days • Conditions on use • Charging • Refusal to correct Interference with privacy if there is no proper basis for:

  7. IPP 1 - Purpose of Collection ofPersonal Information Not to be collected by an agency unless: • Information is collected for a lawful purpose connected with the function / activity of the agency • Collection necessary for that purpose ISSUES Lawful purpose? Is it purpose connected with a function / activity of the agency? Is collection necessary for that purpose?

  8. IPP 2 - Source of Personal Information Where an agency collects personal information, the agency shall collect the information directly from the individual concerned. No compliance permissible where the agency believes, on reasonable grounds, that: • Individual has authorised collection of the information from someone else • Compliance would prejudice the purpose of that collection • Compliance not reasonably practicable in the circumstances (Non-compliance permissible on certain other grounds)

  9. IPP 3 - Collection of Personal InformationFrom Subject (A) Where personal information collected directly from individual concerned, agency required to take reasonable steps to ensure individual is aware of: • Fact information is being collected • Purpose for which information is collected • Intended recipients of information • Contact details for agencies collecting and holding information • Whether supply of information is mandatory / voluntary (Where law authorises / requires collection) • Consequences if information not supplied • Rights of access and correction • Provide these details before • collection if practicable

  10. IPP 3 - Collection of Personal InformationFrom Subject (B) • It is authorised by the individual • It would not prejudice the individual’s interests • Compliance would prejudice purposes of collection Also certain other grounds IPP 3(4) Repeat explanation not necessary If given recently Non-compliance permissible where agency believes, on reasonable grounds, that:

  11. IPP 4 - Manner of Collection of Personal Information • Unlawful means • Means that, in the circumstances are, - Unfair - Unreasonably intrude upon the Individual’s personal affairs Personal information must not be collected by:

  12. KEY CONCEPTS PURPOSE AND OPENNESS Develop information handling policies Convey policies when collecting information

  13. IPP 5 - Storage and Security of Information • Loss • Unauthorised access, use, modification or disclosure • Other misuse Agency holding personal information must take reasonable security safeguards to protect against: ISSUES Physical security? Operational security? Security of transmission? Disposal or destruction?

  14. IPP 6 - Access to Personal Information Where an agency holds personal information in a way that it can readily be retrieved, individuals are entitled to have access to information relating to them

  15. IPP 6 - Access to Personal Information Obligations of agencies to • Provide assistance • Transfer access requests • Respond within time limits • Make information available in form requested Precautions by appropriate procedures: • Satisfactory identification of individual • Authority of agent Charges: • No charge by public sector agency • Reasonable charges by others

  16. Withholding Grounds - Principle 6 • 27(1)(c) - prejudice maintenance of law • 27(1)(d) - endanger safety • 29(1)(a) - unwarranted disclosure • 29(1)(c) - prejudice physical / mental health • 29(2) - not readily retrievable / cannot be found / does not exist

  17. IPP 7 - Correction of Personal Information An individual is entitled to request the correction of information Agency must either: Agency must notify known recipients of the information about this correction Make correction OR Attach statement by individual of correction sought

  18. Up to date Complete Accurate Not misleading Relevant IPP 8 - Accuracy of Personal Information to Be Checked Before Use Agencies must take reasonable steps to ensure personal information is accurate before using it

  19. IPP 9 - Agency Not to Keep Personal Information or Longer Than Necessary Agency holding personal information shall not keep it for longer than required for the purposes for which it may lawfully be used. ISSUES Should it be retained at all? If so, for how long? Note legal obligations to retain, eg. tax, medical records Consider return, destruction, transfer

  20. IPP 10 - Limits on Use of Personal Information Personal information collected for one purpose cannot be used for another purpose unless agency believes, on reasonable grounds, that: (Non-compliance permissible on Certain other grounds) • Use for other purpose authorised by individual concerned • Information sourced from publicly available publication • Use for other purpose necessary to prevent or lessen a serious and imminent threat to • - public health / safety • - life / health of someone • Purpose is directly related to the purpose for which it was collected

  21. IPP 11 - Limits of Disclosure ofPersonal Information An agency shall not disclose personal information unless it believes, on reasonable grounds, that disclosure: (Non compliance permissible on Certain other grounds) • Is to the individual concerned • Is authorised by the individual • Is one of the purposes in connection with which the information was obtained or is a directly related purpose • Is in a form in which the individual is not identified

  22. Information Privacy Principle 11 Don’t do it unless DISCLOSURE Research (No ID) Purpose of Collection Publicly Available Maintenance of the Law To the Person Public Health or Safety Needed to sell Business Authorised by Privacy Commissioner

  23. IPP 12 - Unique Identifiers • Agencies not to assign unique identifiers unless necessary to enable them to carry out their functions efficiently • Agencies not to assign unique identifier that has been assigned by another agency • Clearly identify the individual before assigning unique identifier • Agencies not to require people to disclose a unique identifier assigned by another agency unless disclosure is for the purposes for which that unique identifier was assigned

  24. Complaints Process Notification Investigation Commissioner assists parties with settlement Provisional Opinion - with right of response Final opinion Referred by Complainant Referred by Privacy Commissioner Complaints Review Tribunal

  25. Privacy Act and Official Information Act Interface Requester X asks for information about himself Privacy Act • IPP 6 • Part IV Privacy Act • Sections 27-29 - • withholding grounds • apply Official Information Act Requester X asks for information about Y Section 5 Presumption of availability Unless good reason for withholding information Section 9(2)(a) protect privacy of natural persons

  26. Other Legislation Action authorised by other Legislation Privacy Act Does not Derogate

  27. Don’t blame the Privacy Act Telephone: 04-474 7590 Enquiries hotline: 0800 803 909 Or: 09-302 8655 Email: privacy@actrix.co.nz Internet address: http://www.privacy.org.nz Postal address: Privacy Commissioner PO Box 10-094 Wellington

More Related