Privacy Awareness Week 2017: Understanding the Australian Privacy Act

Slide Note
Embed
Share

Explore the key aspects of the Australian Privacy Act 1988 during Privacy Awareness Week 2017. Learn about the Australian Privacy Principles, regulatory powers of the Commissioner, and the importance of managing personal information transparently. Discover how the Act covers sensitive information, tax file numbers, and credit information, emphasizing the significance of trust, transparency, and compliance with APPs.

saan296
saan296 Follow

Uploaded on Oct 03, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Privacy Awareness Week 2017 Trust and transparency

  2. Office of the Australian Information Commissioner (OAIC) Independent Australian Government statutory authority The Australian Privacy Commissioner and staff regulate Australia s Privacy Act 1988 #2017PAW #2017PAW Handle with care

  3. The Australian Privacy Act #2017PAW #2017PAW Handle with care

  4. What does the Privacy Act cover? Australian Privacy Principles (APPs) Privacy Act contains provisions that deal with: personal information sensitive information (such as health information) tax file numbers credit information Commissioner s regulatory powers #2017PAW #2017PAW Handle with care

  5. Australian Privacy Principles 13 APPs Principles apply to government agencies and private sector organisations (referred to as APP entities ) Structured to reflect the information life cycle planning, collection, use and disclosure, quality and security, access and correction APP Guidelines #2017PAW #2017PAW Handle with care

  6. About the APPs #2017PAW #2017PAW Handle with care

  7. APP 1 Open and transparent management of personal information Take reasonable steps to implement practices, procedures and systems to ensure compliance with APPs Privacy policies must be clearly expressed and up-to-date OAIC s Guide to developing a privacy policy #2017PAW #2017PAW Handle with care

  8. Privacy management framework #2017PAW #2017PAW Handle with care

  9. APP 2 Anonymity and pseudonymity Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym Doesn t apply if identification is required by law or it is impracticable #2017PAW #2017PAW Handle with care

  10. APP 3 Collection of personal and sensitive information Covers collection of personal information and sensitive information Collection must be reasonably necessary for one or more of an APP entity s functions or activities Additional obligations apply to sensitive information #2017PAW #2017PAW Handle with care

  11. APP 4 Dealing with unsolicited personal information If an APP entity receives unsolicited personal information, it must: Assess whether it could have collected the information under APP 3 If not, destroy or de-identify that information But different rules apply to Commonwealth records #2017PAW #2017PAW Handle with care

  12. APP 5 Notification of collection Outlines what what an APP entity must tell an individual and when when Includes: Who the entity is and how to contact it The purpose(s) of the collection Usual disclosures to third parties Complaint handling process Likely overseas disclosure #2017PAW #2017PAW Handle with care

  13. APP 6 Use of disclosure Can only use or disclose personal information for: Purpose for which it was collected, or Secondary purpose if an exception applies #2017PAW #2017PAW Handle with care

  14. APP 7 Direct Marketing Only use or disclose personal information for direct marketing purposes if certain conditions are met Opt-out option Direct marketing of sensitive information requires consent #2017PAW #2017PAW Handle with care

  15. APP 8 Cross border disclosure Before disclosing personal information overseas, reasonable steps must be taken to ensure that the overseas recipient does not breach the APPs The APP entity will be accountable for a breach of the APPs by an overseas recipient Subject to exceptions OAIC s Sending personal information overseas #2017PAW #2017PAW Handle with care

  16. APP 9 Adoption, use or disclosure of government related identifiers Prohibits an organisation from adopting, using or disclosing a government related identifier Number, letter, symbol used to identify an individual, e.g. Medicare # Exceptions include where the adoption, use or disclosure is required or authorised by law #2017PAW #2017PAW Handle with care

  17. APP 10 Quality An APP entity must take reasonable steps to ensure personal information it collects, uses or discloses is: accurate up-to-date complete relevant Must also take reasonable steps to ensure that personal information is relevant for the purpose of the use or disclosure #2017PAW #2017PAW Handle with care

  18. APP 11 Security Must take reasonable steps to protect personal information held from misuse, interference and loss, and from unauthorised access, modification or disclosure Obligation to destroy or de-identify personal information in certain circumstances OAIC s Guide to securing personal information #2017PAW #2017PAW Handle with care

  19. APP 12 Access to personal information An APP entity must provide an individual with access to the personal information they hold about them, unless a specific exception applies #2017PAW #2017PAW Handle with care

  20. APP 13 Correction of personal information An APP entity must take reasonable steps to correct personal information to ensure it is accurate, up-to-date, complete, relevant and not misleading, if: the entity is satisfied it needs to be corrected, or the individual requests correction. #2017PAW #2017PAW Handle with care

  21. About the OAIC

  22. OAICs regulatory powers Powers to: Promote privacy compliance Handle complaints and conduct investigations Enforcement powers OAIC s Privacy regulatory action policy #2017PAW #2017PAW Handle with care

  23. Promoting privacy compliance Approve enforceable codes Code obligations apply in addition to the APPs Developed by entities (on their own initiative or on request) or by the Commissioner Privacy performance assessments Direct an agency to give the Commissioner a privacy impact assessment #2017PAW #2017PAW Handle with care

  24. Privacy impact assessment (PIA) A systematic assessment of a project that identifies the impact that the project might have on the privacy of individuals, and sets out recommendations for managing, minimising or eliminating that impact Consider conducting PIAs as a matter of course for projects that involve personal information. OAIC s Guide to undertaking privacy impact assessments OAIC s PIA eLearning program . #2017PAW #2017PAW Handle with care

  25. Complaints and investigations Privacy powers to investigate an alleged interference with privacy include powers to: investigate a matter following a complaint by an individual Can decline a complaint for certain reasons, or refer to an alternative complaint body Otherwise, must attempt to conciliate the complaint investigate on the Commissioner's own initiative (a CII ) #2017PAW #2017PAW Handle with care

  26. Enforcement powers Enforcement powers, that range from less serious to more serious, include powers to: Accept an enforceable undertaking Make a determination following a complaint or CII Bring proceedings to enforce a determination Apply to the court for an injunction Apply to the court for a civil penalty order for a breach of a civil penalty provision #2017PAW #2017PAW Handle with care

  27. Minimising complaints/investigations Create and implement privacy management plan Consult OAIC guidance PIA for new information handling practices Manage customer/client expectations Clear APP privacy policy Clear APP 5 notice Staff training and awareness OAIC s ten tips for protection customers personal information Robust IDR process Data breach notification OAIC s Data breach notification guide #2017PAW #2017PAW Handle with care

  28. eLearning The OAIC s eLearning course on conducting a Privacy Impact Assessment (PIA)

  29. PIA eLearning If you are initiating a new project or developing a new policy, the OAIC s new PIA eLearning program will help you get privacy right from the start. The PIA eLearning course will: highlight the OAIC s expectations about when to do a PIA and what it should involve show you the different steps involved in a PIA provide you with tips and tools to help you complete your own PIA.

  30. What you will learn On completing the PIA eLearning, you will be able to: identify when a PIA is necessary conduct a PIA for your own projects confidently identify privacy risks and develop strategies to address these risks. The PIA eLearning program will be free and available for all to access, use and share. Join the OAIC s distribution list to be notified when the PIA eLearning program is released this PAW. You can sign up via www.oaic.gov.au/paw. #2017PAW #2017PAW Handle with care

  31. #2017PAW #2017PAW Handle with care

Related


Understanding the Privacy Paradox: Attitudes vs. Behaviors

Understanding the Privacy Paradox: Attitudes vs. Behaviors

clai_evi
Explore Contemporary Australian Art at the Adelaide Biennial

Explore Contemporary Australian Art at the Adelaide Biennial

clairp
Data Privacy Best Practices Training for Libraries

Data Privacy Best Practices Training for Libraries

teo_nah
Understanding Privacy in Information Security Training

Understanding Privacy in Information Security Training

lillia
Television Content Regulation in Australia

Television Content Regulation in Australia

ayv_m
Understanding Privacy Rights in Europe: A Comprehensive Overview

Understanding Privacy Rights in Europe: A Comprehensive Overview

jesu_26
NCVHS Subcommittee on Privacy Comments on HIPAA Privacy Rule for Reproductive Health Care

NCVHS Subcommittee on Privacy Comments on HIPAA Privacy Rule for Reproductive Health Care

haley
Privacy-Preserving Analysis of Graph Structures

Privacy-Preserving Analysis of Graph Structures

bilal
FMCSA Privacy Awareness Training Overview for 2022

FMCSA Privacy Awareness Training Overview for 2022

natan
Research Integrity 2.0 Australian Version: A Comprehensive Training Programme

Research Integrity 2.0 Australian Version: A Comprehensive Training Programme

dinah
Exploring Units 3 and 4 Australian History: Key Investigations and Big Planning Ideas

Exploring Units 3 and 4 Australian History: Key Investigations and Big Planning Ideas

fynley
Discovering Australian Wildlife: Kangaroos, Emus, and Koalas

Discovering Australian Wildlife: Kangaroos, Emus, and Koalas

avts944
Evolution of the Australian NewLaw Landscape: Trends and Perspectives

Evolution of the Australian NewLaw Landscape: Trends and Perspectives

dree_an
Understanding Data Privacy Laws and Regulations in Saudi Arabia

Understanding Data Privacy Laws and Regulations in Saudi Arabia

twyla
Understanding Breach of Confidence and Privacy Rights in English Law

Understanding Breach of Confidence and Privacy Rights in English Law

teodor
Understanding Breach of Confidence and Privacy Rights in Legal Context

Understanding Breach of Confidence and Privacy Rights in Legal Context

harmo
Overview of the Voluntary Assisted Dying Act 2017 in Victoria

Overview of the Voluntary Assisted Dying Act 2017 in Victoria

jye_14
Dynamic Pricing Algorithms with Privacy Preservation in Personalized Decision Making

Dynamic Pricing Algorithms with Privacy Preservation in Personalized Decision Making

lillia
Privacy Considerations in Data Management for Data Science Lecture

Privacy Considerations in Data Management for Data Science Lecture

maen728
Enhancing Online Patron Privacy in Library Websites

Enhancing Online Patron Privacy in Library Websites

weld852
Student Privacy Laws and Best Practices in Education Sector

Student Privacy Laws and Best Practices in Education Sector

nam_e
Understanding the Third-Party Doctrine in Privacy Law

Understanding the Third-Party Doctrine in Privacy Law

roan930
Proposal for IEEE 802.11 Privacy Enhancement

Proposal for IEEE 802.11 Privacy Enhancement

pkal
Kansas Student Data Privacy Legislation Overview

Kansas Student Data Privacy Legislation Overview

herme

More Related Content

Understanding House Prices, Rents, and Home Ownership Trends in Australian Capital Cities
Understanding House Prices, Rents, and Home Ownership Trends in Australian Capital Cities
Understanding FERPA: Family Educational Rights and Privacy Act
Understanding FERPA: Family Educational Rights and Privacy Act
Privacy Act Notice and GRB Status Update for October 2023 Meeting
Privacy Act Notice and GRB Status Update for October 2023 Meeting
Consumer Privacy Rights and Regulations Act (CPRA) Overview
Consumer Privacy Rights and Regulations Act (CPRA) Overview
Proposed Changes to School Week: Asymmetric Week Implementation
Proposed Changes to School Week: Asymmetric Week Implementation
Exploring Privacy Features with Hyperledger Besu in Ethereum Development
Exploring Privacy Features with Hyperledger Besu in Ethereum Development
Understanding VA Privacy Issues and Sensitive Information
Understanding VA Privacy Issues and Sensitive Information
Data Privacy in Sharing Sensitive Information
Data Privacy in Sharing Sensitive Information
Understanding Big Data and Privacy Issues in Today's Society
Understanding Big Data and Privacy Issues in Today's Society
Understanding Data Security and Privacy: An Overview of k-Anonymity, l-Diversity, t-Closeness, and Reconstruction Attacks
Understanding Data Security and Privacy: An Overview of k-Anonymity, l-Diversity, t-Closeness, and Reconstruction Attacks
Understanding Differential Privacy in Statistical Analysis
Understanding Differential Privacy in Statistical Analysis
Safeguarding Student Privacy in Educational Technology: A Comprehensive Guide
Safeguarding Student Privacy in Educational Technology: A Comprehensive Guide
Privacy-Preserving Prediction and Learning in Machine Learning Research
Privacy-Preserving Prediction and Learning in Machine Learning Research
Privacy and Registered Training Organisations: Lessons and Insights
Privacy and Registered Training Organisations: Lessons and Insights
Powering the Digital Economy: Regulatory Approaches to Securing Consumer Privacy, Trust, and Security
Powering the Digital Economy: Regulatory Approaches to Securing Consumer Privacy, Trust, and Security
Exploring Computer Ethics and Privacy Principles
Exploring Computer Ethics and Privacy Principles
Protecting User Privacy in Web-Based Applications through Traffic Padding
Protecting User Privacy in Web-Based Applications through Traffic Padding
Social Networks, Privacy, and Freedom of Association in the Digital Age
Social Networks, Privacy, and Freedom of Association in the Digital Age
Security and Privacy in 3G/4G/5G Networks: The AKA Protocol
Security and Privacy in 3G/4G/5G Networks: The AKA Protocol
Privacy-Aware Smart Buildings: Ensuring Privacy Policies and Preferences
Privacy-Aware Smart Buildings: Ensuring Privacy Policies and Preferences
Enhancing Privacy and Anonymous Communications with Technology
Enhancing Privacy and Anonymous Communications with Technology
Enhancing Privacy with Randomized MAC Addresses in 802.11 Networks
Enhancing Privacy with Randomized MAC Addresses in 802.11 Networks
The Economics of Privacy: Evolution and Implications
The Economics of Privacy: Evolution and Implications
Privacy and Data Protection in the Digital Age
Privacy and Data Protection in the Digital Age