<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body dir="auto">
<div><br>
Apologies if I confused people with my previous message. The amendments will not be examined in this year's exams.</div>
<div><br>
</div>
<div>regards</div>
<div>Paula<br>
Sent from my iPad</div>
<div><br>
On 23 Jul 2014, at 1:33 pm, "Mark" <<a href="mailto:mark@vceit.com">mark@vceit.com</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<div dir="ltr">Apologies for crossposts.
<div><br>
</div>
<div>The Privacy Act (1988) - one of the mandated pieces of legislation in the current VCE IT study design - has been amended this year.</div>
<div><br>
</div>
<div>A summary of the amended Act appears below, but I have a question for Paula:</div>
<div><br>
</div>
<div>Should we assume that changes to the Act this year will not be examinable in this year's ITA or SD exams?</div>
<div><br>
</div>
<div>Cheers</div>
<div>Mark</div>
<div><br>
</div>
<div>---</div>
<div><br>
</div>
<div>
<div>Privacy Act Amendments - current as of 12 March 2014</div>
<div><br>
</div>
<div>The AUSTRALIAN PRIVACY PRINCIPLES (APPs) came into force on 12 March 2014.</div>
<div>They replace the Information Privacy Principles (IPPs) that previously applied to Australian and Norfolk Island Government agencies.</div>
<div>They also replace the National Privacy Principles (NPPs) that previously applied to private sector organisations. </div>
<div>The IPPs continue to apply to ACT Government agencies.</div>
<div><br>
</div>
<div>The APPs apply to “APP Entities”, which are:</div>
<div>•<span class="" style="white-space:pre"> </span>Australian and Norfolk Island government agencies</div>
<div>•<span class="" style="white-space:pre"> </span>private sector organisations with an annual turnover of $3 million or more</div>
<div>•<span class="" style="white-space:pre"> </span>some private sector organisations such as health service providers, child care centres, private schools and private tertiary educational institutions</div>
<div>•<span class="" style="white-space:pre"> </span>businesses that sell or purchase personal information</div>
<div>•<span class="" style="white-space:pre"> </span>credit reporting bodies</div>
<div>•<span class="" style="white-space:pre"> </span>contracted service providers for a Commonwealth contract</div>
<div>•<span class="" style="white-space:pre"> </span>employee associations registered or recognised under the Fair Work (Registered Organisations) Act 2009</div>
<div>•<span class="" style="white-space:pre"> </span>businesses that have opted-in to the Privacy Act</div>
<div>•<span class="" style="white-space:pre"> </span>businesses prescribed by the Regulations.</div>
<div><br>
</div>
<div>In addition, particular acts and practices of some other small business operators are covered by the Privacy Act including:</div>
<div><br>
</div>
<div>•<span class="" style="white-space:pre"> </span>activities of reporting entities or authorised agents relating to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and its Regulations and Rules</div>
<div>•<span class="" style="white-space:pre"> </span>acts and practices to do with the operation of a residential tenancy database</div>
<div>•<span class="" style="white-space:pre"> </span>activities related to the conduct of a protection action ballot.</div>
<div><br>
</div>
<div>The Privacy Act does <b>not</b> cover:</div>
<div><br>
</div>
<div>•<span class="" style="white-space:pre"> </span>State or Northern Territory Government agencies, including state and territory public hospitals and health care facilities (which are covered under State and territory legislation) except:</div>
<div><span class="" style="white-space:pre"></span>•<span class="" style="white-space:pre">
</span>certain acts and practices related to Personally Controlled Electronic Health Records and Individual Healthcare Identifiers</div>
<div>•<span class="" style="white-space:pre"> </span>entities prescribed by the Regulations</div>
<div>•<span class="" style="white-space:pre"> </span>ACT Government agencies handling health information or health records</div>
<div>•<span class="" style="white-space:pre"> </span>individuals acting in their own capacity, including your neighbours</div>
<div>•<span class="" style="white-space:pre"> </span>universities, other than private and ACT universities and the Australian National University</div>
<div>•<span class="" style="white-space:pre"> </span>public schools (except ACT public schools)</div>
<div>•<span class="" style="white-space:pre"> </span>in some circumstances, the handling of employee records by an organisation in relation to current and former employment relationships</div>
<div>•<span class="" style="white-space:pre"> </span>small business operators, unless an exception applies (see above)</div>
<div>•<span class="" style="white-space:pre"> </span>media organisations acting in the course of journalism if the organisation is publicly committed to observing published privacy standards</div>
<div>•<span class="" style="white-space:pre"> </span>registered political parties and political representatives.</div>
<div><br>
</div>
<div><b>THE AMENDED AUSTRALIAN PRIVACY PRINCIPLES (APPs)</b></div>
<div><br>
</div>
<div>APP 1 — Open and transparent management of personal information</div>
<div>Ensures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed and up to date APP privacy policy.</div>
<div><br>
</div>
<div>APP 2 — Anonymity and pseudonymity</div>
<div>Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.</div>
<div><br>
</div>
<div>APP 3 — Collection of solicited personal information</div>
<div>Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information.</div>
<div><br>
</div>
<div>APP 4 — Dealing with unsolicited personal information</div>
<div>Outlines how APP entities must deal with unsolicited personal information.</div>
<div><br>
</div>
<div>APP 5 — Notification of the collection of personal information</div>
<div>Outlines when and in what circumstances an APP entity that collects personal information must notify an individual of certain matters.</div>
<div><br>
</div>
<div>APP 6 — Use or disclosure of personal information</div>
<div>Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.</div>
<div><br>
</div>
<div>APP 7 — Direct marketing</div>
<div>An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.</div>
<div><br>
</div>
<div>APP 8 — Cross-border disclosure of personal information</div>
<div>Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.</div>
<div><br>
</div>
<div>APP 9 — Adoption, use or disclosure of government related identifiers</div>
<div>Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.</div>
<div><br>
</div>
<div>APP 10 — Quality of personal information</div>
<div>An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete
and relevant, having regard to the purpose of the use or disclosure.</div>
<div><br>
</div>
<div>APP 11 — Security of personal information</div>
<div>An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in
certain circumstances.</div>
<div><br>
</div>
<div>APP 12 — Access to personal information</div>
<div>Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.</div>
<div><br>
</div>
<div>APP 13 — Correction of personal information</div>
<div>Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals. </div>
<div><br>
</div>
<div>---</div>
<div><br>
</div>
<div>Full details can be found at <a href="http://www.oaic.gov.au/privacy/privacy-resources/privacy-fact-sheets/other/privacy-fact-sheet-17-australian-privacy-principles">
http://www.oaic.gov.au/privacy/privacy-resources/privacy-fact-sheets/other/privacy-fact-sheet-17-australian-privacy-principles</a></div>
<div><br>
</div>
<div>Guidelines for complying with the APPs:</div>
<div><a href="http://www.oaic.gov.au/privacy/applying-privacy-law/app-guidelines/">http://www.oaic.gov.au/privacy/applying-privacy-law/app-guidelines/</a></div>
<div><span style="white-space:pre"></span><span style="white-space:pre"></span><br>
</div>
<div>References:</div>
<div><a href="http://www.oaic.gov.au/privacy/privacy-act/australian-privacy-principles">http://www.oaic.gov.au/privacy/privacy-act/australian-privacy-principles</a></div>
<div><a href="http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/app-quick-reference-tool">http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/app-quick-reference-tool</a></div>
</div>
<div><br>
</div>
<div><br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">
<div><br>
</div>
<div>Mark Kelly</div>
<div>mark AT vceit DOT com</div>
<div><a href="http://vceit.com" target="_blank">http://vceit.com</a></div>
<div><br>
</div>
<div>
<div><i>The two most important things to remember in order to become powerful are:</i></div>
<div><i>1. Never tell your competitors everything you know.</i></div>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span><a href="http://www.edulists.com.au">http://www.edulists.com.au</a> - FAQ, resources, subscribe, unsubscribe</span><br>
<span>IT Applications Mailing List kindly supported by</span><br>
<span><a href="http://www.vcaa.vic.edu.au/vce/studies/infotech/itapplications3-4.html">http://www.vcaa.vic.edu.au/vce/studies/infotech/itapplications3-4.html</a> - Victorian Curriculum and Assessment Authority <br></span><br>
<span><a href="http://www.vitta.org.au">http://www.vitta.org.au</a> - VITTA Victorian Information Technology Teachers Association Inc <br></span><br>
<span><a href="http://www.swinburne.edu.au/ict/schools">http://www.swinburne.edu.au/ict/schools</a> - Swinburne University</span></div>
</blockquote>
<p></p><p><b>Important - </b>This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education and Early Childhood Development.</p>
</body>
</html>