[Year 12 IPM] Privacy and 3 new "biometric" NPPs

tony at star.melb.catholic.edu.au tony at star.melb.catholic.edu.au
Fri Jul 28 10:21:03 EST 2006 

Fellow IP&M-ers,

I just received this email from Primedia.

It's an interesting read related to the Privacy Act with the
addition of 3 new NPPs covering the use of biometric information
that kicks in 1 Sept 2006.

Cheers,
TJ


===========================================================
PRIVACY MEDIA E-MAIL LIST
Office of the Privacy Commissioner
Networking for Privacy Solutions
http://www.privacy.gov.au
===========================================================
Dear Primedia member,

The Commissioner has issued the following Media Release. It is available @ 
http://www.privacy.gov.au/news/media/06_4.html

----Media Release: Privacy Commissioner approves Biometrics Institute 
Privacy Code---

27 July 2006

Privacy Commissioner, Karen Curtis has approved the Biometrics Institute 
Privacy Code, which comes into operation on 1 September 2006.

"I am pleased to announce that I have approved the Biometrics Institute 
Privacy Code, submitted to my Office by the Biometrics Institute," said Ms 
Curtis.

"This has been a long term project and I congratulate the Biometrics 
Institute for their efforts in developing the Privacy Code.

"My Office will handle privacy complaints about organisations who volunteer 
to be bound by the Code," said Ms Curtis.

The Code includes privacy standards that are at least equivalent to the 
National Privacy Principles (NPPs) in the Privacy Act and also incorporates 
higher standards of privacy protection in relation to:
•       certain acts and practices in relation to employee records that 
otherwise would be exempt.
•       the addition of three new Supplementary Biometrics Institute 
Privacy Principles 11, 12, and 13 in the Code:

o       Principle 11 deals with the protection of biometric information and 
in some ways supplements the data security obligations in NPP 4.

o       Principle 12 includes some added notice requirements, restricts 
some secondary uses without express free and informed consent and confers a 
right to request the removal of biometric information from a system. These 
obligations enhance NPP 1.3, NPP 1.5, NPP 2 and NPP 4.

o       Principle 13 introduces an obligation of accountability through an 
extra notice obligation, requires an audit of biometric systems to be 
undertaken, introduces the concept of holistic privacy management in 
relation to a biometric product or service, and mandates the use of privacy 
impact assessments. These requirements augment NPP 1, NPP 4 and NPP 5.1.
•       the inclusion of specific requirements in the Code for code 
subscribers to be aware of and take account of relevant national and 
international standards for information protection and biometric systems.

The Biometrics Institute is a 'not for profit' entity with the purpose of 
promoting the responsible use of and development of biometrics. The 
Biometrics Institute Privacy Code is intended to cover organisations which 
volunteer to be bound by the Code and which sell or use biometric services 
and products.

Further information regarding the Biometrics Institute Privacy Code and 
signatory organisations are available by contacting the Biometrics Institute.

Now that the Code has been registered on the Federal Register of 
Legislative Instruments it will be entered into the Commissioner's register 
of approved privacy codes on the Office's website.

Background

The Privacy Act establishes a framework in which organisations, or groups 
of organisations, are able to develop their own privacy code for the 
handling of personal information. The co-regulatory component in the 
legislation is designed to allow for flexibility in an organisation's 
approach to privacy while guaranteeing that consumers' personal information 
is subject to minimum standards that are enforceable in law.

The Privacy Commissioner may only approve a code if it contains standards 
that are at least the equivalent overall to the NPPs. Once a code has been 
approved organisations can choose to be bound by the code and it will then 
replace the NPPs for those organisations.

Regards


Office of the Privacy Commissioner
media at privacy.gov.au

You are subscribed to primedia as tony at star.melb.catholic.edu.au.
To unsubscribe, send a blank email to leave-primedia-17420F at list.privacy.gov.au

!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!
PRIVACY

Please note that as a subscriber to this list, your email address is known 
to the Office of the Privacy Commissioner (OPC). The OPC is an Australian 
Government Agency within the jurisdiction of the Privacy Act. The purpose 
of this list is to advise members of relevant OPC media releases. Your 
e-mail address or any other personal information collected will only be 
used for the purpose for which it was collected and will not be disclosed 
to any person, body or agency except where required by law.
!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*! 



_______________________________________
This email and any attachments may be
confidential and, if you are not the intended
recipient, you must not disclose or use the
information in this mail.  If received in error,
please notify us immediately and delete the
email and all copies.

The college does not guarantee that this email
is virus free or error free. Any attached files are
provided and may only be used on the basis that
the user assumes all responsibility for any loss,
damage or consequence resulting directly or
indirectly from the use of the attached files, whether
caused by the negligence of the sender or not.

The content and opinions in this email are not
necessarily those of Star of the Sea College Inc.

More information about the ipm mailing list