[Year 12 IT Apps] Privacy Act amendments 2014

[Christophersen, Paula P]

Apologies if I confused people with my previous message. The amendments will not be examined in this year's exams.

regards
Paula
Sent from my iPad

On 23 Jul 2014, at 1:33 pm, "Mark" <mark at vceit.com<mailto:mark at vceit.com>> wrote:

Apologies for crossposts.

The Privacy Act (1988) - one of the mandated pieces of legislation in the current VCE IT study design - has been amended this year.

A summary of the amended Act appears below, but I have a question for Paula:

Should we assume that changes to the Act this year will not be examinable in this year's ITA or SD exams?

Cheers
Mark

---

Privacy Act Amendments - current as of 12 March 2014

The AUSTRALIAN PRIVACY PRINCIPLES (APPs) came into force on 12 March 2014.
They replace the Information Privacy Principles (IPPs) that previously applied to Australian and Norfolk Island Government agencies.
They also replace the National Privacy Principles (NPPs) that previously applied to private sector organisations.
The IPPs continue to apply to ACT Government agencies.

The APPs apply to “APP Entities”, which are:
• Australian and Norfolk Island government agencies
• private sector organisations with an annual turnover of $3 million or more
• some private sector organisations such as health service providers, child care centres, private schools and private tertiary educational institutions
• businesses that sell or purchase personal information
• credit reporting bodies
• contracted service providers for a Commonwealth contract
• employee associations registered or recognised under the Fair Work (Registered Organisations) Act 2009
• businesses that have opted-in to the Privacy Act
• businesses prescribed by the Regulations.

In addition, particular acts and practices of some other small business operators are covered by the Privacy Act including:

• activities of reporting entities or authorised agents relating to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and its Regulations and Rules
• acts and practices to do with the operation of a residential tenancy database
• activities related to the conduct of a protection action ballot.

The Privacy Act does not cover:

• State or Northern Territory Government agencies, including state and territory public hospitals and health care facilities (which are covered under State and territory legislation) except:
• certain acts and practices related to Personally Controlled Electronic Health Records and Individual Healthcare Identifiers
• entities prescribed by the Regulations
• ACT Government agencies handling health information or health records
• individuals acting in their own capacity, including your neighbours
• universities, other than private and ACT universities and the Australian National University
• public schools (except ACT public schools)
• in some circumstances, the handling of employee records by an organisation in relation to current and former employment relationships
• small business operators, unless an exception applies (see above)
• media organisations acting in the course of journalism if the organisation is publicly committed to observing published privacy standards
• registered political parties and political representatives.

THE AMENDED AUSTRALIAN PRIVACY PRINCIPLES (APPs)

APP 1 — Open and transparent management of personal information
Ensures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed and up to date APP privacy policy.

APP 2 — Anonymity and pseudonymity
Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.

APP 3 — Collection of solicited personal information
Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information.

APP 4 — Dealing with unsolicited personal information
Outlines how APP entities must deal with unsolicited personal information.

APP 5 — Notification of the collection of personal information
Outlines when and in what circumstances an APP entity that collects personal information must notify an individual of certain matters.

APP 6 — Use or disclosure of personal information
Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.

APP 7 — Direct marketing
An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.

APP 8 — Cross-border disclosure of personal information
Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.

APP 9 — Adoption, use or disclosure of government related identifiers
Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.

APP 10 — Quality of personal information
An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.

APP 11 — Security of personal information
An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.

APP 12 — Access to personal information
Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.

APP 13 — Correction of personal information
Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals.

---

Full details can be found at http://www.oaic.gov.au/privacy/privacy-resources/privacy-fact-sheets/other/privacy-fact-sheet-17-australian-privacy-principles

Guidelines for complying with the APPs:
http://www.oaic.gov.au/privacy/applying-privacy-law/app-guidelines/

References:
http://www.oaic.gov.au/privacy/privacy-act/australian-privacy-principles
http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/app-quick-reference-tool



--

Mark Kelly
mark AT vceit DOT com
http://vceit.com

The two most important things to remember in order to become powerful are:
1. Never tell your competitors everything you know.


_______________________________________________
http://www.edulists.com.au - FAQ, resources, subscribe, unsubscribe
IT Applications Mailing List kindly supported by
http://www.vcaa.vic.edu.au/vce/studies/infotech/itapplications3-4.html - Victorian Curriculum and Assessment Authority <br>
http://www.vitta.org.au  - VITTA Victorian Information Technology Teachers Association Inc <br>
http://www.swinburne.edu.au/ict/schools - Swinburne University

Important - This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education and Early Childhood Development.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.edulists.com.au/pipermail/itapps/attachments/20140723/1e25d437/attachment-0001.html