[Year 12 SofDev] Privacy Act amendments 2014

Mark mark at vceit.com
Wed Jul 23 13:28:46 EST 2014


Apologies for crossposts.

The Privacy Act (1988) - one of the mandated pieces of legislation in the
current VCE IT study design - has been amended this year.

A summary of the amended Act appears below, but I have a question for Paula:

Should we assume that changes to the Act this year will not be examinable
in this year's ITA or SD exams?

Cheers
Mark

---

Privacy Act Amendments - current as of 12 March 2014

The AUSTRALIAN PRIVACY PRINCIPLES (APPs) came into force on 12 March 2014.
They replace the Information Privacy Principles (IPPs) that previously
applied to Australian and Norfolk Island Government agencies.
They also replace the National Privacy Principles (NPPs) that previously
applied to private sector organisations.
The IPPs continue to apply to ACT Government agencies.

The APPs apply to “APP Entities”, which are:
• Australian and Norfolk Island government agencies
• private sector organisations with an annual turnover of $3 million or more
• some private sector organisations such as health service providers, child
care centres, private schools and private tertiary educational institutions
• businesses that sell or purchase personal information
• credit reporting bodies
• contracted service providers for a Commonwealth contract
• employee associations registered or recognised under the Fair Work
(Registered Organisations) Act 2009
• businesses that have opted-in to the Privacy Act
• businesses prescribed by the Regulations.

In addition, particular acts and practices of some other small business
operators are covered by the Privacy Act including:

• activities of reporting entities or authorised agents relating to the
Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and its
Regulations and Rules
• acts and practices to do with the operation of a residential tenancy
database
• activities related to the conduct of a protection action ballot.

The Privacy Act does *not* cover:

• State or Northern Territory Government agencies, including state and
territory public hospitals and health care facilities (which are covered
under State and territory legislation) except:
 • certain acts and practices related to Personally Controlled Electronic
Health Records and Individual Healthcare Identifiers
• entities prescribed by the Regulations
• ACT Government agencies handling health information or health records
• individuals acting in their own capacity, including your neighbours
• universities, other than private and ACT universities and the Australian
National University
• public schools (except ACT public schools)
• in some circumstances, the handling of employee records by an
organisation in relation to current and former employment relationships
• small business operators, unless an exception applies (see above)
• media organisations acting in the course of journalism if the
organisation is publicly committed to observing published privacy standards
• registered political parties and political representatives.

*THE AMENDED AUSTRALIAN PRIVACY PRINCIPLES (APPs)*

APP 1 — Open and transparent management of personal information
Ensures that APP entities manage personal information in an open and
transparent way. This includes having a clearly expressed and up to date
APP privacy policy.

APP 2 — Anonymity and pseudonymity
Requires APP entities to give individuals the option of not identifying
themselves, or of using a pseudonym. Limited exceptions apply.

APP 3 — Collection of solicited personal information
Outlines when an APP entity can collect personal information that is
solicited. It applies higher standards to the collection of ‘sensitive’
information.

APP 4 — Dealing with unsolicited personal information
Outlines how APP entities must deal with unsolicited personal information.

APP 5 — Notification of the collection of personal information
Outlines when and in what circumstances an APP entity that collects
personal information must notify an individual of certain matters.

APP 6 — Use or disclosure of personal information
Outlines the circumstances in which an APP entity may use or disclose
personal information that it holds.

APP 7 — Direct marketing
An organisation may only use or disclose personal information for direct
marketing purposes if certain conditions are met.

APP 8 — Cross-border disclosure of personal information
Outlines the steps an APP entity must take to protect personal information
before it is disclosed overseas.

APP 9 — Adoption, use or disclosure of government related identifiers
Outlines the limited circumstances when an organisation may adopt a
government related identifier of an individual as its own identifier, or
use or disclose a government related identifier of an individual.

APP 10 — Quality of personal information
An APP entity must take reasonable steps to ensure the personal information
it collects is accurate, up to date and complete. An entity must also take
reasonable steps to ensure the personal information it uses or discloses is
accurate, up to date, complete and relevant, having regard to the purpose
of the use or disclosure.

APP 11 — Security of personal information
An APP entity must take reasonable steps to protect personal information it
holds from misuse, interference and loss, and from unauthorised access,
modification or disclosure. An entity has obligations to destroy or
de-identify personal information in certain circumstances.

APP 12 — Access to personal information
Outlines an APP entity’s obligations when an individual requests to be
given access to personal information held about them by the entity. This
includes a requirement to provide access unless a specific exception
applies.

APP 13 — Correction of personal information
Outlines an APP entity’s obligations in relation to correcting the personal
information it holds about individuals.

---

Full details can be found at
http://www.oaic.gov.au/privacy/privacy-resources/privacy-fact-sheets/other/privacy-fact-sheet-17-australian-privacy-principles

Guidelines for complying with the APPs:
http://www.oaic.gov.au/privacy/applying-privacy-law/app-guidelines/

References:
http://www.oaic.gov.au/privacy/privacy-act/australian-privacy-principles
http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/app-quick-reference-tool



-- 

Mark Kelly
mark AT vceit DOT com
http://vceit.com

*The two most important things to remember in order to become powerful are:*
*1. Never tell your competitors everything you know.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.edulists.com.au/pipermail/sofdev/attachments/20140723/60799912/attachment.html 


More information about the sofdev mailing list