Embedded Files
Lesson Objectives:
Australian Privacy Principles relating to the acquisition, management and communication of data and information such as non-identification of individuals (Principle 2), information only being held for its primary purpose (Principle 6) and the security measures used to protect personal information (Principle 11)
Legislature ensuring Privacy of Data
Legislature ensuring Privacy of Data
Federal
Federal
Privacy Act (1988)
Privacy Amendment (2012)
Applies to:
All Federal Government Organisations including Norfolk Island
Any Private Health Care Service providers
any business that trades in personal information or has annual turn over exceeding $3,000,000.
Businesses that opt in to follow the protocols.
State
State
Applies to:
Healthcare providers
Any organisation that stores health related data
Privacy and Data Protection Act (2014)
Applies to:
All State Government Organisations
Australian Privacy Principles
Australian Privacy Principles
Our Focus
Our Focus
APP 2, ‘Anonymity and pseudonymity’
APP 2, ‘Anonymity and pseudonymity’
Australian Privacy Principle 2 provides individuals dealing with organisations the option of using a different name or a pseudonym in relation to a particular matter. This measure is in place so that individuals cannot be identified. In addition, individuals can also remain anonymous. For example, when an individual calls an organisation, often a message states that the call will be recorded for training purposes. If the individual objects, the call is not recorded. At a later date, when staff from the organisation receive training, the names of the individuals whose voices have been recorded must be changed in order to protect their identity when these real examples are used.
APP 6, ‘Use or disclosure of personal information’
APP 6, ‘Use or disclosure of personal information’
Australian Privacy Principle 6 states that the information that is being held is in line with the primary purpose it was intended for. Information cannot be used for a secondary purpose unless the holders of the information have received consent from the individuals concerned. For example, if a sporting organisation collected information about their players for the purpose of organising competitions and making the details available to the coaches and captains, then that would be the primary purpose of the data. However, if the sporting organisation wanted to provide the details of their members to a shop that specialised in sporting merchandise, then it could not do so, as this would be using the information for a purpose for which it was not intended.
APP 11, ‘Security of personal information’
APP 11, ‘Security of personal information’
Australian Privacy Principle 11 refers to measures taken to actively secure personal information held, and also considers whether those who hold this personal information are permitted to retain it. Reasonable steps need to be taken to protect the information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. Additionally, once there is no longer a need for any purpose, reasonable steps need to be taken to destroy or de-identify the personal information held
6. Seeking Permission
6. Seeking Permission
Because of privacy laws such as the Australian Privacy Principles (APPs), it is necessary to seek permission to collect any data or information that involves people. For example, you should obtain permission (consent) to photograph or video individuals or groups. The organisation or individual seeking permission needs to let the people photographed or videoed know the purpose of the photographs or video and what they may be used for. Permission is usually provided in written form and is often referred to as ‘consent’. Permission must be sought because a photograph or video image in which an individual can be identified is considered to be personal information. Pictures of people can be used in advertisements, or for marketing purposes, and sometimes pictures can be used thoughtlessly and depict people in a false light.
Templates when seeking permission
Templates when seeking permission
Project Information Template.docxPermission Template.docx2. De-Identifying Data
2. De-Identifying Data
When undertaking research, it is very important to uphold the privacy of the participants. Privacy is a fine balance between their interests and those of researchers. Privacy laws attempt to stop inappropriate intrusion into the lives of individuals. Often, however, the problem is not the collection of data, but how the data is used or misused by people entrusted with it. To maintain privacy, and to de-identify the data, personal identifiers such as names and birthdates that are associated with individuals need to be removed so that information cannot be traced or identified.
11. Securing Data
11. Securing Data
Data must be stored in a way that preserves confidentiality and meets all legal requirements. Stored data can be protected with both physical and software-based controls, such as backing up of data and shredding of confidential documents.
Physical Security
Physical Security
Locks and doors
Portability
Disposal
Software Securities
Software Securities
Encryption
Usernames and Passwords
Firewalls
Whitelisting, Blacklisting
Page updated
Report abuse