Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Slides:



Advertisements
Similar presentations
Data Protection Information Management / Jody McKenzie.
Advertisements

AMSRO Leaders Forum 2014 Presentation by Timothy Pilgrim to AMSRO Sydney, Thursday 20 March 2014.
PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.
CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.
Privacy An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
The Problem Solvers TM Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.
The Data Protection (Jersey) Law 2005.
Data Protection.
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
The Australian Privacy Principles Protecting information rights –­ advancing information policy.
CSE2500 Systems Security and Privacy Week 11 Privacy Law in Australia (after 2000)
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.
Hong Kong Privacy Code on Human Resource Management
Data Protection and Records Management
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Towards a Freedom of Information Law in Qatar Fahad bin Mohammed Al Attiya Executive Chairman, Qatar National Food Security Programme.
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Per Anders Eriksson
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
Jayne Van Souwe, Principal, Wallis Consulting Group Andrew Maher, Partner, HR Legal.
Data Protection for Church of Scotland Congregations
The Information Commissioner’s Office David Evans.
13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
HIPAA PRIVACY AND SECURITY AWARENESS.
1 Freedom of Information (Scotland) Act 2002 A strategic view.
Protecting information rights –­ advancing information policy The Australian Privacy Principles.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
Managing Risks Associated With Privacy Alison Baker- Senior Associate Hall & Wilcox 24 November
Data Protection Act AS Module Heathcote Ch. 12.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Data Protection and Records Management. Key Responsibilities - Record Management Keep Information Accurate Disclose only if compatible with purpose for.
IT Applications Theory Slideshows By Mark Kelly Vceit.com Privacy Laws.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
Privacy in the Workplace Roland Hassall, Partner Date: 12 November 2015.
INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
An NZFFBS Training Module.  Objective 1  State the purpose and principles of the Privacy Act and the Code of Ethics.  Objective 2  Apply the principles.
Privacy Compliance in Schools Darrebin A/P’s Network 7 May 2009.
Information Security TechLink Seminar, 17 April 2013 James Knapton, Information Compliance Officer, Registrary’s Office.
Federal Privacy Law Coverage and new requirements CLCNSW presentation 20 May 2014 Patrick Fair Partner Baker & McKenzie.
Data protection—training materials [Name and details of speaker]
The New Privacy Principles and Schools Charles Alexander Veronica Scott March2014 ME_ _3 (PPT)
Protection of Personal Information Act An Analysis on the impact.
Understanding Privacy An Overview of our Responsibilities.
Understanding Privacy An Overview of our Responsibilities.
The Data Protection Act 1998
An Overview for Staff Prepared by MSM Compliance Services Pty Ltd
Director, Regulation and Strategy
Privacy principles Individual written policies
IT Applications Theory Slideshows
General Data Protection Regulation
Data protection issues in regulatory investigations
APP entities (organisations)
The Data Protection Act 1998
Data Protection Legislation
Notifiable data breaches Roundtable
GENERAL DATA PROTECTION REGULATION (GDPR)
General Data Protection Regulation
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
An Overview for Staff Prepared by MSM Compliance Services Pty Ltd
Presentation transcript:

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016

Office of the Australian Information Commissioner (OAIC) Independent Australian Government statutory authority The Australian Privacy Commissioner and staff regulate Australia’s Privacy Act 1988

What does the Privacy Act cover? Information privacy Australian Privacy Principles (APPs) Privacy Act contains provisions that deal with: ‘personal information’ ‘sensitive information’ (such as health information) tax file numbers credit information Commissioner’s regulatory powers

Australian Privacy Principles 13 APPs Principles apply to government agencies and private sector organisations (referred to as ‘APP entities’) Structured to reflect the information life cycle — planning, collection, use and disclosure, quality and security, access and correction APP Guidelines

APP 1 — Open and transparent management of personal information Take reasonable steps to implement practices, procedures and systems to ensure compliance with APPs Privacy policies must be clearly expressed and up-to-date OAIC’s Guide to developing a privacy policy

Privacy management framework

APP 2 — Anonymity and pseudonymity Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym Doesn’t apply if identification is required by law or it is impracticable

APP 3 — Collection of personal and sensitive information Covers collection of personal information and sensitive information Collection must be ‘reasonably necessary’ for one or more of an APP entity’s functions or activities Additional obligations apply to sensitive information

APP 4 — Dealing with unsolicited personal information If an APP entity receives unsolicited personal information, it must: Assess whether it could have collected the information under APP 3 If not, destroy or de-identify that information But different rules apply to Commonwealth records

APP 5 — Notification of collection Outlines what an APP entity must tell an individual and when Includes: Who the entity is and how to contact it The purpose(s) of the collection Usual disclosures to third parties Complaint handling process Likely overseas disclosure

APP 6 — Use or disclosure Can only use or disclose personal information for: Purpose for which it was collected, or Secondary purpose if an exception applies

APP 7 — Direct Marketing Only use or disclose personal information for direct marketing purposes if certain conditions are met Opt-out option Direct marketing of sensitive information requires consent

APP 8 — Cross border disclosure Before disclosing personal information overseas, reasonable steps must be taken to ensure that the overseas recipient does not breach the APPs The APP entity will be accountable for a breach of the APPs by an overseas recipient Subject to exceptions OAIC’s Sending personal information overseas

APP 9 — Adoption, use or disclosure of government related identifiers Prohibits an organisation from adopting, using or disclosing a government related identifier Number, letter, symbol used to identify an individual, e.g. Medicare # Exceptions include where the adoption, use or disclosure is required or authorised by law

APP 10 — Quality An APP entity must take reasonable steps to ensure personal information it collects, uses or discloses is: accurate up-to-date complete relevant Must also take reasonable steps to ensure that personal information is relevant for the purpose of the use or disclosure

APP 11 — Security Must take reasonable steps to protect personal information held from misuse, interference and loss, and from unauthorised access, modification or disclosure Obligation to destroy or de-identify personal information in certain circumstances OAIC’s Guide to securing personal information

APP 12 — Access to personal information An APP entity must provide an individual with access to the personal information they hold about them, unless a specific exception applies

APP 13 — Correction of personal information An APP entity must take reasonable steps to correct personal information to ensure it is accurate, up-to- date, complete, relevant and not misleading, if: the entity is satisfied it needs to be corrected, or the individual requests correction.

OAIC’s regulatory powers Powers to: Promote privacy compliance Handle complaints and conduct investigations Enforcement powers OAIC’s Privacy regulatory action policy

Promoting privacy compliance Approve enforceable codes Code obligations apply in addition to the APPs Developed by entities (on their own initiative or on request) or by the Commissioner Privacy performance assessments Direct an agency to give the Commissioner a privacy impact assessment

Privacy impact assessment (PIA) A systematic assessment of a project that identifies the impact that the project might have on the privacy of individuals, and sets out recommendations for managing, minimising or eliminating that impact Consider conducting PIAs as a matter of course for projects that involve personal information. OAIC’s Guide to undertaking privacy impact assessments

Complaints and investigations Privacy powers to investigate an alleged interference with privacy include powers to: investigate a matter following a complaint by an individual Can decline a complaint for certain reasons, or refer to an alternative complaint body Otherwise, must attempt to conciliate the complaint investigate on the Commissioner's own initiative (a ‘CII’)

Enforcement powers Enforcement powers, that range from less serious to more serious, include powers to: Accept an enforceable undertaking Make a determination following a complaint or CII Bring proceedings to enforce a determination Apply to the court for an injunction Apply to the court for a civil penalty order for a breach of a civil penalty provision

Minimising complaints/investigations Create and implement privacy management plan Consult OAIC guidance PIA for new information handling practices Manage customer/client expectations Clear APP privacy policy Clear APP 5 notice Staff training and awareness — OAIC’s ten tips for protection customers’ personal information Robust IDR process Data breach notification — OAIC’s Data breach notification guide

Need further information? Visit our website: OAIC resources Sign up for OAICnet newsletter via the website Follow us on

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.