Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.

Published byKerrie Stanley Modified over 8 years ago

Similar presentations

Presentation on theme: "An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people."— Presentation transcript:

1

2 An Introduction to the Privacy Act

3 Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people rather than physical intrusions into privacy Establishes 12 information privacy principles which regulate the collection, storage, use and disclosure of personal information and give people the right to access and correct their information Allows the Privacy Commissioner to issue industry specific codes of practice Sets out rules for information matching Provides a set of principles regulating how information on public registers can be used Sets up a complaints procedure Sets out how law enforcement information is to be dealt with Provides for the appointment of a Privacy Commissioner and sets out his role and functions

4 Definition of Personal Information Information about an identifiable individual Does not include information about a corporate body

5 AgencyAgency Any person or body of persons Corporate or unincorporate Public or private sector Some exceptions: MPs, courts and tribunals, news media in relation to its news activities Sections 3 and 4

6 Breach of IPP AND Adverse Consequence Results in Interference With Individual’s Privacy BreachInterferenceLoss

7 Interference With Privacy (Access) Referral Failure to respond within 20 working days Conditions on use Charging Refusal to correct Interference with privacy if there is no proper basis for:

8 IPP 1 - Purpose of Collection of Personal Information Information is collected for a lawful purpose connected with the function / activity of the agency Collection necessary for that purpose Not to be collected by an agency unless: ISSUES Lawful purpose? Is it purpose connected with a function / activity of the agency? Is collection necessary for that purpose?

9 IPP 2 - Source of Personal Information Where an agency collects personal information, the agency shall collect the information directly from the individual concerned. No compliance permissible where the agency believes, on reasonable grounds, that: Individual has authorised collection of the information from someone else Compliance would prejudice the purpose of that collection Compliance not reasonably practicable in the circumstances (Non-compliance permissible on certain other grounds)

10 IPP 3 - Collection of Personal Information From Subject (A) Where personal information collected directly from individual concerned, agency required to take reasonable steps to ensure individual is aware of: Fact information is being collected Purpose for which information is collected Intended recipients of information Contact details for agencies collecting and holding information Whether supply of information is mandatory / voluntary (Where law authorises / requires collection) Consequences if information not supplied Rights of access and correction Provide these details before collection if practicable

11 IPP 3 - Collection of Personal Information From Subject (B) It is authorised by the individual It would not prejudice the individual’s interests Compliance would prejudice purposes of collection Also certain other grounds IPP 3(4) Repeat explanation not necessary If given recently Non-compliance permissible where agency believes, on reasonable grounds, that:

12 IPP 4 - Manner of Collection of Personal Information Unlawful means Means that, in the circumstances are, -Unfair -Unreasonably intrude upon the Individual’s personal affairs Personal information must not be collected by:

13 KEY CONCEPTS PURPOSE AND OPENNESS KEY CONCEPTS PURPOSE AND OPENNESS Develop information handling policies Convey policies when collecting information

14 IPP 5 - Storage and Security of Information Loss Unauthorised access, use, modification or disclosure Other misuse Agency holding personal information must take reasonable security safeguards to protect against: ISSUES Physical security? Operational security? Security of transmission? Disposal or destruction?

15 IPP 6 - Access to Personal Information Where an agency holds personal information in a way that it can readily be retrieved, individuals are entitled to have access to information relating to them

16 IPP 6 - Access to Personal Information Obligations of agencies to Provide assistance Transfer access requests Respond within time limits Make information available in form requested Precautions by appropriate procedures: Satisfactory identification of individual Authority of agent Charges: No charge by public sector agency Reasonable charges by others

17 Withholding Grounds - Principle 6 27(1)(c) - prejudice maintenance of law 27(1)(d) - endanger safety 29(1)(a) - unwarranted disclosure 29(1)(c) - prejudice physical / mental health 29(2) - not readily retrievable / cannot be found / does not exist

18 IPP 7 - Correction of Personal Information An individual is entitled to request the correction of information Agency must either: Agency must notify known recipients of the information about this correction Make correctionOR Attach statement by individual of correction sought

19 IPP 8 - Accuracy of Personal Information to Be Checked Before Use Agencies must take reasonable steps to ensure personal information is accurate before using it Accurate Up to date Complete Not misleading Relevant

20 IPP 9 - Agency Not to Keep Personal Information or Longer Than Necessary Agency holding personal information shall not keep it for longer than required for the purposes for which it may lawfully be used. ISSUES Should it be retained at all? If so, for how long? Note legal obligations to retain, eg. tax, medical records Consider return, destruction, transfer

21 IPP 10 - Limits on Use of Personal Information Personal information collected for one purpose cannot be used for another purpose unless agency believes, on reasonable grounds, that: (Non-compliance permissible on Certain other grounds) Use for other purpose authorised by individual concerned Information sourced from publicly available publication Use for other purpose necessary to prevent or lessen a serious and imminent threat to - public health / safety - life / health of someone Purpose is directly related to the purpose for which it was collected

22 IPP 11 - Limits of Disclosure of Personal Information An agency shall not disclose personal information unless it believes, on reasonable grounds, that disclosure: (Non compliance permissible on Certain other grounds) Is to the individual concerned Is authorised by the individual Is one of the purposes in connection with which the information was obtained or is a directly related purpose Is in a form in which the individual is not identified

23 Information Privacy Principle 11 Authorised by Privacy Commissioner Research (No ID) Purpose of Collection Publicly Available Maintenance of the Law To the Person Public Health or Safety Needed to sell Business DISCLOSURE Don’t do it unless

24 IPP 12 - Unique Identifiers Agencies not to assign unique identifiers unless necessary to enable them to carry out their functions efficiently Agencies not to assign unique identifier that has been assigned by another agency Clearly identify the individual before assigning unique identifier Agencies not to require people to disclose a unique identifier assigned by another agency unless disclosure is for the purposes for which that unique identifier was assigned

25 Notification Complaints Review Tribunal Complaints Process Commissioner assists parties with settlement Investigation Final opinion Provisional Opinion - with right of response Referred by Privacy Commissioner Referred by Complainant

26 Privacy Act and Official Information Act Interface Requester X asks for information about himself Privacy Act IPP 6 Part IV Privacy Act Sections 27-29 - withholding grounds apply Requester X asks for information about Y Official Information Act Section 5 Presumption of availability Unless good reason for withholding information Section 9(2)(a) protect privacy of natural persons

27 Action authorised by other Legislation Privacy Act Does not Derogate Other Legislation

28 Telephone:04-474 7590 Enquiries hotline:0800 803 909 Or:09-302 8655 Email:privacy@actrix.co.nz Internet address:http://www.privacy.org.nz Postal address:Privacy Commissioner PO Box 10-094 Wellington Don’t blame the Privacy Act

Download ppt "An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people."

Similar presentations

Protection of privacy for all Students!

Protection of privacy for all Students!
Data Protection Information Management / Jody McKenzie.

Data Protection Information Management / Jody McKenzie.
CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.

CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Privacy and Confidentiality ??? Privacy and Confidentiality ??? Kathryn Dalziel.

Privacy and Confidentiality ??? Privacy and Confidentiality ??? Kathryn Dalziel.
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
The Australian Privacy Principles Protecting information rights –­ advancing information policy.

The Australian Privacy Principles Protecting information rights –­ advancing information policy.
CSE2500 Systems Security and Privacy Week 11 Privacy Law in Australia (after 2000)

CSE2500 Systems Security and Privacy Week 11 Privacy Law in Australia (after 2000)
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.

6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.
Hong Kong Privacy Code on Human Resource Management

Hong Kong Privacy Code on Human Resource Management
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
ICAICT202A - Work and communicate effectively in an IT environment

ICAICT202A - Work and communicate effectively in an IT environment
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Volunteers and the Law Riverland Community Legal Service Inc.

Volunteers and the Law Riverland Community Legal Service Inc.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)

Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations

Similar presentations

Ads by Google