Impact of the Privacy Act 1988 (Australia)

Details
Parent Category: Impacts of Technology
Category: Regulations
Hits: 6816
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
 

SYLLABUS

Impact of the Privacy Act 1988 (Australia) on;

  • the collection of personal information
  • how personal information is used
  • access to personal information
  • implication of identity theft
  • safe disposal of data, 11 ATAR, 12 GEN

THE PRIVACY ACT 1988 (AUSTRALIA)

"The Privacy Act 1988 (Privacy Act) is an Australian law which regulates the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information, and access to and correction of that information. " Source: http://www.oaic.gov.au/privacy/privacy-act/the-privacy-act

There are 13 Privacy Principles to guide handling of personal information 

Sources

  • Website with the 13 Privacy Principles
  • Fact Sheet to download as a PDF

 

For collection of personal information (Privacy Principle 5)

  • privacy Principle 3 - Collection of Unsolicited Personal Information
  • if a company collects information, it must be related to their day to day business
  • if it collects sensitive information, the individual must consent to it
  • example; the Schools Curriculum and Standards Authority of West Australia must get permission to use a student's work in work samples for teachers
  • The Privacy Act 1988 Privacy Principal 5 details
  • Privacy Amendment (Notifiable Data Breaches NDB) Act 2017 means business earning >$3 million annually must notify customers and the Office of the Australian Information Commissioner within 30 days of the breach.

 

How personal information is used (Privacy Principal 6 and 7)

  • it must be used as part of the normal business function. eg Doctor's surgery keeps patient details secure and doesn't share them publicly
  • must keep the information secure; prevent interference, misuse and loss of the information

 

Access to personal information (Privacy Principle 12)

  • if someone wants to see the information that a company has about them, they must show it to them

 

Implication of identity theft

  • identity theft is when someone pretends they are you, to steal money, take out loans
  • it can happen to adults and kids
  • if you post personal information on the internet you could be the next victim
  • don't open emails, if you don't know the sender
  • delete emails if you don't know the sender
  • keep a separate email account for personal things
  • have a second email account for all other internet general things
  • don't download files from websites that are not known to you

 

Safe disposal of data (Privacy Principle 10)

  • if the company has finished with the data, it must destroy the information.
    • paper information can be burned or shredded
    • digital data on a hard drive or USB can be physically destroyed with a hammer, or wiped by writing and re-writing over the top of the data.
  • make sure the owner can't be identified, removing or covering over names
  • eg; the Schools Curriculum and Standards Authority of West Australia must delete past WACE exams after a period of time
  • any company, when it is finished with your private information, must destroy or de-identify it

 

 FOR YOU TO DO

  1. What are the requirements for a company when they collect personal information?

  2. What are the requirements for keeping the personal information?

  3. What are the requirements when finished with the personal data?

  4. Explain two methods of disposing of data.

 

 
 
Found an error or enhancement? Please fill out this contact us form.