White SW Computer Law
Intellectual Property, Information Technology & Telecommunications Lawyers
Melbourne Office - PO Box 452, COLLINS STREET WEST Victoria 8007 Australia
Sydney Office - GPO Box 2506, SYDNEY New South Wales 2001 Australia
Telephone: Melbourne Office - +61 3 9629 3709 Sydney Office - +61 2 9233 2600
Facsimile: Melbourne Office - +61 3 9629 3217 Sydney Office - +61 2 9233 3044
Email: wcl@computerlaw.com.au Internet: http://www.computerlaw.com.au

User Tools

Site Tools


privacylaws

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

privacylaws [2017/07/30 18:03] (current)
Line 1: Line 1:
 +====== Privacy Laws ======
 +The [[privacylegislation|Privacy Act 1988 (Cth)]] ( "the Privacy Act" ) applies to Commonwealth government departments and agencies and the private sector.
 + 
 +The Privacy Act sets out, amongst other things:
 +  * The National Privacy Principles that apply to organisations. ​ These principles deal with:
 +      * The way in which personal information is collected;
 +      * Storage and security of that information;​
 +      * How that information can be used;
 +      * Access to personal information;​ and
 +      * Limits on the disclosure of personal information.
 +  * Guidelines relating to the use of tax file numbers; ​
 +  * Credit reporting rules.
 +
 +The Privacy Act states that "​personal information”:​ means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained,​ from the information or opinion."​
 +
 +===== The National Privacy Principles ( "​NPPs"​ ) =====
 +The [[http://​www.privacy.gov.au/​publications/​npps01.html|NPPs]] set out the minimum privacy standards for organisations.
 +
 +The Privacy Act defines an organisation as:
 +  * an individual; ​
 +  * a body corporate;
 +  * a partnership;​
 +  * any other unincorporated association;​ or
 +  * a trust
 +
 +that is not a small business operator, a registered political party, an agency (defined as a Commonwealth government body or authority), a State or Territory authority or a prescribed instrumentality of a State or Territory.
 +
 +The Privacy Act defines a small business as a business with a turnover of less that $3 million per year.
 +
 +An organisation must comply with either:
 +  * The NPPs; or
 +  * Their own privacy code that contains obligations that are at least equivalent to the NPPs and has been approved by the Privacy Commissioner.
 +
 +===== The Complaint Process =====
 +If a person believes that you are in breach of one or more of the NPPs, they may lodge a complaint with the Privacy Commissioner.
 +
 +The Privacy Commissioner will not usually investigate a complaint until it has first been formally raised with the person that is alleged to have breached the NPPs.
 +
 +If this fails to resolve the matter, the Privacy Commissioner will investigate the complaint and attempt to negotiate a settlement between the parties. ​
 +
 +The Privacy Commissioner may require the parties to attend a compulsory conference in order to either facilitate settlement or further investigate the matter.
 +
 +After investigating the complaint the Privacy Commissioner may make a determination that:
 +
 +  * The complaint be dismissed; or
 +  * That the complaint is substantiated and:
 +     * The organisation who breached the NPPs should not continue or repeat such conduct;
 +     * The organisation should take action to remedy the situation. ​ This may include:
 +        * a written apology;
 +        * re-training staff;
 +        * changing procedures; or
 +        * amending or deleting personal information; ​
 +     * that the complainant is entitled to monetary compensation for loss or damage suffered (not as a penalty or a fine); or
 +     * that no further action should be taken in relation to the complaint.
 +
 +===== Disclosing Information =====
 +You are required to keep a record of each disclosure made.  You should record:
 +  * the date of the disclosure;
 +  * what was disclosed and to whom;
 +  * the reason for the disclosure; and
 +  * if a customer consents to a disclosure, you should request that they consent in writing and keep a copy of their consent with the record of disclosure.
 +
 +Organisations that store personal information should ensure that they review their policies in relation to the storage and maintenance of such information and develop in-house policies as to how such information may be accessed and used.  ​
 +
 +All staff should be trained in the required procedures, before the obligations under the Privacy Act come into effect to ensure your organisation’s compliance.
 +
 +This article is a guide only and should not be used as a substitute for proper legal advice, readers should make their own enquires and seek appropriate legal advice.
  

  © White SW Computer Law 1994-2019. ABN 94 669 684 644. All Rights Reserved.
  Liability limited by a scheme approved under Professional Standards Legislation
  This website is a guide only and should not be used as a substitute for proper legal advice.
  Readers should make their own enquiries and seek appropriate legal advice.
  For legal advice please email wcl@computerlaw.com.au