Australian Privacy Principles
The Australian Privacy Policy (APP) Act relates to protection of an individual’s personal information held by business and government (Also known as entity) and sets out standards, rights and obligations for the management of personal information.
Privacy Legislation for Individuals
Individuals have the right to have open and transparent management of personal information, the objective of this principle is to ensure an organisation is open and transparent about the way it manages your information. The organisation must have an up to date Privacy Policy that includes information on what is being collected and how it collects. It also must include what it does with your information and how you can access your information, it also must include who it might disclose your information to and you also have a right to ask for your information at any time. The APP Act allows you to know why your personal information is being collected, how it will be used and who it will be disclosed to. You also have the option of not identifying yourself, or of using a pseudonym in certain circumstances and to ask for access to your personal information (including your health information), to stop receiving unwanted direct marketing, ask for your personal information that is incorrect to be corrected and make a complaint about an entity covered by the privacy act if you consider that they have mishandled your personal information.
Privacy Legislation for businesses
An entity must not collect personal information unless it is directly related to or required for the entity’s functions or activities. Sensitive information must not be collected without the individual’s consent, if an entity receives personal information they should determine if it could’ve been legally obtained under APP, if it has then they can store and use that information but if it hasn’t then they must destroy it. At the time or before collection of information an entity must notify the individual about what information is required to be collected, the reason for collection and if someone else has provided the information, they also need to inform the individual what information was collected and by whom. If an entity holds information about an individual they must only use that information for the purpose that is was collected for, exceptions to this would be that the information can be used for a secondary purpose under certain conditions or if it is directly related to the primary purpose for collection and legal obligations.
If an entity holds personal information about an individual it must not be used for the purpose of direct marketing exceptions to this are if the organisation collected that information from the individual, if the individual would reasonably expect it to be used for that purpose or contractual arrangements. Before an entity can disclose personal information to an individual or entity outside of the Australian Legal Jurisdiction they must ensure that the overseas recipient does not breach any part of the APP. An organisation must not adopt or use an individual’s personal identifier as its own Centrelink Identifiers, Student Numbers or Medicare Numbers. An exception to this only where it is required by law or verification of identification. An entity must take reasonable steps to ensure that information collected from individuals is accurate, up-to-date, and complete. An entity must take reasonable steps to ensure that information is protected from misuse, interference, unauthorised access or disclosure. If an entity holds personal information about an individual they must, when requested by that individual, provide access to the information. Exceptions to this are either legal grounds, threats to life, health or public safety. Organisations must respond to requests within 30 days. Charges for provision of information can only by made by organisations and must not be excessive. An organisation must take reasonable steps to correct personal information when notified by the individual.
-Jess
Obtuse Bastards 