Both the APPs and the APP guidelines apply to any organisation or agency the Privacy Act covers. Australian Privacy Principles quick reference. See full list on oaic.
APP entities must handle personal information openly and honestly. The type of personal information in question 2.
The methods that the entity uses to obtain information 3. This policy must entail: 1. Reasons for the collection and use of the information 4. Correction of information 5. Complaints by an individual 6. Sharing of information to foreign bodies and which countries these are located in. The law differs slightly depending on whether the entity is an agency or organisation.
If it’s an agency it can’t obtain personal information unless it’s necessary or related to a function of the agency. If it’s an organisation then they cannot obtain personal information unless it is necessary for a function of the organisation. Sensitive information cannot be obtained by an APP entity unless the person gives consent.
In regards to information that an entity receives but did not ask for, they must demonstrate that they could have collected that information pursuant to principle if they had solicited it. If they cannot demonstrate this, and if the information is not on any record within the Commonwealth, then the entity is obligated to destroy the information (if it is legal and reasonable). Within a reasonable time, the APP entity must notify a person about: 1. The identity and contact details of the entity 2. If they obtained the information from someone else, and how they collected the information 3. The reason why the entity has collected the information 5. What happens if only some information is collected 6. If another APP entity or similar entity collected the information 7. If the entity can share the information with an overseas body, and in which countries these overseas bodies reside in. How they may make a complaint 9. The APP entity has to make sure a person is aware of all these matters.
The information can also be used if the entity is not an enforcement body and the information is biometric, the receiver is an enforcement body and the use of it complies with the guidelines of the Commissioner. These rules to not apply to direct marketing or government related identifiers.
Organisations cannot use information for direct marketing, except for where: 1. The organisation obtained the information in order to satisfy a contractual obligation. The individual may also make a request not to receive direct marketing communications free of charge. The entity must make sure that any overseas recipient of information complies with the Privacy Principles, except for where they are bound by laws that protect information.
However, this must be similar to protection provided by the Principles. Using a government related identifier is also another exemption. Any information obtained by the APP entity must be correct, complete, and up to date. An APP entity can only disclose and use information once they ensure it’s accurate, relevant and complete. The materials herein are for informational purposes only and do not constitute legal advice.
Anonymity and Pseudonymity. Open and Transparent Management of Personal Information. Collection of Solicited Personal. Further, individuals are provided with a right of access and correction of their own personal information. There are also data security, data quality and cross-border transborder data flow requirements.
Many aspects of the privacy principles may require or allow an individual to provide consent to the collection, use or disclosure of personal information about him or her. The Act also establishes a number of situations where an individual can make a request or exercise a right. Each of these situations has a decision-making element.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.