Australian Privacy Commissioner and Regulations

Australian Privacy Commissioner and Regulations
Slide Note
Embed
Share

Regulating Australia's Privacy Act of 1988, the Australian Privacy Commissioner oversees personal information, sensitive data, tax details, and more. Entities must comply with 13 APPs, covering the information life cycle, privacy policies, and individual identification options

  • Australian Privacy
  • Privacy Commissioner
  • Regulatory Authority
  • Privacy Act
  • Data Protection
mccowan_e
mccowan_e Follow

Uploaded on Mar 15, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Independent Australian Government statutory authority The Australian Privacy Commissioner and staff regulate Australia s Privacy Act 1988

  2. Information privacy Australian Privacy Principles (APPs) Privacy Act contains provisions that deal with: personal information sensitive information (such as health information) tax file numbers credit information Commissioner s regulatory powers

  3. 13 APPs Principles apply to government agencies and private sector organisations (referred to as APP entities ) Structured to reflect the information life cycle planning, collection, use and disclosure, quality and security, access and correction APP Guidelines

  4. Take reasonable steps to implement practices, procedures and systems to ensure compliance with APPs Privacy policies must be clearly expressed and up-to-date OAIC s Guide to developing a privacy policy

  5. Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym Doesn t apply if identification is required by law or it is impracticable

  6. Covers collection of personal information and sensitive information Collection must be reasonably necessary for one or more of an APP entity s functions or activities Additional obligations apply to sensitive information

  7. If an APP entity receives unsolicited personal information, it must: Assess whether it could have collected the information under APP 3 If not, destroy or de-identify that information But different rules apply to Commonwealth records

  8. Outlines what an APP entity must tell an individual and when Includes: Who the entity is and how to contact it The purpose(s) of the collection Usual disclosures to third parties Complaint handling process Likely overseas disclosure

  9. Can only use or disclose personal information for: Purpose for which it was collected, or Secondary purpose if an exception applies

  10. Only use or disclose personal information for direct marketing purposes if certain conditions are met Opt-out option Direct marketing of sensitive information requires consent

  11. Before disclosing personal information overseas, reasonable steps must be taken to ensure that the overseas recipient does not breach the APPs The APP entity will be accountable for a breach of the APPs by an overseas recipient Subject to exceptions OAIC s Sending personal information overseas

  12. Prohibits an organisation from adopting, using or disclosing a government related identifier Number, letter, symbol used to identify an individual, e.g. Medicare # Exceptions include where the adoption, use or disclosure is required or authorised by law

  13. An APP entity must take reasonable steps to ensure personal information it collects, uses or discloses is: accurate up-to-date complete relevant Must also take reasonable steps to ensure that personal information is relevant for the purpose of the use or disclosure

  14. Must take reasonable steps to protect personal information held from misuse, interference and loss, and from unauthorised access, modification or disclosure Obligation to destroy or de-identify personal information in certain circumstances OAIC s Guide to securing personal information

  15. An APP entity must provide an individual with access to the personal information they hold about them, unless a specific exception applies

  16. An APP entity must take reasonable steps to correct personal information to ensure it is accurate, up-to- date, complete, relevant and not misleading, if: the entity is satisfied it needs to be corrected, or the individual requests correction.

  17. Powers to: Promote privacy compliance Handle complaints and conduct investigations Enforcement powers OAIC s Privacy regulatory action policy

  18. Approve enforceable codes Code obligations apply in addition to the APPs Developed by entities (on their own initiative or on request) or by the Commissioner Privacy performance assessments Direct an agency to give the Commissioner a privacy impact assessment

  19. A systematic assessment of a project that identifies the impact that the project might have on the privacy of individuals, and sets out recommendations for managing, minimising or eliminating that impact Consider conducting PIAs as a matter of course for projects that involve personal information. OAIC s Guide to undertaking privacy impact assessments

  20. Privacy powers to investigate an alleged interference with privacy include powers to: investigate a matter following a complaint by an individual Can decline a complaint for certain reasons, or refer to an alternative complaint body Otherwise, must attempt to conciliate the complaint investigate on the Commissioner's own initiative (a CII )

  21. Enforcement powers, that range from less serious to more serious, include powers to: Accept an enforceable undertaking Make a determination following a complaint or CII Bring proceedings to enforce a determination Apply to the court for an injunction Apply to the court for a civil penalty order for a breach of a civil penalty provision

  22. Create and implement privacy management plan Consult OAIC guidance PIA for new information handling practices Manage customer/client expectations Clear APP privacy policy Clear APP 5 notice Staff training and awareness OAIC s ten tips for protection customers personal information Robust IDR process Data breach notification OAIC s Data breach notification guide

  23. Visit our website: www.oaic.gov.au OAIC resources Sign up for OAICnet newsletter via the website Follow us on Twitter @OAICgov

Related


Buy Australian counterfeit Notes for sale - hartogcounterfeitnotes.com

Buy Australian counterfeit Notes for sale - hartogcounterfeitnotes.com

Amelia1
Buy Adderall XR 25mg - trinexpharmacy.com

Buy Adderall XR 25mg - trinexpharmacy.com

Amelia1
Dynamic Pricing Algorithms with Privacy Preservation in Personalized Decision Making

Dynamic Pricing Algorithms with Privacy Preservation in Personalized Decision Making

lillia
Privacy in Information Security Training

Privacy in Information Security Training

lillia
NCVHS Subcommittee on Privacy Comments on HIPAA Privacy Rule for Reproductive Health Care

NCVHS Subcommittee on Privacy Comments on HIPAA Privacy Rule for Reproductive Health Care

haley
Privacy-Preserving Analysis of Graph Structures

Privacy-Preserving Analysis of Graph Structures

bilal
FMCSA Privacy Awareness Training Overview for 2022

FMCSA Privacy Awareness Training Overview for 2022

natan
Data Privacy Laws and Regulations in Saudi Arabia

Data Privacy Laws and Regulations in Saudi Arabia

twyla
Privacy Considerations in Data Management for Data Science Lecture

Privacy Considerations in Data Management for Data Science Lecture

maen728
Television Content Regulation in Australia

Television Content Regulation in Australia

ayv_m
The Privacy Paradox: Attitudes vs. Behaviors

The Privacy Paradox: Attitudes vs. Behaviors

clai_evi
Privacy Rights in Europe: A Comprehensive Overview

Privacy Rights in Europe: A Comprehensive Overview

jesu_26
Breach of Confidence and Privacy Rights in Legal Context

Breach of Confidence and Privacy Rights in Legal Context

harmo
Data Privacy Best Practices Training for Libraries

Data Privacy Best Practices Training for Libraries

teo_nah
Enhancing Online Patron Privacy in Library Websites

Enhancing Online Patron Privacy in Library Websites

weld852
Contemporary Australian Art at the Adelaide Biennial

Contemporary Australian Art at the Adelaide Biennial

clairp
Student Privacy Laws and Best Practices in Education Sector

Student Privacy Laws and Best Practices in Education Sector

nam_e
Privacy Awareness Week 2017: Understanding the Australian Privacy Act

Privacy Awareness Week 2017: Understanding the Australian Privacy Act

saan296
The Challenges of Protecting Privacy with Differential Privacy

The Challenges of Protecting Privacy with Differential Privacy

rashiqu
Overview of HIPAA Privacy and Security Regulations

Overview of HIPAA Privacy and Security Regulations

ahesl
On Distributed Differential Privacy and Counting Distinct Elements

On Distributed Differential Privacy and Counting Distinct Elements

dam_don
COE 526 Differential Privacy Lecture 7 Highlights

COE 526 Differential Privacy Lecture 7 Highlights

mbogn

More Related Content