Privacy Act¶
Related Topics¶
Data Protection and Security 
Security systems and data access policies
HOW DO THE AMENDMENTS TO THE PRIVACY ACT 1988 (CTH) AFFECT YOUR RELATIONSHIP WITH POTENTIALITY?¶
Introduction
As of 21 December 2001, ΓÇ£organisationsΓÇ¥ have to comply with the National Privacy Principles (ΓÇ£PrinciplesΓÇ¥) contained in the Privacy Act 1988 (Cth) (ΓÇ£ActΓÇ¥), or in some circumstances, an industry specific privacy code (ΓÇ£CodeΓÇ¥). We note that Codes will have to provide at least as much protection to consumers as the Principles.
(Privacy Act: http://www.austlii.edu.au/au/legis/cth/consol_act/pa1988108/ )
Does the ACT apply to Potentiality? YES
1. Potentiality is an ΓÇ£organisationΓÇ¥
The Act applies to ΓÇ£organisationsΓÇ¥, that is, generally all entities other than ΓÇ£small business operatorsΓÇ¥. An entity is generally considered to be a ΓÇ£small business operatorΓÇ¥ if it has an annual turnover of $3,000,000.00 or less.
However, entities that provide a ΓÇ£benefit, service or advantageΓÇ¥ to third parties to collect ΓÇ£personal informationΓÇ¥ (see point 2 below) about another person from that third party are excluded from the definition of ΓÇ£small business operatorΓÇ¥.
Accordingly, Potentiality will be considered to be an ΓÇ£organisationΓÇ¥, and is accordingly caught under the auspices of the Act, because in many cases it provides a benefit to schools who give it ΓÇ£personal informationΓÇ¥ concerning their members (ΓÇ£MembersΓÇ¥).
2. What is ΓÇ£personal information?ΓÇ¥
ΓÇ£Personal informationΓÇ¥ is defined under the Act generally to mean, amongst other things, information about an individual whose identity is apparent, or can reasonably be ascertained from, that information. Potentiality deals with the ΓÇ£personal informationΓÇ¥ of the Members.
3. Is Potentiality governed by the Principles or a Code?
Potentiality is currently governed by the Principles rather than a Code.
Does the ACT apply to Schools? YES
1. Schools generally are ΓÇ£organisationsΓÇ¥
The Act will generally apply to schools. Schools (like Potentiality) are considered to be ΓÇ£organisationsΓÇÖ under the Act. Schools will not be considered to be ΓÇÿsmall business operatorsΓÇ¥, because they will be considered either to provide a benefit, service or advantage to third parties to collect ΓÇ£personal informationΓÇ¥ (see above), or, perhaps more clearly, ΓÇ£disclose personal information about another individual to anyone else for a benefit, service or advantageΓÇ¥ (another exclusion from the definition of ΓÇ£small business operatorΓÇ¥)
2. Is the School governed by the Principles or a Code?
You will be governed by one or the other. If you are not sure which, you should contact the Department of Education, Employment and Training ( http://www.deet.vic.gov.au ).
National Privacy Principles¶
If you require a copy of the Principles, Potentiality would be pleased to provide you with such. For your convenience, we set out below a summary of the Principles most relevant to your relationship with Potentiality.
(For a full list of the National Privacy Principles, please follow the link: http://www.austlii.edu.au/au/legis/cth/consol_act/pa1988108/sch3.html )
We have received advice from our lawyers that neither you nor Potentiality will breach the Principles or any other provision of the Act through your relationship with Potentiality. If you are interested in a more detailed analysis, we would be happy to provide you with one.
1. Principle #1 Collection
An organisation must not collect personal information unless the information is necessary for one or more of its functions or activities.
An organisation must collect personal information by lawful and fair means and not in an unreasonably intrusive way.
When an organisation collects personal information of an individual, it must take steps to ensure that the individual knows the circumstances of the collection.
2. Principle #2 Use and disclosure
An organisation must not use or disclose personal information about an individual in circumstances differing from the primary purpose of collection (a ΓÇ£Secondary PurposeΓÇ¥), unless the individual has consented to the Secondary Purpose, or the Secondary Purpose is similar to the primary purpose, and the individual would reasonably expect the organisation to use or disclose the information for that Secondary Purpose.
3. Principle #4 Data security
An organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.
4. Principle #5 Openness
An organisation must set out in a document clearly expressed policies relating to its management of personal information.
5. Principle #6 Access and correction
Organisations must generally provide individuals with access to their personal information.
6. Principle #9 Transborder data flows
An organisation may transfer personal information about an individual to someone in a foreign country only if the organisation reasonably believes that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds the Principles, or the organisation has obtained the individuals consent.
7. Principle #10 Sensitive information
An organisation must not collect sensitive information about an individual without their consent. Sensitive information is defined to mean, amongst other things, information relating to race, political opinion, religion, sexual preferences or criminal record, which identifies that individual.
If you have any further questions or concerns in relation to the Principles or your relationship with Potentiality, please do not hesitate to discuss them with us. Further information can be found at http://www.privacy.gov.au/publications/npps01.html
sub-pages¶
0 0