Saturday, January 31, 2009

Privacy laws in Australia


The Privacy Act 1988 (Cth) establishes National Privacy Principles (NPPs) which apply to:

* all private sector organisations with an annual turnover of more than $3m
* health service providers
* traders in personal information
* contractors to the Australian Government as far as their activities are for the purposes of the contract.

There are limited exceptions from the coverage of the NPPs for employee records, contractors to State Governments and journalism. The NPPs represent best practice and as such should be followed even if they are not compulsory in your particular situation.

The NPPs establish standards for the collection, use, storage and disclosure of personal information. They include the following:

* You can only collect personal information if it is necessary for the function or activity of your organisation.
* You should not use or disclose personal information for a purpose different from the original purpose of collection, except in limited circumstances.
* You must take reasonable steps to ensure that personal information collected is accurate, complete and up-to-date.
* You must take reasonable steps to protect the personal information collected. This may mean that you will need to set up appropriate computer hardware and software systems for protection of data.
* You can transfer personal information to a person or organisation outside Australia only in limited circumstances. These include the requirement that you reasonably believe that the recipient is governed by comparative privacy laws, or that the individual whose personal information is being transferred consents to its transfer.

Although you are allowed to collect and use personal information, you are not allowed to collect and use "sensitive information" about individuals unless they first consent. Sensitive information is defined in the Act and includes information regarding race, gender, political opinion, religious beliefs, philosophical beliefs, membership of a trade union or professional organisation, or sexual preference or practices.

The NPPs also require you to explain your personal information collection and use practices to the people using your website at the time when you collect their information. As a practical measure, the above principles need to be incorporated into a privacy statement to be displayed on your website.
Posted by jaattey12 at 5:57 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)