[Informatics] Query about privacy laws

Matheson, Heath A Matheson.Heath.A at edumail.vic.gov.au
Mon Nov 30 10:24:42 AEDT 2015 

Hi Natalie,

Thanks for prompting me to look up the changes in the laws that are in the study design. I’m relieved to see there don’t seem to be many changes to the “vibe” which I believe is all we need to know. Your right, we aren’t lawyers and wading through the legislations would take all the summer holidays. Here is a super essence of the laws that I think can answer any of the exam questions to date but I’m sure others will think of more important points:

Privacy Act 1988 – Applies to federal government organisations, health organisations, companies that sell collected data and all companies that turn over more than $3 million a year (although VCAA examiners imply that smaller organisations should follow the act anyway otherwise customers will get upset with you). Here is a summary of the privacy principles from RMIT:
https://www.google.com.au/url?sa=t&rct=j&q=&esrc=s&source=web&cd=6&ved=0ahUKEwiv3KXo07bJAhVFnqYKHXJ-BPMQFgg1MAU&url=https%3A%2F%2Fwww.dlsweb.rmit.edu.au%2Ftoolbox%2Ffinservretail%2Fcomp%2Fprivacy.doc&usg=AFQjCNH8PKLDZFchsYAZ3CqlgRz62Lc9Lg

The amendments in 2012 don’t seem to change much, however, I could see a question on the “foreign websites” component. Here is a summary I found that is readable:
https://www.pof.com.au/changes-to-the-privacy-act-come-into-effect-12-march-2014/


The Privacy and Data Protection Act 2014 (VIC) looks like it just replaces the Information Privacy Act 2000 that was in the old study design. It is essentially the same as the Privacy act but applies to Vic Gov entities like public schools and Vic local councils. Here is another nice summary from Mansfield Shire:
http://www.mansfield.vic.gov.au/councilservices/governance/privacy-and-data-protection-act.aspx
I think it’s good to know the difference between personal and sensitive information.

Health Records Act 2001
Follow privacy principles, know about sensitive information AND be aware that medical data can be passed on for research purposes provided all data identifying an individual has been removed.

Spam Act 2003 (Federal)

-          No unsolicited material from commercial organsiations

-          Organisations sending e-mail / sms etc must identify themselves

-          Must have an unsubscribe link / ability.

Charter of Human Rights 2006 (VIC)
Again, you have a right to privacy.
Everyone is entitled to their opinion/beliefs and free speech except if their actions impact on other people’s entitlement to their opinion/beliefs.

Copyright Act (1968)
-Copyright is automatic in Australia
-You cannot use other people’s/organisations work without permission
-If you create something as part of your job, your employer owns the copyright and you can’t take what you have created elsewhere.
(I think this might even include if you made an amazing Software Development Program for a SAC and submitted it, the Department of Education then owns it??) Good to discuss anyway.

I think that is enough for the students. We aren’t lawyers and this isn’t a law subject so I wouldn’t get bogged down in jargon. Hope this helps.
I think in answer to your question 1: Informatics U3O2
Interactions and impact
• key legal requirements for storage and communication of data and information, including privacy, intellectual
property and human rights requirements

To me your privacy relies on all the privacy acts plus the spam act, and intellectual property relies on the copyright act. So that’s everything in the glossary.

For unit 4 we need to cover how to keep data safe and one reason for doing that is that it is a privacy principle and covered by the privacy laws.

Cheers,

Heath Matheson
Mount Beauty Secondary College
(Marcellin Old Boy)

From: informatics-bounces at edulists.com.au [mailto:informatics-bounces at edulists.com.au] On Behalf Of Natalie H
Sent: Saturday, 28 November 2015 10:41 AM
To: Year 12 VCE Informatics Teachers' Mailing List
Subject: [Informatics] Query about privacy laws

Hi all,

Great session yesterday - I really enjoyed getting my head around a few things. I did not particularly enjoy the headache afterwards as my brain tried to sort it all out :-/

I have a query about the privacy laws. It took me a while to sort out how to approach them in the old study design (not having studied law, just do my best to obey it!), and now I'm confused again.

Firstly, the glossary has an entry "For the purposes of this study the key provisions of the following acts are relevant: Privacy Act 1988, including Privacy Amendment (Enhancing Privacy Protect) Act 2012, Privacy and Data Protection Act 2014, Health Records Act 2001, Copyright Act 1968, Charter of Human Rights and Responsibilities Act 2006 (VIC) (sections 13, 14 and 15), and the Spam Act 2003 (Part 1.3, Simplified outline)."

I know that anything in glossary is a go-zone for exams, but what if the study itself doesn't refer to one of them? eg Informatics doesn't refer to the Spam Act or the Charter at all. I know that ITA students never had to worry about creating UCDs or an SRS even though they were technically in the glossary, but I've got my worrying hat on.

Question 1: Do ALL unit 3-4 students need to know about ALL of the legislation in the glossary?

If you're still reading, how about this? In Informatics U3O2, we have "Interactions and impact [dot point 1]  -key legal requirements for storage and communication of data and information, including privacy, intellectual property and human rights requirements"
Now, does this mean that students only need to know about these in a generic sense? Only SD refers explicitly to the Copyright Act. In other words, can a student mumble a few words about copyright and get credit for that?

Question 2: How much detail do students need if the KK points do not make specific reference to a law?

And lastly, (I don't post often, but when I do I go on a bit - sorry!!) could someone please give me the idiot's guide to the privacy laws? what I'm specifically after is what's new in the Privacy Amendment, and anything telling me about what the Privacy and Data Protection Act is about. I've made in the order of eleventy-six attempt to read the legislation (including their so-called "fact sheets") and didn't get very far. Informatics U4O2 has "Interactions and impact [dot point 3]  -key legislation that affects how organisations control the storage and disposal of their data and information: the Privacy Act 1988, the Privacy and Data Protection Act 2014, and the Health Records Act 2001" so I think I need to understand this!

I am assuming that the Privacy Act isn't much different, and same for the Health Records Act.

Question 3: When is each of the Privacy Act, Privacy and Data Protection Act, Health Records Act invoked, and what do they cover?

Sorry to carry on, but it's been getting to me for a while now. A lunchtime chat yesterday was helpful in that I know I'm not alone in this. I'd like to get my head around this so that my students aren't limited by my own lack of knowledge, and I'm always telling them to ask for clarification if the need it!

Cheers,

Natalie Heath (Marcellin College)

Important - This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education and Training.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.edulists.com.au/pipermail/informatics/attachments/20151129/9398eae0/attachment-0001.html

More information about the informatics mailing list