[Year 12 IPM] Privacy and 3 new "biometric" NPPs
tony at star.melb.catholic.edu.au
tony at star.melb.catholic.edu.au
Fri Jul 28 10:21:03 EST 2006
Fellow IP&M-ers,
I just received this email from Primedia.
It's an interesting read related to the Privacy Act with the
addition of 3 new NPPs covering the use of biometric information
that kicks in 1 Sept 2006.
Cheers,
TJ
===========================================================
PRIVACY MEDIA E-MAIL LIST
Office of the Privacy Commissioner
Networking for Privacy Solutions
http://www.privacy.gov.au
===========================================================
Dear Primedia member,
The Commissioner has issued the following Media Release. It is available @
http://www.privacy.gov.au/news/media/06_4.html
----Media Release: Privacy Commissioner approves Biometrics Institute
Privacy Code---
27 July 2006
Privacy Commissioner, Karen Curtis has approved the Biometrics Institute
Privacy Code, which comes into operation on 1 September 2006.
"I am pleased to announce that I have approved the Biometrics Institute
Privacy Code, submitted to my Office by the Biometrics Institute," said Ms
Curtis.
"This has been a long term project and I congratulate the Biometrics
Institute for their efforts in developing the Privacy Code.
"My Office will handle privacy complaints about organisations who volunteer
to be bound by the Code," said Ms Curtis.
The Code includes privacy standards that are at least equivalent to the
National Privacy Principles (NPPs) in the Privacy Act and also incorporates
higher standards of privacy protection in relation to:
certain acts and practices in relation to employee records that
otherwise would be exempt.
the addition of three new Supplementary Biometrics Institute
Privacy Principles 11, 12, and 13 in the Code:
o Principle 11 deals with the protection of biometric information and
in some ways supplements the data security obligations in NPP 4.
o Principle 12 includes some added notice requirements, restricts
some secondary uses without express free and informed consent and confers a
right to request the removal of biometric information from a system. These
obligations enhance NPP 1.3, NPP 1.5, NPP 2 and NPP 4.
o Principle 13 introduces an obligation of accountability through an
extra notice obligation, requires an audit of biometric systems to be
undertaken, introduces the concept of holistic privacy management in
relation to a biometric product or service, and mandates the use of privacy
impact assessments. These requirements augment NPP 1, NPP 4 and NPP 5.1.
the inclusion of specific requirements in the Code for code
subscribers to be aware of and take account of relevant national and
international standards for information protection and biometric systems.
The Biometrics Institute is a 'not for profit' entity with the purpose of
promoting the responsible use of and development of biometrics. The
Biometrics Institute Privacy Code is intended to cover organisations which
volunteer to be bound by the Code and which sell or use biometric services
and products.
Further information regarding the Biometrics Institute Privacy Code and
signatory organisations are available by contacting the Biometrics Institute.
Now that the Code has been registered on the Federal Register of
Legislative Instruments it will be entered into the Commissioner's register
of approved privacy codes on the Office's website.
Background
The Privacy Act establishes a framework in which organisations, or groups
of organisations, are able to develop their own privacy code for the
handling of personal information. The co-regulatory component in the
legislation is designed to allow for flexibility in an organisation's
approach to privacy while guaranteeing that consumers' personal information
is subject to minimum standards that are enforceable in law.
The Privacy Commissioner may only approve a code if it contains standards
that are at least the equivalent overall to the NPPs. Once a code has been
approved organisations can choose to be bound by the code and it will then
replace the NPPs for those organisations.
Regards
Office of the Privacy Commissioner
media at privacy.gov.au
You are subscribed to primedia as tony at star.melb.catholic.edu.au.
To unsubscribe, send a blank email to leave-primedia-17420F at list.privacy.gov.au
!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!
PRIVACY
Please note that as a subscriber to this list, your email address is known
to the Office of the Privacy Commissioner (OPC). The OPC is an Australian
Government Agency within the jurisdiction of the Privacy Act. The purpose
of this list is to advise members of relevant OPC media releases. Your
e-mail address or any other personal information collected will only be
used for the purpose for which it was collected and will not be disclosed
to any person, body or agency except where required by law.
!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!
_______________________________________
This email and any attachments may be
confidential and, if you are not the intended
recipient, you must not disclose or use the
information in this mail. If received in error,
please notify us immediately and delete the
email and all copies.
The college does not guarantee that this email
is virus free or error free. Any attached files are
provided and may only be used on the basis that
the user assumes all responsibility for any loss,
damage or consequence resulting directly or
indirectly from the use of the attached files, whether
caused by the negligence of the sender or not.
The content and opinions in this email are not
necessarily those of Star of the Sea College Inc.
More information about the ipm
mailing list