[Year 12 IT Apps] Privacy laws

Kevork Krozian K.Krozian at fhc.vic.edu.au
Tue Sep 21 10:52:32 EST 2010 

Hi Folks,

 Just looking at Checkpoints 2010 and Q3 in Ch 5 on Legal and Ethical responsibilities of Organisations :

Q3) A website that collects data from a user must display a privacy policy under the Privacy Act 1988. What information much be contained in the privacy policy ?
Suggested answer: a) the data to be gathered by the site
                             b) how the organisation intends to use the data
                             c) An option for the user to disallow the collected data to be used for other purposes.

 Now, under NPP 5,


5 Openness

5.1 An organisation must set out in a document clearly expressed policies on its management of personal information. The organisation must make the document available to anyone who asks for it.

5.2 On request by a person, an organisation must take reasonable steps to let the person know, generally, what sort of personal information it holds, for what purposes, and how it collects, holds, uses and discloses that information.



and NPP 2,

 

2 Use and disclosure

2.1 An organisation must not use or disclose personal information about an individual for a purpose (the secondary purpose) other than the primary purpose of collection unless:

(a) both of the following apply:

(i) the secondary purpose is related to the primary purpose of collection and, if the personal information is sensitive information, directly related to the primary purpose of collection;

(ii) the individual would reasonably expect the organisation to use or disclose the information for the secondary purpose; or

(b) the individual has consented to the use or disclosure; or



a long list follows ......



  I am just wondering if the original question has missed the point about;



  a) the nature of the organisation ... private or government ?

  b) if private, the issue about turnover required to be greater than $3 million per year

  c) no mention of trading in personal information  or collecting health information therefore more likely privacy laws do not apply if under $3 million

  d) An option for the user to disallow the collected data to be used for other purposes .... suggests disclosure for other purposes is the default position and the user has to make the effort to veto it rather than the other way around.







Kind Regards






Kevork Krozian
Digital Learning Manager
Forest Hill College
k.krozian at fhc.vic.edu.au<mailto:k.krozian at fhc.vic.edu.au>
Tel: 0419 356 034
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.edulists.com.au/pipermail/itapps/attachments/20100921/54069d26/attachment.html

More information about the itapps mailing list