Interaction with the ‘Use and Disclosure’ principle
31.177 Under the NPPs, an organisation that wants to transfer personal information outside Australia needs to determine whether the disclosure of that information to someone outside Australia will comply with NPP 2 (the Use and Disclosure principle). The organisation then needs to determine whether the transfer will satisfy at least one of the conditions set …
Publications
Read moreDefinition of ‘transfer’
31.182 The ALRC also examined whether it would be useful to distinguish the term ‘transfer’ from the terms ‘use’ and ‘disclosure’. One option for dealing with this issue is to define ‘transfer’ in the Privacy Act to include the situation where personal information is stored in Australia in such a way that allows it to …
Publications
Read moreList of overseas jurisdictions
31.206 The Privacy Act does not provide a definition of what constitutes a ‘substantially similar’ set of principles for the purposes of NPP 9(a).[314] The OPC Review noted that stakeholders had expressed frustration at the lack of guidance regarding the countries whose laws provide adequate protection equivalent to the NPPs. In this situation the onus …
Publications
Read moreInternational privacy protection
31.11 In order to ensure that Australian organisations are not disadvantaged in the international market, Australia must be able to meet the international community’s expectations of privacy protection while not impeding the free flow of information across borders. In this section, international models of data protection are outlined. European Union Data Protection Directive31.12 The EU …
Publications
Read moreCurrent coverage of cross-border data flows
Extraterritorial operation of the Privacy Act31.71 Section 5B of the Privacy Act applies the Act (and approved privacy codes) to acts done, or practices engaged in, outside Australia by an organisation, if the act or practice relates to personal information about an Australian citizen or permanent resident and either the organisation:is linked to Australia by …
Publications
Read moreContent of the model ‘Cross-border Data Flows’ principle
Accountability31.93 Professor Greenleaf, Nigel Waters and Associate Professor Lee Bygrave submitted that the six conditions under NPP 9 will generally be sufficient to allow any legitimate transfer overseas of personal information, even when those transfers may harm the interests of the data subjects concerned. They argued that data exporters should remain liable for breaches of …
Publications
Read moreRegulation of Tax File Numbers
Background to the enhanced TFN scheme30.130 In May 1988, following the demise of the Australia Card scheme, the then Treasurer, the Hon Paul Keating MP, announced that the Australian Government intended to introduce an enhanced TFN scheme.[194] In 1988, legislation establishing such a scheme was passed.[195] 30.131 Before 1988, TFNs were simply numbers used by …
Publications
Read moreIs there a need for an ‘Identifiers’ principle?
30.12 A threshold issue is whether it is necessary to retain a separate principle to regulate the use of identifiers. There is an argument that the collection, use and disclosure of identifiers could be accommodated within the privacy principles that deal with those aspects of the information cycle. For example, the proscription in NPP 7 …
Publications
Read moreApplication of ‘Identifiers’ principle to agencies?
30.24 Currently, agencies are not subject to a provision regulating the adoption, use and disclosure of identifiers. In contrast, some state and territory legislation regulates the assignment, adoption, use and disclosure of identifiers by public sector bodies. Under this legislation, the assignment, adoption, use and disclosure of identifiers by public sector bodies is generally prohibited …
Publications
Read moreDefinition of ‘identifier’
30.39 The definition of an ‘identifier’ in NPP 7 does not describe what an identifier is, only that it includes a number assigned by an organisation to an individual. The OPC Guidelines to the National Privacy Principles, however, set out a definition of ‘identifier’:A Commonwealth government identifier is a unique combination of letters and numbers, …
Publications
Read more