Is there a need for an ‘Identifiers’ principle?
30.12 A threshold issue is whether it is necessary to retain a separate principle to regulate the use of identifiers. There is an argument that the collection, use and disclosure of identifiers could be accommodated within the privacy principles that deal with those aspects of the information cycle. For example, the proscription in NPP 7 …
Publications
Read moreApplication of ‘Identifiers’ principle to agencies?
30.24 Currently, agencies are not subject to a provision regulating the adoption, use and disclosure of identifiers. In contrast, some state and territory legislation regulates the assignment, adoption, use and disclosure of identifiers by public sector bodies. Under this legislation, the assignment, adoption, use and disclosure of identifiers by public sector bodies is generally prohibited …
Publications
Read moreDefinition of ‘identifier’
30.39 The definition of an ‘identifier’ in NPP 7 does not describe what an identifier is, only that it includes a number assigned by an organisation to an individual. The OPC Guidelines to the National Privacy Principles, however, set out a definition of ‘identifier’:A Commonwealth government identifier is a unique combination of letters and numbers, …
Publications
Read moreContent of privacy principle dealing with identifiers
Use and disclosure for the purpose of identity verification30.65 An issue that arose in response to DP 72 was whether the proposed ‘Identifiers’ principle would prevent an agency or organisation from using or disclosing an identifier for the purpose of identity verification.[89] The AGD submitted that:Identifiers are critical for the operation of identity management and …
Publications
Read moreMulti-purpose identifiers
30.105 This section discusses identifiers assigned to individuals by governments for use by multiple government agencies and organisations (multi-purpose identifiers). The section commences by providing an overview of concerns that have been expressed about the impact on privacy of multi-purpose identifiers. It then examines the history of identification schemes in Australia before discussing the recently …
Publications
Read moreAnnotation of disputed information
29.133 Where the correctness of personal information is the subject of dispute, the IPPs and the NPPs provide individuals with the right to have the information annotated. 29.134 The IPPs and NPPs, however, deal with this issue slightly differently. IPP 7 states that, in the event that there is a disagreement about correction, the record-keeper …
Publications
Read moreProcedural requirements for access and correction requests
29.139 Where an individual exercises his or her right to obtain access to, and correction of, personal information, the agency or organisation that holds the information must comply with a number of procedural requirements. For organisations, these requirements are set out in NPP 6. NPP 6.4, for example, limits the charge that an organisation can …
Publications
Read moreAccess to personal information: exceptions
29.37 The IPPs and the NPPs place obligations on agencies and organisations to provide individuals with access to personal information that they hold about the individuals, unless a specific exception applies. There are a number of differences, however, between these exceptions. Questions therefore arise about:whether the ‘Access and Correction’ principle in the model UPPs should …
Publications
Read moreAccess to personal information: intermediaries
Background29.65 NPP 6.3 currently requires an organisation that has lawfully denied an individual access to his or her personal information to considerproviding access to the information to a mutually agreed third party intermediary. The object behind this provision was explained in the Explanatory Memorandum and other material accompanying its introduction:[NPP 6.3] is not intended to …
Publications
Read moreCorrection of personal information
Background29.83 Where an agency or organisation holds incorrect personal information about an individual, in most circumstances the individual has the right to have this information corrected.29.84 Under IPP 7.1, an agency that has possession or control of a record containing personal information must take reasonable steps by way of making appropriate corrections, deletions and additions …
Publications
Read more