Towards a single data security principle
28.7 As noted above, agencies and organisations are subject to data security requirements under the IPPs and NPPs respectively. These principles, however, differ in two main respects. First, agencies are obliged to take steps to prevent the unauthorised use or disclosure of personal information that has been disclosed to a third party in connection with …
Publications
Read moreApplication of the ‘Data Quality’ principle to agencies
27.7 As is noted above, agencies presently are not subject to a discrete ‘Data Quality’ principle. In the Discussion Paper, Review of Australian Privacy Law (DP 72), the ALRC proposed that a single ‘Data Quality’ principle should apply to both agencies and organisations.[6]27.8 The proposal was supported almost unanimously by stakeholders.[7] The Public Interest Advocacy …
Publications
Read moreScope of the ‘Data Quality’ principle
Background27.11 The scope of the data quality requirements set out in the IPPs and the NPPs varies in a number of respects. First, the application of the IPPs and the NPPs to information outside the possession or control of an agency or organisation differs. Pursuant to NPP 3, organisations must take steps to ensure the …
Publications
Read moreBalancing data quality and other privacy interests
27.30 In its review of the private sector provisions of the Privacy Act (the OPC Review), the OPC noted that some organisations consider that their obligations under NPP 3 to keep personal information up-to-date and accurate are absolute, and could be used to justify intruding upon an individual’s privacy.[29] In other words, compliance with the …
Publications
Read moreCurrent coverage by IPPs and NPPs
26.9 The current rules in the Privacy Act on direct marketing differ between agencies and organisations. The Information Privacy Principles (IPPs) do not contain any provisions dealing explicitly with direct marketing by agencies. In contrast, the National Privacy Principles (NPPs) deal with the issue of direct marketing by organisations as part of the use and …
Publications
Read moreApplication of direct marketing principle to agencies
26.34 Before considering the content of the direct marketing principle, first it is necessary to consider what entities should be bound by the principle. Currently, organisations must comply with the direct marketing provisions in NPP 2.1(c) where direct marketing does not fall within one of the other limbs of the use and disclosure principle in …
Publications
Read moreRelationship between privacy principles and other legislation
Background26.49 This part of the chapter considers how the ‘Direct Marketing’ principle should relate to sectoral legislation that deals with particular types or aspects of direct marketing. For example, some aspects of telemarketing are regulated by the Do Not Call Register Act 2006 (Cth) and some aspects of email marketing are covered by the Spam …
Publications
Read moreContent of the ‘Direct Marketing’ principle
26.66 This part of this chapter considers the content of the ‘Direct Marketing’ principle. First, the distinction between existing customers and prospective customers is considered. Secondly, the ‘opt-out’ model is discussed. The extent to which specific provision should be made for children and young people in the ‘Direct Marketing’ principle is then addressed, and the …
Publications
Read moreLogging use and disclosure
25.169 In DP 72, the ALRC considered whether agencies or organisations should be required to record their use or disclosure of personal information when this occurs for a purpose other than the primary purpose of collection. In ALRC 22, the ALRC did not recommend that record-keepers be obliged to keep a log of all uses …
Publications
Read moreA single ‘Use and Disclosure’ principle
25.11 As noted above, the IPPs contain separate ‘use’ and ‘disclosure’ principles. In contrast, the NPPs, and the Organisation for Economic Co-operation and Development’s Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980) (OECD Guidelines), deal with use and disclosure in a single privacy principle.[6] 25.12 In assessing the merits of …
Publications
Read more