Circumstances in which use and disclosure is permitted
25.29 Compared to some other principles in the Privacy Act, the principles relating to use and disclosure in each of the IPPs and NPPs adopt a prescriptive approach. They do not contain an overriding qualifier, such as permitting use or disclosure where it is ‘reasonable’ in the circumstances.[30] 25.30 The use and disclosure of personal …
Publications
Read moreAdditional exceptions?
Missing persons25.127 Concern has been expressed that the IPPs and NPPs do not cover adequately the disclosure of personal information to law enforcement authorities, and the use of the information by them, when undertaking functions that do not or may not involve a criminal offence or breach of the law but are nevertheless in the …
Publications
Read moreContent of a Privacy Policy
24.27 The openness requirements applicable to agencies and organisations differ. NPP 5 imposes a general obligation on an organisation to maintain a document setting out ‘clearly expressed policies on its management of personal information’, whereas IPP 5 takes a more prescriptive approach. As noted above, IPP 5 lists the specific matters that must be included …
Publications
Read moreAvailability of Privacy Policy
24.62 The NPPs and IPPs differ in that IPP 5 requires a record-keeper to take reasonable steps to enable an individual to ascertain specified matters regardless of whether the individual has made a request, whereas the corresponding obligation in NPP 5 only applies to an organisation following a request by an individual. Submissions and consultations24.63 …
Publications
Read moreShort form privacy notices
Background24.75 A short form privacy notice is a summary of an agency’s or organisation’s practices for the management of personal information. By creating a short form privacy notice, an agency or organisation will not necessarily fulfil its obligations under the openness principle. Such a notice can be useful, however, in assisting individuals to understand quickly, …
Publications
Read moreA separate ‘Openness’ principle
24.5 The ALRC has considered whether the requirements relating to openness should continue to be dealt with in a discrete privacy principle. As noted in Chapter 23, in response to the Issues Paper, Review of Privacy (IP 31), some stakeholders expressed the view that the notification and openness requirements should be located within the same …
Publications
Read moreRegulatory mechanism: ‘Privacy Policies’
24.14 The IPPs and NPPs set out different regulatory mechanisms by which openness is to be achieved. Currently, agenciesare requiredto: take such steps as are, in the circumstances, reasonable to enable any person to ascertain specified matters;[11]maintain a record setting out a number of matters relating to the agency’s handling of personal information;[12] andmake the …
Publications
Read moreSubject matter of notification
23.95 Many individuals find general privacy notices confusing, too long and difficult to relate to their particular situation.[116] Professor Fred Cate has criticised modern privacy notices, by stating:Notices are frequently meaningless because individuals do not see them or choose to ignore them, they are written in either vague or overly technical language, or they present …
Publications
Read moreLocation of notification requirements: separate principle?
23.5 The ALRC examined whether the notification requirements in the model Unified Privacy Principles (UPPs) should be set out in the ‘Collection’ principle, or dealt with in a separate privacy principle.23.6 There is precedent for dealing with notification requirements in a separate privacy principle. Notification is treated as a separate privacy principle, for example, in …
Publications
Read moreNature and timing of notification obligation
23.17 The current obligations in the IPPs and NPPs do not refer specifically to an obligation to notify individuals. The obligation is to take steps to ensure that an individual is aware of specified matters. 23.18 An agency is currently obliged to take such steps before it collects personal information or, if that is not …
Publications
Read more