Application of the ‘Anonymity and Pseudonymity’ principle
‘Lawful and practicable’20.28 The requirement to provide the option for anonymity or pseudonymity is not absolute. In particular, under NPP 8, organisations are required to provide individuals with the option of not identifying themselves only where it is ‘lawful and practicable’. NPP 8 is also limited to situations where individuals are ‘entering into transactions’ with …
Publications
Read moreBackground
Role of consent in the privacy principles19.3 As stated above, consent is only relevant to the application of a some privacy principles. Consent is either framed as an exception to a general prohibition against personal information being handled in a particular way or as a basis to authorise the handling of personal information in a …
Publications
Read moreA separate privacy principle dealing with consent?
Background19.69 As noted above, consent is not a discrete privacy principle, although it plays a key role in the application of other privacy principles—namely those regulating the collection of sensitive information, use and disclosure, and cross-border data flows. While many jurisdictions do not deal separately with the concept of consent, some, like Canada and Germany,[96] …
Publications
Read moreLevel of detail, guidance and protection
Background18.32 Existing models of privacy principles vary in the level of detail and guidance that they provide. For example, the OECD Guidelines are pitched at a high level—they are relatively broad and aspirational—while the Victorian health privacy principles are considerably more detailed and comprehensive.[32]18.33 An advantage of high-level principles is that they allow for greater …
Publications
Read moreTowards a single set of privacy principles
Background18.66 The ALRC considered whether it is preferable to maintain two separate sets of similar, but sometimes inconsistent, privacy principles, or to create a unified set of privacy principles.[77]18.67 The existence of two sets of privacy principles may cause difficulties for agencies and organisations seeking to comply with the Privacy Act. There are circumstances when …
Publications
Read moreApplication of the Unified Privacy Principles
Background18.90 What is the extent of the application of the UPPs? In particular, when can they be displaced by other obligations concerning the handling of personal information?18.91 Under the ALRC’s recommended regulatory model, regulations, consistent with the objects of the Privacy Act, can be introduced to provide greater specificity and certainty in regulating privacy in …
Publications
Read moreScope and structure of Unified Privacy Principles
Scope of Unified Privacy Principles18.100 In considering the content of the privacy principles, the first question is: what should be the scope of the UPPs? In other words, should the scope of the UPPs match that of the IPPs, NPPs or both; or should the scope be narrower or broader?18.101 Taken together, the IPPs and …
Publications
Read more‘Required or authorised by or under law’
16.2 An act or practice ‘required or authorised by or under law’ is an exception (the ‘required or authorised exception’) to a number of the Information Privacy Principles (IPPs) and the National Privacy Principles (NPPs).[1] For example, IPP 11(1)(d) provides that a record-keeper may disclose personal information to a person, body or agency if the …
Publications
Read moreAccess, correction and annotation
15.23 Both the FOI Act and the Privacy Act enable individuals to obtain access to, correct and annotate their own personal information held by agencies. The ALRC notes that different terminology is used in the Privacy Act and the FOI Act with respect to the correction of personal information.[37] In the interest of consistency with …
Publications
Read moreWhat is identity theft?
12.3 While there is widespread concern about identity theft and its impact on privacy, there is little consensus about the definition of the term ‘identity theft’. Commentators, legislators and policy makers tend to use the terms ‘identity crime’, ‘identity fraud’ and ‘identity theft’ in differing ways and, at times, interchangeably. 12.4 In this Report, ‘identity …
Publications
Read more