Level of detail, guidance and protection
Background18.32 Existing models of privacy principles vary in the level of detail and guidance that they provide. For example, the OECD Guidelines are pitched at a high level—they are relatively broad and aspirational—while the Victorian health privacy principles are considerably more detailed and comprehensive.[32]18.33 An advantage of high-level principles is that they allow for greater …
Publications
Read moreTowards a single set of privacy principles
Background18.66 The ALRC considered whether it is preferable to maintain two separate sets of similar, but sometimes inconsistent, privacy principles, or to create a unified set of privacy principles.[77]18.67 The existence of two sets of privacy principles may cause difficulties for agencies and organisations seeking to comply with the Privacy Act. There are circumstances when …
Publications
Read moreApplication of the Unified Privacy Principles
Background18.90 What is the extent of the application of the UPPs? In particular, when can they be displaced by other obligations concerning the handling of personal information?18.91 Under the ALRC’s recommended regulatory model, regulations, consistent with the objects of the Privacy Act, can be introduced to provide greater specificity and certainty in regulating privacy in …
Publications
Read moreScope and structure of Unified Privacy Principles
Scope of Unified Privacy Principles18.100 In considering the content of the privacy principles, the first question is: what should be the scope of the UPPs? In other words, should the scope of the UPPs match that of the IPPs, NPPs or both; or should the scope be narrower or broader?18.101 Taken together, the IPPs and …
Publications
Read more‘Required or authorised by or under law’
16.2 An act or practice ‘required or authorised by or under law’ is an exception (the ‘required or authorised exception’) to a number of the Information Privacy Principles (IPPs) and the National Privacy Principles (NPPs).[1] For example, IPP 11(1)(d) provides that a record-keeper may disclose personal information to a person, body or agency if the …
Publications
Read moreAccess, correction and annotation
15.23 Both the FOI Act and the Privacy Act enable individuals to obtain access to, correct and annotate their own personal information held by agencies. The ALRC notes that different terminology is used in the Privacy Act and the FOI Act with respect to the correction of personal information.[37] In the interest of consistency with …
Publications
Read moreWhat is identity theft?
12.3 While there is widespread concern about identity theft and its impact on privacy, there is little consensus about the definition of the term ‘identity theft’. Commentators, legislators and policy makers tend to use the terms ‘identity crime’, ‘identity fraud’ and ‘identity theft’ in differing ways and, at times, interchangeably. 12.4 In this Report, ‘identity …
Publications
Read moreGenerally available publications
11.26 Personal information about a substantial number of people is available from public sources such as electoral rolls, court records, state registers of births, deaths and marriages, annual reports and newspapers. This information may be of interest to people for a multitude of reasons. For example, it may be of interest to: people engaged in …
Publications
Read moreOversight powers of the OPC
Research and monitoring10.33 The OPC has two research and monitoring functions that are relevant to the regulation of new and developing technologies. These are to:conduct research and monitoring into data processing and computer technology (including data-matching and data-linkage) to ensure that any adverse effects of such developments on the privacy of individuals are minimised, and …
Publications
Read moreTechnology-specific guidance on the application of the model UPPs
10.49 In IP 31, the ALRC asked whether the privacy principles should be amended to deal with the impact of developing technology on privacy.[63] In DP 72, the ALRC expressed the view that these issues should not be covered in the model UPPs, but instead could form the subject of technology-specific guidance. 10.50 As noted …
Publications
Read more