Availability of Privacy Policy
24.62 The NPPs and IPPs differ in that IPP 5 requires a record-keeper to take reasonable steps to enable an individual to ascertain specified matters regardless of whether the individual has made a request, whereas the corresponding obligation in NPP 5 only applies to an organisation following a request by an individual. Submissions and consultations24.63 …
Publications
Read moreShort form privacy notices
Background24.75 A short form privacy notice is a summary of an agency’s or organisation’s practices for the management of personal information. By creating a short form privacy notice, an agency or organisation will not necessarily fulfil its obligations under the openness principle. Such a notice can be useful, however, in assisting individuals to understand quickly, …
Publications
Read moreA separate ‘Openness’ principle
24.5 The ALRC has considered whether the requirements relating to openness should continue to be dealt with in a discrete privacy principle. As noted in Chapter 23, in response to the Issues Paper, Review of Privacy (IP 31), some stakeholders expressed the view that the notification and openness requirements should be located within the same …
Publications
Read moreRegulatory mechanism: ‘Privacy Policies’
24.14 The IPPs and NPPs set out different regulatory mechanisms by which openness is to be achieved. Currently, agenciesare requiredto: take such steps as are, in the circumstances, reasonable to enable any person to ascertain specified matters;[11]maintain a record setting out a number of matters relating to the agency’s handling of personal information;[12] andmake the …
Publications
Read moreSubject matter of notification
23.95 Many individuals find general privacy notices confusing, too long and difficult to relate to their particular situation.[116] Professor Fred Cate has criticised modern privacy notices, by stating:Notices are frequently meaningless because individuals do not see them or choose to ignore them, they are written in either vague or overly technical language, or they present …
Publications
Read moreLocation of notification requirements: separate principle?
23.5 The ALRC examined whether the notification requirements in the model Unified Privacy Principles (UPPs) should be set out in the ‘Collection’ principle, or dealt with in a separate privacy principle.23.6 There is precedent for dealing with notification requirements in a separate privacy principle. Notification is treated as a separate privacy principle, for example, in …
Publications
Read moreNature and timing of notification obligation
23.17 The current obligations in the IPPs and NPPs do not refer specifically to an obligation to notify individuals. The obligation is to take steps to ensure that an individual is aware of specified matters. 23.18 An agency is currently obliged to take such steps before it collects personal information or, if that is not …
Publications
Read moreCircumstances in which notification obligations arise
23.35 The specific content of notification obligations to be imposed on agencies and organisations is discussed separately below. In general terms these address the fact, and purposes, of collection; usual disclosure practices; and an individual’s rights relating to his or her personal information.23.36 An initial question that arises, however, is in what circumstances should an …
Publications
Read moreCollection of sensitive information
Current coverage by IPPs and NPPs22.9 The IPPs do not regulate the collection of sensitive information separately from other forms of personal information. In contrast, NPP 10 regulates separately and specifically the collection of sensitive information. It prohibits the collection of such information, except in certain identified circumstances. NPP 10.1 provides that sensitive information can …
Publications
Read moreRegulation of other aspects of handling sensitive information
Background22.76 As noted above, the IPPs do not impose special restrictions on the collection of sensitive information; nor do they distinguish between the treatment of sensitive information and non-sensitive personal information at other stages of the information cycle such as use, disclosure, access and disposal. Guidelines issued by the OPC acknowledge expressly that where sensitive …
Publications
Read more