Collection from the individual
Background21.11 NPP 1 obliges an organisation, where reasonable and practicable, to collect personal information about an individual only from that individual. The Revised Explanatory Memorandum to the Privacy Amendment (Private Sector) Bill 2000 acknowledges that there will be situations in which it would not be ‘reasonable and practicable’ to collect directly from an individual. It …
Publications
Read moreUnsolicited personal information
Background21.36 Agencies and organisations sometimes receive unsolicited personal information. This occurs where personal information is received by an agency or organisation that has taken no active steps to collect that information. This is increasingly common in the digital age where information can be transmitted easily and quickly.21.37 Sometimes unsolicited personal information received by an agency …
Publications
Read moreOther aspects of the ‘Collection’ principle
Location of notification requirements21.58 As noted above, the collection principles in both the NPPs and IPPs provide that, in certain circumstances, agencies and organisations must ensure that an individual whose personal information has been, or is to be, collected, is aware of a number of matters. One way of ensuring awareness is through notification. A …
Publications
Read moreExpanding the anonymity principle
Expansion of anonymity principle to agencies20.6 In accordance with NPP 8, wherever it is lawful and practicable, individuals must have the option of not identifying themselves when entering transactions with an organisation.[5] The Information Privacy Principles (IPPs), however, do not contain a comparable anonymity principle. Neither is such a provision set out in the Organisation …
Publications
Read moreApplication of the ‘Anonymity and Pseudonymity’ principle
‘Lawful and practicable’20.28 The requirement to provide the option for anonymity or pseudonymity is not absolute. In particular, under NPP 8, organisations are required to provide individuals with the option of not identifying themselves only where it is ‘lawful and practicable’. NPP 8 is also limited to situations where individuals are ‘entering into transactions’ with …
Publications
Read moreBackground
Role of consent in the privacy principles19.3 As stated above, consent is only relevant to the application of a some privacy principles. Consent is either framed as an exception to a general prohibition against personal information being handled in a particular way or as a basis to authorise the handling of personal information in a …
Publications
Read moreLevel of detail, guidance and protection
Background18.32 Existing models of privacy principles vary in the level of detail and guidance that they provide. For example, the OECD Guidelines are pitched at a high level—they are relatively broad and aspirational—while the Victorian health privacy principles are considerably more detailed and comprehensive.[32]18.33 An advantage of high-level principles is that they allow for greater …
Publications
Read moreTowards a single set of privacy principles
Background18.66 The ALRC considered whether it is preferable to maintain two separate sets of similar, but sometimes inconsistent, privacy principles, or to create a unified set of privacy principles.[77]18.67 The existence of two sets of privacy principles may cause difficulties for agencies and organisations seeking to comply with the Privacy Act. There are circumstances when …
Publications
Read moreScope and structure of Unified Privacy Principles
Scope of Unified Privacy Principles18.100 In considering the content of the privacy principles, the first question is: what should be the scope of the UPPs? In other words, should the scope of the UPPs match that of the IPPs, NPPs or both; or should the scope be narrower or broader?18.101 Taken together, the IPPs and …
Publications
Read moreState and territory regulators
17.37 In Australia there are multiple privacy regulators in particular industry sectors as well as across jurisdictions. As noted in Chapter 14, a number of issues may arise because more than one body is responsible for the regulation of personal information. 17.38 The Privacy Act and other federal legislation provide the Privacy Commissioner with a …
Publications
Read more