White SW Computer Law
|Intellectual Property, Information Technology & Telecommunications Lawyers|
Melbourne Office - PO Box 452, COLLINS STREET WEST Victoria 8007 Australia
Sydney Office - GPO Box 2506, SYDNEY New South Wales 2001 Australia
Telephone: Melbourne Office - +61 3 9629 3709 Sydney Office - +61 2 9233 2600
Facsimile: Melbourne Office - +61 3 9629 3217 Sydney Office - +61 2 9233 3044
Email: firstname.lastname@example.org Internet: http://www.computerlaw.com.au
The Privacy Act 1988 (Cth) ( “the Privacy Act” ) applies to Commonwealth government departments and agencies and the private sector.
The Privacy Act sets out, amongst other things:
The Privacy Act states that “personal information”: means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.”
The NPPs set out the minimum privacy standards for organisations.
The Privacy Act defines an organisation as:
that is not a small business operator, a registered political party, an agency (defined as a Commonwealth government body or authority), a State or Territory authority or a prescribed instrumentality of a State or Territory.
The Privacy Act defines a small business as a business with a turnover of less that $3 million per year.
An organisation must comply with either:
If a person believes that you are in breach of one or more of the NPPs, they may lodge a complaint with the Privacy Commissioner.
The Privacy Commissioner will not usually investigate a complaint until it has first been formally raised with the person that is alleged to have breached the NPPs.
If this fails to resolve the matter, the Privacy Commissioner will investigate the complaint and attempt to negotiate a settlement between the parties.
The Privacy Commissioner may require the parties to attend a compulsory conference in order to either facilitate settlement or further investigate the matter.
After investigating the complaint the Privacy Commissioner may make a determination that:
You are required to keep a record of each disclosure made. You should record:
Organisations that store personal information should ensure that they review their policies in relation to the storage and maintenance of such information and develop in-house policies as to how such information may be accessed and used.
All staff should be trained in the required procedures, before the obligations under the Privacy Act come into effect to ensure your organisation’s compliance.
This article is a guide only and should not be used as a substitute for proper legal advice, readers should make their own enquires and seek appropriate legal advice.