Privacy morwell june 09


Published on

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • The purpose of this session is to introduce you to the topic of privacy and records management laws. The first part of the session considers the context for privacy laws in the regions. I’ll briefly give an overview of the concept of ‘information privacy’ and the main exemptions which are relevant to core business in the regions. This will be followed by an in depth discussion of the collection and use and disclosure principles. I will also discuss the rest of the 10 information principles which set the standards for the handling of personal information that Victorian public sector organisations must comply with. The remainder of the session focuses on record management laws and the final slide contains details about where to go for help about information privacy, records management and freedom of information laws.
  • Section 10 exempts courts and tribunals from compliance with the IPPs in relation to the exercise of judicial and quasi-judicial functions. Staff of court registries, or other offices pertaining to a court or tribunal are also covered by the exemption for maters which relate to judicial and quasi-judicial functions. Other functions like Human Resources issues including recruitment processes are covered. Judges, magistrates and other persons are free from privacy laws to act independently, use their discretion, and conduct proceedings in the way they see fit. Quasi-judicial means court like. It describes the actions of non-judicial bodies, such as administrative agencies and how they exercise their functions and powers in a judicial manner”. An example of exercising quasi-judicial power is when a body makes a decision as to the exercise of a discretion after consideration has been given to all relevant evidence. Disciplinary proceedings of boards or regulatory bodies, for example, can be quasi judicial. For example, the Liquor Licensing Board. The Privacy Commissioner in InfoSheet 02.06 Exemptions from the Information Privacy Act has provided some guidance. He has stated that a court registry’s handling of its case records and other documents filed by parties for the purposes of proceedings are likely to be matters which relate to judicial functions and therefore be exempt from the IPPs.
  • This presentation provides a very brief introduction to privacy and records management laws. Additional information and resources are available on J-NET and the website of the Victorian Privacy Commissioner.
  • Privacy morwell june 09

    1. 1. Introduction to Privacy La Trobe Valley Law Courts Centre Morwell “ Privacy Matters” 26 June 2009
    2. 2. Learning Objectives <ul><li>Today you will hear about Victorian privacy and </li></ul><ul><li>records management requirements </li></ul><ul><li>This session will better equip you to understand: </li></ul><ul><li>collection, use & disclosure, management and access to personal information; </li></ul><ul><li>principles for privacy management in the department; and </li></ul><ul><li>where to go for privacy related help . </li></ul>
    3. 3. Key Message <ul><li>Adopt traffic light approach </li></ul><ul><li>Don’t have a legitimate work reason for collecting / sharing/ looking up information. STOP! </li></ul><ul><li>I may need the information so that maybe I can better manage client (offender/prisoner/applicant/respondent) SEEK ADVICE FROM DEPUTY REGISTRAR/REGISTRAR OR PRIVACY TEAM. </li></ul><ul><li>I am collecting /disclosing information so that I can successfully fulfill my role. GO AHEAD! </li></ul>
    4. 4. Open Justice “ NZ Law Reform Commission ” Media Reports Case Reports Public access to information the Court uses to come to its decision Court Mentions Court hearing to which any member of the public can attend
    5. 5. Open justice? <ul><li>Judicial accountability </li></ul><ul><li>Public confidence in the administration of justice </li></ul>
    6. 6. The exceptions <ul><li>Suppression – if a public hearing could hinder the administration of Justice </li></ul><ul><li>Where need to protect the vulnerable e.g. adoption matters/ family court matters </li></ul><ul><li>Parliament [ not the judiciary] has set some boundaries </li></ul>
    7. 7. Parliamentary Boundaries <ul><li>Examples: </li></ul><ul><li>Magistrates Court Act </li></ul><ul><li>Evidence Act </li></ul><ul><li>Supreme Court Act </li></ul><ul><li>Decisions of cabinet e.g. ICMS / CourtLink Program </li></ul>
    8. 8. Records <ul><li>Paper </li></ul><ul><ul><li>Daily Law Lists </li></ul></ul><ul><li>Court Extracts </li></ul><ul><li>Electronic </li></ul><ul><ul><li>Databases </li></ul></ul><ul><ul><li>Courtlink </li></ul></ul>
    9. 9. Access to records versus privacy <ul><li>Section 10 of the Information Privacy </li></ul><ul><li>Courts are public sector agencies: S 9(1)(g) or (h) or (s) of IPA & equivalent provisions in s 10 of HRA </li></ul><ul><li>BUT </li></ul><ul><li>S 10 of IPA will apply to staff of Courts carrying out hearings & judicial inquiries </li></ul>
    10. 10. Key exemption for Court’s <ul><li>Courts & Tribunals are partially exempted from privacy laws in exercising their judicial or quasi-judicial functions. </li></ul>Are human resources functions covered? What about filming inside a court room? Would a court-issued subpoena be a judicial function?
    11. 11. Personal Information <ul><li>What is it? </li></ul><ul><li>Recorded information or opinion which directly or indirectly identifies a person, such as: </li></ul><ul><li>- prisoner name </li></ul><ul><li>CRN </li></ul><ul><li>DOB </li></ul><ul><li>photograph </li></ul><ul><li>prisoner correspondence </li></ul><ul><li>recorded phone conversations </li></ul><ul><li>Always de-identify when you can </li></ul>
    12. 12. <ul><li>PRIVACY GAME - IDENTIFY ME! </li></ul>
    13. 13. Identify Me! <ul><li>Split into 2 teams </li></ul><ul><li>Time limit – 5 minutes </li></ul><ul><li>Each team has a list of 20 famous identities </li></ul><ul><li>Team A goes first and has to get Team B to correctly guess the famous person on their list, by giving clues but cannot name any names </li></ul><ul><li>A correct answer will score Team A with 1 point and they will move on to the next person on their team and the next identity on the list </li></ul><ul><li>Teams can pass, but they will lose 1 point </li></ul><ul><li>If names are disclosed, the team will be buzzed out and will have to move on to the next team member </li></ul><ul><li>The team with the most points after one round each will be the winner </li></ul>
    14. 14. Issues with secondary use <ul><li>Should users of court and correctional services be sentenced to google? </li></ul><ul><li>Should users be subjected to greater physical risk? </li></ul><ul><li>Do particular services have unique considerations e.g. drug court, koori Court? </li></ul>
    15. 15. Courts & Tribunals grappling with issue <ul><li>Victorian County Court review access to court records in light of privacy concerns [ February 2006] </li></ul><ul><li>considerations to limit identification of those involved in matters, such as: </li></ul><ul><li>amending sentences and judgments so that non-essential personal information about witnesses or a party not be released </li></ul><ul><li>not disclosing witnesses' names in full or at all </li></ul><ul><li>imposing lengthy procedures by which requests for statistical or research data can be obtained, and </li></ul><ul><li>limiting access so that non-parties may not view criminal or appeal files without an order of the Court </li></ul>
    16. 16. Protecting Privacy in a Court context <ul><li>Suppressed files mean suppressed </li></ul><ul><li>Sealed records mean sealed </li></ul><ul><li>File management – are files returned to agencies? </li></ul><ul><li>Differentiate between access of records only at Courthouse versus access online </li></ul><ul><li>Subscriber only service eg. Courtlink </li></ul><ul><li>Query bulk requests </li></ul>
    17. 17. Case Studies <ul><li>Complaint that court record is online </li></ul><ul><li>Complaint that photos released to the Media </li></ul><ul><li>Coroner’s Court records found in dumpster </li></ul><ul><li>Transmission errors e.g. records faxed to department stores, emails sent to wrong people </li></ul>
    18. 18. Principles to Remember <ul><li>Collect It – collect only what you need to manage your client. Tell them what you are doing </li></ul><ul><li>Share It – always have authority to exchange information </li></ul><ul><li>Store It – manage your files appropriately to stop information from leaking </li></ul><ul><li>Bin It – suitably dispose of copies of records you no longer need. Shred all copies of sensitive information where possible </li></ul>
    19. 19. What action do I take when there is a privacy breach? Alleged privacy breach Report via chain of command Containment measures at location Provide summary of complaint / breach to Exec Services
    20. 20. Hmmmm … <ul><li>The things most people want to know about are usually none of their business. </li></ul><ul><li>George Bernard Shaw - Esteemed Playwright (1856-1950) </li></ul><ul><li>Remember, privacy once lost cannot be regained! </li></ul>
    21. 21. <ul><li>PRIVACY SCENARIOS </li></ul>
    22. 22. <ul><li>What are the privacy issues in scenario 1? </li></ul>
    23. 23. Privacy Issues in Scenario 1 <ul><li>File left on desk unprotected – </li></ul><ul><li>Remember – store it! </li></ul><ul><li>Disclosure of information over the phone – </li></ul><ul><li>Remember Share it! </li></ul><ul><li>Centrelink information displayed on post-it </li></ul><ul><li>Remember Store it! </li></ul><ul><li>Office gossip </li></ul>
    24. 24. <ul><li>What actions (if any) did Brent or Amira take that was not considered inappropriate? </li></ul>
    25. 25. <ul><li>Google – is this a privacy breach? </li></ul><ul><li>NO </li></ul><ul><li>It is in the public domain </li></ul><ul><li>It can be publicly accessed </li></ul>
    26. 26. <ul><li>If you were the privacy officer, what action would you take if Billie reported the issue to you? </li></ul>
    27. 27. <ul><li>Further action </li></ul><ul><li>Report to manager </li></ul><ul><li>Clean desk policy </li></ul><ul><li>Privacy training for staff </li></ul><ul><li>Further disciplinary action if needed </li></ul>
    28. 28. <ul><li>How can issues like this be avoided in the future? </li></ul>
    29. 29. <ul><li>Secure storage of information </li></ul><ul><li>Deter office gossip </li></ul><ul><li>Respect your colleague's privacy! </li></ul>
    30. 30. <ul><li>What are the privacy issues in scenario 2? </li></ul>
    31. 31. Privacy Issues in Scenario 2 <ul><li>Password exchange – </li></ul><ul><li>Store it! </li></ul><ul><li>Unauthorised access of E-Justice – CV undertakes random and monthly audits of E-Justice access </li></ul><ul><li>Disclosure of information – </li></ul><ul><li>Share it! </li></ul>
    32. 32. Facebook & privacy <ul><li>Article from: By John Kay, London, March 24, 2009 </li></ul><ul><li>A PRISON officer has been sacked after 13 criminals, including a murderer, were discovered among friends on his Facebook page. </li></ul><ul><li>Singh was a residential landing officer in England's Leicester jail, which holds just under 400 prisoners. </li></ul><ul><li>Five months after he joined the Prison Service in January last year, an investigation was launched because Singh was suspected of supplying mobile phones and other banned items to inmates. </li></ul><ul><li>Of the 13 crooks listed, seven had been in prison for murder, drugs offences, fraud, affray and theft. </li></ul><ul><li>Singh was fired for gross misconduct. </li></ul><ul><li>We do not want this to happen in the department! </li></ul>
    33. 33. Where to go for help? <ul><li>Privacy, Freedom of Information & Records Management materials </li></ul><ul><li>are on J-NET>Our Business>Information & Knowledge </li></ul><ul><li>Each of the Dept’s business units has a Privacy Coordinator </li></ul><ul><li>Brent Carey , can be contacted on 8684 0007 or by e-mail [email_address] </li></ul><ul><li>EDRMS (records) helpdesk 8684 0555; the FOI unit 8684 0063 </li></ul><ul><li>Privacy Victoria 8619 8719 </li></ul>