SlideShare a Scribd company logo

4514611.ppt

Download as PPT, PDF
S
ssusera4419c

security training

Technology
1 of 12
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training
INTRODUCTION This training course aims to: •Introduce participants to the topic of privacy. •Provide an overview the Australian Privacy Principles. •Assist participants in applying the principles to the handling of personal information. •Help team members understand the obligations of the Club under the Privacy Act and Australian Privacy Principles; and •Inform participants what to do if there is a breach of privacy.
OBJECTS OF THE PRIVACY ACT The objects of the Privacy Act are to:  Promote the protection of the privacy of individuals.  Recognise that the protection of the privacy of individuals is balanced with the interests of entities in carrying out their functions or activities.  Provide the basis for nationally consistent regulation of privacy and the handling of personal information.  Promote responsible and transparent handling of personal information by entities.  Facilitate an efficient credit reporting system while ensuring that the privacy of individuals is respected.  Facilitate the free flow of information across national borders while ensuring that the privacy of individuals is respected.  Provide a means for individuals to complain about an alleged interference with their privacy; and  Implement Australia’s international obligation in relation to privacy.
WHO REGULATES PRIVACY? The Office of the Australian Information Commissioner (OAIC) regulates privacy and is responsible for: • Conducting investigations. • Reviewing decisions made under the FOI Act. • Handling complaints. • Monitoring agency administration. • Providing advice to the public, government agencies and businesses. Individuals can make complaints to the Office of the Australian Information Commissioner if they feel that there has been a privacy breach. Privacy breaches will have an impact on the Club financially, its reputation and brand.
WHY DO YOU NEED TO KNOW ABOUT PRIVACY? Privacy is important to you and it is important to others, it is a basic human right. People expect that their personal information will be handled appropriately and the Club is obligated under privacy legislation to do so. There are many examples of new technologies which have greatly changed the way that information can be collected and handled. Privacy laws provide people with more control over how organisations handle their personal information. Venues that are required to comply with the AUSTRALIAN PRIVACY PRINCIPLES (APP’s), will need to understand the set of 13 standards of law that regulate the handling of personal information by APP entities.
PENALTIES – CONSEQUENCES OF NON COMPLIANCE Where a ‘civil penalty provision’ breach occurs, the Office of the Australian Information Commissioner (OAIC) can make an application to the courts for an order to make the entity pay a civil penalty. Penalties can apply if an entity does, or repeatedly does an act, or engages in a practice that is serious interference with the privacy of an individual or privacy of one or more individuals. The Information Commissioner may apply for an order to contain a person from engaging in conduct that would amount to a breach of the Privacy Act. The Commissioner can make a formal decision or determination where a privacy complaint has been made against the Club; this may be an order for the Club to apologise, pay compensation or change its practices.
PENALITIES – CONSEQUENCES OF NON COMPLIANCE The Commissioner can carry out investigations in response to a complaint, or on the Commissioner’s own initiative. Civil penalties of up to $340,000 for individuals and $1.7 million for corporations can be imposed. An offence under the Privacy Act will see the Criminal Code applied. Chapter 2 of the Criminal Code (except Part 2.5) sets out the general principles of criminal responsibility.
PERSONAL INFORMATION Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable: Whether the information or opinion is true or not; and Whether the information or opinion is recoded in a material form or not. Put simply, personal information is information that identifies you or could reasonably identify you. Some things to think about: Information may still be identifying even if it does not include a person’s name. A person’s work details can be personal information. Information can change into personal information depending on context. Anything can be personal information when linked to an individual who
PERSONAL INFORMATION  Think about the types of personal information that is collected in your department. Sensitive information is a subset of personal information and includes, but is not limited to information about an individual’s membership of a professional or trade association, membership of a trade union, criminal record or health information about an individual. There are higher standards for collection of sensitive information. Some exceptions apply.
WHAT ARE THE AUSTRALIAN PRIVACY PRINCIPLES? More information can be found on the OAIC Fact Sheet 17. http://www.oaic.gov.a u/images/documents/p rivacy/privacy- resources/privacy-fact- sheets/privacy-fact- sheet-17-australian- privacy- principles_2.pdf
BREACH OF PRIVACY A privacy breach occurs when personal information held by the Club is lost or subjected to unauthorised access, use, modification, disclosure, or other misuse. Data breaches can occur from: • Lost or stolen; laptops, mobile phones, removable storage devices, or paper records containing personal information. • Hard disk drives and other digital storage media (integrated in other devices, for example, multifunction printers, or otherwise) being disposed of or returned to equipment lessors without the contents first being erased. • Databases containing personal information being 'hacked' into or otherwise illegally accessed by individuals outside of the agency or organisation. • Employees accessing or disclosing personal information outside the requirements or authorisation of their employment. • Paper records stolen from insecure recycling or garbage bins. • An agency or organisation mistakenly providing personal information to the wrong person, for example by sending details out to the wrong address; and
BREACH OF PRIVACY If you think that there has been a breach of privacy, the following steps must be taken: • Contain the breach and do a preliminary assessment • Evaluate the risks associated with the breach • Notify the privacy officer immediately • Prevent future breaches. If something goes wrong…don’t just hope that no-one will notice as the breach may escalate!

Recommended

POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINAL
Imraan Kharwa
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
Tushar Rajput
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Diana Maier
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Financial Poise
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
Financial Poise
 
MDCC: Privacy and trade practices - 29 October 2014
MDCC: Privacy and trade practices - 29 October 2014MDCC: Privacy and trade practices - 29 October 2014
MDCC: Privacy and trade practices - 29 October 2014
Infodec Communications
 
Group 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptxGroup 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptx
StephenQuijano3
 

Recommended

POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINAL
Imraan Kharwa
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
Tushar Rajput
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Diana Maier
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Financial Poise
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
Financial Poise
 
MDCC: Privacy and trade practices - 29 October 2014
MDCC: Privacy and trade practices - 29 October 2014MDCC: Privacy and trade practices - 29 October 2014
MDCC: Privacy and trade practices - 29 October 2014
Infodec Communications
 
Group 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptxGroup 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptx
StephenQuijano3
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
Caroline Boscher
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
Donald E. Hester
 
Privacy Needs to be Personal
Privacy Needs to be PersonalPrivacy Needs to be Personal
Privacy Needs to be Personal
National University
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
Owako Rodah
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!
catherinecoulter
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!
catherinecoulter
 
2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop
Paul Jacobson
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)
Robert MacLean
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
Christo W. Meyer
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
Next Dimension Inc.
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptx
JaeKim165097
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
Privacy and Civil Liberties
Privacy and Civil LibertiesPrivacy and Civil Liberties
Privacy and Civil Liberties
Upekha Vandebona
 
Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015
Patrick Doyle
 
Privacy Ordinance in Hong Kong
Privacy Ordinance in Hong KongPrivacy Ordinance in Hong Kong
Privacy Ordinance in Hong Kong
若水 鲁
 
2014-09-18 Protection of Personal Information Act readiness workshop
2014-09-18 Protection of Personal Information Act readiness workshop2014-09-18 Protection of Personal Information Act readiness workshop
2014-09-18 Protection of Personal Information Act readiness workshop
Paul Jacobson
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance booklet
Gerardo Medina
 
The changing face of privacy laws
The changing face of privacy lawsThe changing face of privacy laws
The changing face of privacy laws
Russell_Kennedy
 
1307 Privacy Act
1307 Privacy Act1307 Privacy Act
1307 Privacy Act
Zowie Murray
 
Privacy Information for Nonprofit Organizations in Alberta
Privacy Information for Nonprofit Organizations in AlbertaPrivacy Information for Nonprofit Organizations in Alberta
Privacy Information for Nonprofit Organizations in Alberta
Volunteer Alberta
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Zilliz
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 

More Related Content

Similar to 4514611.ppt

What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!
catherinecoulter
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!
catherinecoulter
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
Privacy Ordinance in Hong Kong
Privacy Ordinance in Hong KongPrivacy Ordinance in Hong Kong
Privacy Ordinance in Hong Kong
若水 鲁
 
Privacy Information for Nonprofit Organizations in Alberta
Privacy Information for Nonprofit Organizations in AlbertaPrivacy Information for Nonprofit Organizations in Alberta
Privacy Information for Nonprofit Organizations in Alberta
Volunteer Alberta
 

Similar to 4514611.ppt (20)

GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
 
Privacy Needs to be Personal
Privacy Needs to be PersonalPrivacy Needs to be Personal
Privacy Needs to be Personal
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!
 
2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptx
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
Privacy and Civil Liberties
Privacy and Civil LibertiesPrivacy and Civil Liberties
Privacy and Civil Liberties
 
Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015
 
Privacy Ordinance in Hong Kong
Privacy Ordinance in Hong KongPrivacy Ordinance in Hong Kong
Privacy Ordinance in Hong Kong
 
2014-09-18 Protection of Personal Information Act readiness workshop
2014-09-18 Protection of Personal Information Act readiness workshop2014-09-18 Protection of Personal Information Act readiness workshop
2014-09-18 Protection of Personal Information Act readiness workshop
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance booklet
 
The changing face of privacy laws
The changing face of privacy lawsThe changing face of privacy laws
The changing face of privacy laws
 
1307 Privacy Act
1307 Privacy Act1307 Privacy Act
1307 Privacy Act
 
Privacy Information for Nonprofit Organizations in Alberta
Privacy Information for Nonprofit Organizations in AlbertaPrivacy Information for Nonprofit Organizations in Alberta
Privacy Information for Nonprofit Organizations in Alberta
 

Recently uploaded

The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
WSO2
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Recently uploaded (20)

Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 

4514611.ppt

  • 2. INTRODUCTION This training course aims to: •Introduce participants to the topic of privacy. •Provide an overview the Australian Privacy Principles. •Assist participants in applying the principles to the handling of personal information. •Help team members understand the obligations of the Club under the Privacy Act and Australian Privacy Principles; and •Inform participants what to do if there is a breach of privacy.
  • 3. OBJECTS OF THE PRIVACY ACT The objects of the Privacy Act are to:  Promote the protection of the privacy of individuals.  Recognise that the protection of the privacy of individuals is balanced with the interests of entities in carrying out their functions or activities.  Provide the basis for nationally consistent regulation of privacy and the handling of personal information.  Promote responsible and transparent handling of personal information by entities.  Facilitate an efficient credit reporting system while ensuring that the privacy of individuals is respected.  Facilitate the free flow of information across national borders while ensuring that the privacy of individuals is respected.  Provide a means for individuals to complain about an alleged interference with their privacy; and  Implement Australia’s international obligation in relation to privacy.
  • 4. WHO REGULATES PRIVACY? The Office of the Australian Information Commissioner (OAIC) regulates privacy and is responsible for: • Conducting investigations. • Reviewing decisions made under the FOI Act. • Handling complaints. • Monitoring agency administration. • Providing advice to the public, government agencies and businesses. Individuals can make complaints to the Office of the Australian Information Commissioner if they feel that there has been a privacy breach. Privacy breaches will have an impact on the Club financially, its reputation and brand.
  • 5. WHY DO YOU NEED TO KNOW ABOUT PRIVACY? Privacy is important to you and it is important to others, it is a basic human right. People expect that their personal information will be handled appropriately and the Club is obligated under privacy legislation to do so. There are many examples of new technologies which have greatly changed the way that information can be collected and handled. Privacy laws provide people with more control over how organisations handle their personal information. Venues that are required to comply with the AUSTRALIAN PRIVACY PRINCIPLES (APP’s), will need to understand the set of 13 standards of law that regulate the handling of personal information by APP entities.
  • 6. PENALTIES – CONSEQUENCES OF NON COMPLIANCE Where a ‘civil penalty provision’ breach occurs, the Office of the Australian Information Commissioner (OAIC) can make an application to the courts for an order to make the entity pay a civil penalty. Penalties can apply if an entity does, or repeatedly does an act, or engages in a practice that is serious interference with the privacy of an individual or privacy of one or more individuals. The Information Commissioner may apply for an order to contain a person from engaging in conduct that would amount to a breach of the Privacy Act. The Commissioner can make a formal decision or determination where a privacy complaint has been made against the Club; this may be an order for the Club to apologise, pay compensation or change its practices.
  • 7. PENALITIES – CONSEQUENCES OF NON COMPLIANCE The Commissioner can carry out investigations in response to a complaint, or on the Commissioner’s own initiative. Civil penalties of up to $340,000 for individuals and $1.7 million for corporations can be imposed. An offence under the Privacy Act will see the Criminal Code applied. Chapter 2 of the Criminal Code (except Part 2.5) sets out the general principles of criminal responsibility.
  • 8. PERSONAL INFORMATION Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable: Whether the information or opinion is true or not; and Whether the information or opinion is recoded in a material form or not. Put simply, personal information is information that identifies you or could reasonably identify you. Some things to think about: Information may still be identifying even if it does not include a person’s name. A person’s work details can be personal information. Information can change into personal information depending on context. Anything can be personal information when linked to an individual who
  • 9. PERSONAL INFORMATION  Think about the types of personal information that is collected in your department. Sensitive information is a subset of personal information and includes, but is not limited to information about an individual’s membership of a professional or trade association, membership of a trade union, criminal record or health information about an individual. There are higher standards for collection of sensitive information. Some exceptions apply.
  • 10. WHAT ARE THE AUSTRALIAN PRIVACY PRINCIPLES? More information can be found on the OAIC Fact Sheet 17. http://www.oaic.gov.a u/images/documents/p rivacy/privacy- resources/privacy-fact- sheets/privacy-fact- sheet-17-australian- privacy- principles_2.pdf
  • 11. BREACH OF PRIVACY A privacy breach occurs when personal information held by the Club is lost or subjected to unauthorised access, use, modification, disclosure, or other misuse. Data breaches can occur from: • Lost or stolen; laptops, mobile phones, removable storage devices, or paper records containing personal information. • Hard disk drives and other digital storage media (integrated in other devices, for example, multifunction printers, or otherwise) being disposed of or returned to equipment lessors without the contents first being erased. • Databases containing personal information being 'hacked' into or otherwise illegally accessed by individuals outside of the agency or organisation. • Employees accessing or disclosing personal information outside the requirements or authorisation of their employment. • Paper records stolen from insecure recycling or garbage bins. • An agency or organisation mistakenly providing personal information to the wrong person, for example by sending details out to the wrong address; and
  • 12. BREACH OF PRIVACY If you think that there has been a breach of privacy, the following steps must be taken: • Contain the breach and do a preliminary assessment • Evaluate the risks associated with the breach • Notify the privacy officer immediately • Prevent future breaches. If something goes wrong…don’t just hope that no-one will notice as the breach may escalate!