2. INTRODUCTION
This training course aims to:
•Introduce participants to the topic of privacy.
•Provide an overview the Australian Privacy
Principles.
•Assist participants in applying the principles
to the handling of personal information.
•Help team members understand the
obligations of the Club under the Privacy Act
and Australian Privacy Principles; and
•Inform participants what to do if there is a
breach of privacy.
3. OBJECTS OF THE
PRIVACY ACT
The objects of the Privacy Act are to:
Promote the protection of the privacy of individuals.
Recognise that the protection of the privacy of individuals is balanced
with the interests of entities in carrying out their functions or
activities.
Provide the basis for nationally consistent regulation of privacy and
the handling of personal information.
Promote responsible and transparent handling of personal
information by entities.
Facilitate an efficient credit reporting system while ensuring that the
privacy of individuals is respected.
Facilitate the free flow of information across national borders while
ensuring that the privacy of individuals is respected.
Provide a means for individuals to complain about an alleged
interference with their privacy; and
Implement Australia’s international obligation in relation to privacy.
4. WHO REGULATES
PRIVACY?
The Office of the Australian Information Commissioner
(OAIC) regulates privacy and is responsible for:
• Conducting investigations.
• Reviewing decisions made under the FOI Act.
• Handling complaints.
• Monitoring agency administration.
• Providing advice to the public, government agencies
and businesses.
Individuals can make complaints to the Office of the
Australian Information Commissioner if they feel that
there has been a privacy breach. Privacy breaches will
have an impact on the Club financially, its reputation and
brand.
5. WHY DO YOU NEED TO
KNOW ABOUT PRIVACY?
Privacy is important to you and it is important to others,
it is a basic human right. People expect that their
personal information will be handled appropriately and
the Club is obligated under privacy legislation to do so.
There are many examples of new technologies which
have greatly changed the way that information can be
collected and handled.
Privacy laws provide people with more control over how
organisations handle their personal information.
Venues that are required to comply with the AUSTRALIAN
PRIVACY PRINCIPLES (APP’s), will need to understand the
set of 13 standards of law that regulate the handling of
personal information by APP entities.
6. PENALTIES –
CONSEQUENCES OF
NON COMPLIANCE
Where a ‘civil penalty provision’ breach occurs, the Office
of the Australian Information Commissioner (OAIC) can
make an application to the courts for an order to make
the entity pay a civil penalty. Penalties can apply if an
entity does, or repeatedly does an act, or engages in a
practice that is serious interference with the privacy of an
individual or privacy of one or more individuals.
The Information Commissioner may apply for an order to
contain a person from engaging in conduct that would
amount to a breach of the Privacy Act. The
Commissioner can make a formal decision or
determination where a privacy complaint has been made
against the Club; this may be an order for the Club to
apologise, pay compensation or change its practices.
7. PENALITIES –
CONSEQUENCES OF
NON COMPLIANCE
The Commissioner can carry out investigations in
response to a complaint, or on the Commissioner’s own
initiative. Civil penalties of up to $340,000 for
individuals and $1.7 million for corporations can be
imposed.
An offence under the Privacy Act will see the Criminal
Code applied. Chapter 2 of the Criminal Code (except
Part 2.5) sets out the general principles of criminal
responsibility.
8. PERSONAL
INFORMATION
Personal information means information or an opinion about an
identified individual, or an individual who is reasonably identifiable:
Whether the information or opinion is true or not; and
Whether the information or opinion is recoded in a material form or
not.
Put simply, personal information is information that identifies you or
could reasonably identify you.
Some things to think about:
Information may still be identifying even if it does not include a
person’s name.
A person’s work details can be personal information.
Information can change into personal information depending on
context.
Anything can be personal information when linked to an individual who
9. PERSONAL
INFORMATION
Think about the types of personal information that is
collected in your department.
Sensitive information is a subset of personal information
and includes, but is not limited to information about an
individual’s membership of a professional or trade
association, membership of a trade union, criminal
record or health information about an individual.
There are higher standards for collection of sensitive
information. Some exceptions apply.
10. WHAT ARE THE
AUSTRALIAN PRIVACY
PRINCIPLES?
More information can be
found on the OAIC Fact
Sheet 17.
http://www.oaic.gov.a
u/images/documents/p
rivacy/privacy-
resources/privacy-fact-
sheets/privacy-fact-
sheet-17-australian-
privacy-
principles_2.pdf
11. BREACH OF PRIVACY
A privacy breach occurs when personal information held by the Club is
lost or subjected to unauthorised access, use, modification, disclosure,
or other misuse. Data breaches can occur from:
• Lost or stolen; laptops, mobile phones, removable storage devices, or
paper records containing personal information.
• Hard disk drives and other digital storage media (integrated in other
devices, for example, multifunction printers, or otherwise) being
disposed of or returned to equipment lessors without the contents
first being erased.
• Databases containing personal information being 'hacked' into or
otherwise illegally accessed by individuals outside of the agency or
organisation.
• Employees accessing or disclosing personal information outside the
requirements or authorisation of their employment.
• Paper records stolen from insecure recycling or garbage bins.
• An agency or organisation mistakenly providing personal information
to the wrong person, for example by sending details out to the wrong
address; and
12. BREACH OF PRIVACY
If you think that there has been a breach of privacy, the
following steps must be taken:
• Contain the breach and do a preliminary assessment
• Evaluate the risks associated with the breach
• Notify the privacy officer immediately
• Prevent future breaches.
If something goes wrong…don’t just hope that no-one
will notice as the breach may escalate!