An Introduction to the Privacy Act - PowerPoint PPT Presentation

Loading...

PPT – An Introduction to the Privacy Act PowerPoint presentation | free to download - id: 64f008-NGZmN



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

An Introduction to the Privacy Act

Description:

Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people rather than physical intrusions into privacy ... – PowerPoint PPT presentation

Number of Views:30
Avg rating:3.0/5.0
Slides: 28
Provided by: PrivacyCo
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: An Introduction to the Privacy Act


1
An Introduction to the Privacy Act
2
Privacy Act 1993
  • Promotes and protects individual privacy
  • Is concerned with the privacy of information
    about people rather than physical intrusions into
    privacy
  • Establishes 12 information privacy principles
    which regulate the collection, storage, use and
    disclosure of personal information and give
    people the right to access and correct their
    information
  • Allows the Privacy Commissioner to issue industry
    specific codes of practice
  • Sets out rules for information matching
  • Provides a set of principles regulating how
    information on public registers can be used
  • Sets up a complaints procedure
  • Sets out how law enforcement information is to be
    dealt with
  • Provides for the appointment of a Privacy
    Commissioner and sets out his role and functions

3
Definition of Personal Information
  • Information about an identifiable individual
  • Does not include information about a corporate
    body

4
Agency
  • Any person or body of persons
  • Corporate or unincorporate
  • Public or private sector
  • Some exceptions MPs, courts and tribunals, news
    media in relation to its news activities
  • Sections 3 and 4

5
Breach of IPP AND Adverse Consequence Results in
Interference With Individuals Privacy
Breach
Interference
Loss
6
Interference With Privacy (Access)
Interference with privacy if there is no proper
basis for
  • Referral
  • Failure to respond within 20 working days
  • Conditions on use
  • Charging
  • Refusal to correct

7
IPP 1 - Purpose of Collection of Personal
Information
Not to be collected by an agency unless
  • Information is collected for a lawful purpose
    connected with the function / activity of the
    agency
  • Collection necessary for that purpose

ISSUES Lawful purpose? Is it purpose connected
with a function / activity of the agency? Is
collection necessary for that purpose?
8
IPP 2 - Source of Personal Information
  • Where an agency collects personal information,
    the agency shall collect the information directly
    from the individual concerned.
  • No compliance permissible where the agency
    believes, on reasonable grounds, that
  • Individual has authorised collection of the
    information from someone else
  • Compliance would prejudice the purpose of that
    collection
  • Compliance not reasonably practicable in the
    circumstances

(Non-compliance permissible on certain other
grounds)
9
IPP 3 - Collection of Personal Information From
Subject (A)
  • Where personal information collected directly
    from individual concerned, agency required to
    take reasonable steps to ensure individual is
    aware of
  • Fact information is being collected
  • Purpose for which information is collected
  • Intended recipients of information
  • Contact details for agencies collecting and
    holding information
  • Whether supply of information is mandatory /
    voluntary (Where law authorises / requires
    collection)
  • Consequences if information not supplied
  • Rights of access and correction
  • Provide these details before
  • collection if practicable

10
IPP 3 - Collection of Personal Information From
Subject (B)
Non-compliance permissible where agency believes,
on reasonable grounds, that
  • It is authorised by the individual
  • It would not prejudice the individuals interests
  • Compliance would prejudice purposes of collection
  • Also certain other grounds IPP 3(4)
  • Repeat explanation not necessary
  • If given recently

11
IPP 4 - Manner of Collection of Personal
Information
Personal information must not be collected by
  • Unlawful means
  • Means that, in the circumstances are,
  • - Unfair
  • - Unreasonably intrude upon the
  • Individuals personal affairs

12
KEY CONCEPTS PURPOSE AND OPENNESS
Develop information handling policies
Convey policies when collecting information
13
IPP 5 - Storage and Security of Information
Agency holding personal information must take
reasonable security safeguards to protect against
  • Loss
  • Unauthorised access, use, modification or
    disclosure
  • Other misuse

ISSUES Physical security? Operational
security? Security of transmission? Disposal or
destruction?
14
IPP 6 - Access to Personal Information
  • Where an agency holds personal information in a
    way that it can readily be retrieved, individuals
    are entitled to have access to information
    relating to them

15
IPP 6 - Access to Personal Information
  • Obligations of agencies to
  • Provide assistance
  • Transfer access requests
  • Respond within time limits
  • Make information available in form requested
  • Precautions by appropriate procedures
  • Satisfactory identification of individual
  • Authority of agent
  • Charges
  • No charge by public sector agency
  • Reasonable charges by others

16
Withholding Grounds - Principle 6
  • 27(1)(c) - prejudice maintenance of law
  • 27(1)(d) - endanger safety
  • 29(1)(a) - unwarranted disclosure
  • 29(1)(c) - prejudice physical / mental health
  • 29(2) - not readily retrievable / cannot be
    found / does not exist

17
IPP 7 - Correction of Personal Information
  • An individual is entitled to request the
    correction of information
  • Agency must either
  • Agency must notify known recipients of the
    information about this correction

Make correction OR Attach statement by individual
of correction sought
18
IPP 8 - Accuracy of Personal Information to Be
Checked Before Use
  • Agencies must take reasonable steps to ensure
    personal information is accurate before using it

19
IPP 9 - Agency Not to Keep Personal Information
or Longer Than Necessary
  • Agency holding personal information shall not
    keep it for longer than required for the purposes
    for which it may lawfully be used.

ISSUES Should it be retained at all? If so, for
how long? Note legal obligations to retain, eg.
tax, medical records Consider return,
destruction, transfer
20
IPP 10 - Limits on Use of Personal Information
  • Personal information collected for one purpose
    cannot be used for another purpose unless agency
    believes, on reasonable grounds, that
  • (Non-compliance permissible on
  • Certain other grounds)
  • Use for other purpose authorised by individual
    concerned
  • Information sourced from publicly available
    publication
  • Use for other purpose necessary to prevent or
    lessen a serious and imminent threat to
  • - public health / safety
  • - life / health of someone
  • Purpose is directly related to the purpose for
    which it was collected

21
IPP 11 - Limits of Disclosure of Personal
Information
  • An agency shall not disclose personal information
    unless it believes, on reasonable grounds, that
    disclosure
  • (Non compliance permissible on
  • Certain other grounds)
  • Is to the individual concerned
  • Is authorised by the individual
  • Is one of the purposes in connection with which
    the information was obtained or is a directly
    related purpose
  • Is in a form in which the individual is not
    identified

22
Information Privacy Principle 11
Dont do it unless
DISCLOSURE
Research (No ID)
Purpose of Collection
Publicly Available
Maintenance of the Law
To the Person
Public Health or Safety
Needed to sell Business
Authorised by Privacy Commissioner
23
IPP 12 - Unique Identifiers
  • Agencies not to assign unique identifiers unless
    necessary to enable them to carry out their
    functions efficiently
  • Agencies not to assign unique identifier that has
    been assigned by another agency
  • Clearly identify the individual before assigning
    unique identifier
  • Agencies not to require people to disclose a
    unique identifier assigned by another agency
    unless disclosure is for the purposes for which
    that unique identifier was assigned

24
Complaints Process
Notification
Investigation
Commissioner assists parties with settlement
Provisional Opinion - with right of response
Final opinion
Referred by Complainant
Referred by Privacy Commissioner
Complaints Review Tribunal
25
Privacy Act and Official Information Act
Interface
Requester X asks for information about himself
Privacy Act
  • IPP 6
  • Part IV Privacy Act
  • Sections 27-29 -
  • withholding grounds
  • apply

Official Information Act
Requester X asks for information about Y
Section 5 Presumption of availability Unless
good reason for withholding information Section
9(2)(a) protect privacy of natural persons
26
Other Legislation
Action authorised by other Legislation
Privacy Act Does not Derogate
27
Dont blame the Privacy Act
  • Telephone 04-474 7590
  • Enquiries hotline 0800 803 909
  • Or 09-302 8655
  • Email privacy_at_actrix.co.nz
  • Internet address http//www.privacy.org.nz
  • Postal address Privacy Commissioner
  • PO Box 10-094
  • Wellington
About PowerShow.com