Report 123 (2009) - Privacy principles - Law Reform Commission : Lawlink NSW

Where am I now? Lawlink > Homepage > Report 123 (2009) - Privacy principles	Print page
Report 123 (2009) - Privacy principles Table of contents Updates and background for this project (Digest) How to purchase a copy of this Report PDF version Terms of Reference Participants Abbreviations used in this report List of recommendations MODEL UNIFIED PRIVACY PRINCIPLES (UPPs) Introduction BACKGROUND TO THIS REPORT WHAT ARE PRIVACY PRINCIPLES? ALRC’S APPROACH TO REVIEW OF PRIVACY National uniformity Application to public sector/private sector Exemptions PURPOSE OF THIS REPORT Particular limitations 1. UPP1: Anonymity and pseudonymity INTRODUCTION What do anonymity and pseudonymity mean? Limitations Anonymity as a starting point Precedents Technologies: threat and opportunities THE ALRC’S RECOMMENDATION The current Commonwealth law Extension of the anonymity principle to agencies Pseudonymity Content and application THE CURRENT LAW IN NSW SUBMISSIONS THE COMMISSION’S CONCLUSIONS 2. UPP 2: Collection INTRODUCTION PURPOSES OF COLLECTION The ALRC’s recommendation The current law in NSW The Commission’s conclusions MEANS AND MANNER OF COLLECTION COLLECTION FROM THE INDIVIDUAL CONCERNED The ALRC’s recommendations The current law in NSW Submissions The Commission’s conclusions UNSOLICITED PERSONAL INFORMATION The ALRC’s recommendations The law in NSW Submissions The Commission’s conclusions SENSITIVE INFORMATION Current law Regulating the collection of sensitive information 3. UPP 3: Notification INTRODUCTION A SEPARATE PRINCIPLE NATURE AND TIMING Notification as a means of ensuring awareness Timing Reasonable steps include no steps EXEMPTIONS The law in NSW The Commission’s conclusion COLLECTION OF PERSONAL INFORMATION FROM A THIRD PARTY The law in NSW Submissions The Commission’s conclusion CONTENT OF NOTIFICATION The fact and circumstances of collection Collector’s identity, individual’s rights, and consequences of not providing information Purposes for which information is collected Entities to which information is usually disclosed Avenues of complaint Information required or authorised by or under law 4. UPP 4: Openness ALRC REPORT 108 Model Unified Privacy Principle 4 The rationale behind Recommendation 24-1 NSWLRC’S CONSULTATION PAPER 3 CONCLUSION 5. UPP 5: Use and disclosure INTRODUCTION Use Disclosure ALRC REPORT 108 Model Unified Privacy Principle 5 How does UPP 5 differ from the current Commonwealth principles? What is the rationale behind UPP 5? CONSULTATION PAPER 3 One principle Form of the principle THE COMMISSION’S CONCLUSIONS One principle Form of the principle 6. UPP 6: Direct marketing WHAT IS “DIRECT MARKETING”? RELEVANCE FOR NSW ALRC REPORT 108 Rationale for excluding agencies from the ambit of the direct marketing principle A direct marketing principle to apply to organisations How does UPP 6 differ from the current Commonwealth principles? THE COMMISSION’S VIEW 7. UPP 7: Data quality ALRC REPORT 108 Model Unified Privacy Principle 7 The rationale behind Recommendation 27-1 PRIVACY LEGISLATION IN NSW: CONSULTATION PAPER 3 Current data quality provisions Differences between the NSW provisions and UPP 7 Information collected indirectly from third parties Unsolicited information THE COMMISSION’S CONCLUSIONS Should NSW adopt UPP 7? Should there be a separate data quality principle regulating health information? 8. UPP 8: Data security INTRODUCTION WHAT IS A DATA SECURITY BREACH? ALRC RECOMMENDATION Model Unified Principle 8 FORMULATION OF UPP 8 Current data security obligations A single principle Reference to data breach notification provisions Prevention of loss and misuse Destruction and retention of personal information PRIVACY LEGISLATION IN NSW Current data security provisions NSWLRC Consultation Paper 3 THE COMMISSION’S CONCLUSIONS 9. UPP 9: Access and correction INTRODUCTION NSWLRC CONSULTATION PAPER 3 ALRC DISCUSSION PAPER 72 ALRC REPORT 108 ACCESS UPP 9 Current Commonwealth law How and why is UPP 9 different from current Commonwealth law relating to access of personal information? Exemptions for agencies Exemptions for organisations Commercially sensitive information Intermediaries Procedural Requirements Current law in NSW How does NSW law differ from UPP 9? CORRECTION UPP 9 Current Commonwealth law How and why is UPP 9 different from current Commonwealth law relating to correction of personal information? Current NSW law NSWLRC Consultation Paper 3 How is NSW law different from the proposed UPP 9? REFUSAL OF REQUEST TO ACCESS OR CORRECT UPP 9 How UPP 9.8 is different from current Commonwealth law How UPP 9.8 is different from NSW law CONCLUSION 10. UPP 10: Identifiers INTRODUCTION Current legislative regulation of identifiers Focus of this chapter ALRC REPORT 108 Rationale for a separate identifier principle Rationale for excluding government agencies The proposed identifier principle Ambit and distinguishing features of UPP 10 Practical application of UPP 10 Multi-purpose identifiers THE COMMISSION’S VIEW 11. UPP 11: Cross-border data flows INTRODUCTION CURRENT APPROACHES TO REGULATION OF CROSS-BORDER DATA FLOWS The adequacy approach The accountability approach The Australian approach ALRC REPORT 108 CONTENT AND DISTINGUISHING FEATURES OF UPP 11 Coverage Terminology “Transfer” Approach DEFINING ACCOUNTABILITY THE SCOPE OF APPLICATION OF UPP 11 Reasonable belief Consent “Required or authorised by or under law” ADEQUACY OF REMEDIAL ACTION INTERACTION WITH OTHER UPPs THE COMMISSION’S OVERALL VIEWS Appendix Appendix A: Submissions

Previous Page | Back to Lawlink Home | Top of Page

Last updated 22 December 2009

Crown Copyright �

Hosted by