TECHNOLOGY has exposed the gaps in common law that basically leaves the issue of privacy of the individual untouched.
TECHNOLOGY has exposed the gaps in common law that basically leaves the issue of privacy of the individual untouched.
Legislation already is in place to control how Australian Govern-ments and their authorities can use information about citizens, but the private sector has been left largely unhindered by such restrictions.
But growing sophistication of database collection, increasingly global information transfers and questions over the security of information collected on members of the public have led to concerns about who controls information about us and how they got it.
Every time we tick a box in a survey or register for a new website, information about us is collated somewhere.
There is even technology which can secretly record your Internet viewing patterns. That is aimed at targeting advertising to you. But where such intimate knowledge is stored and who gets access to it is something of a mystery to most.
New laws coming into force from December 21 will outline how the private sector can go about such activity, from the collection and storage, to dissemination and security.
The new Privacy Act will be a double-edged sword for most people.
In private, Internet users will welcome the new restrictions on troublesome, uninvited advertising “spam” email, and other unsolicited circulation of private details.
But sweeping changes threaten another wave of compliance, likened to Y2K and the GST.
Those in private commerce should be concerned at the changes that will need to be made to their operating systems and storage of data to comply with the Act.
“Seventy per cent of business activity will be covered by the Privacy Act” Federal Privacy Commissioner Malcolm Crompton said.
“Privacy is a fundamental human right that needs to be respected in a modern democracy. It is for this reason that I welcome the Govern-ment’s move to extend the privacy legislation to the private sector.”
Acting chief executive of the Department of Commerce and Trade, Dr Paul Schapper, has urged Western Australian private sector companies to improve their understanding of the impact of the new federal legislation covering the privacy aspect of gathering, holding and distributing personal information.
“Some companies are unaware of their responsibilities under the Privacy Amendment (Private Sector) Act 2000. There is still a general feeling that the Privacy Act won’t affect them,” Dr Schapper said.
“The new legislation is aimed at protecting an individual’s rights, and with so much information being transferred electronically, there is a real potential for misuse of that information.”
This particularly was the case for companies involved in direct marketing and advertising, and which maintained and distributed client information, he said.
Unlike the old Privacy Act and the Freedom of Information Act, the new legislation applies to “private sector organisations”, including individuals, body corporates, partnerships, unincorporated associations and trusts with an annual turnover of greater than $3m.
The thrust of the legislation is to ensure that a person’s private details are not disseminated without their prior consent.
Consent may be obtained in different forms and issues of capacity, age and culture need to be considered.
The Act has provisions detailing how information should be collected, handled, stored and kept up to date.
The effect of the legislation is evident, for instance, when organisations such as the Australian Direct Marketing Association announced that its Do Not Mail/Call Service will be made available to all organisations across Australia who rent or sell marketing lists.
The service enables consumers to have their names removed from the lists by registering with the ADMA.
What You Need to Do
p Appoint a privacy officer.
p Consult a privacy expert or self educate.
p Develop a privacy policy.
p Educate all staff.
p Do an audit of all data collection processes. Eliminate irrelevant information collection.
p Identify data being collected directly, and indirectly, from third parties.
p Do an audit of all data storage and its security. Is it correct? Secure? Sensitive?
p Integrate data bases to enable ease of accessibility.
p Update all application forms.
p Put privacy policy on website.
p Differentiate between data collected before and after 21/12/01.
p Choose between the NPPs or an industry code.
Legislation already is in place to control how Australian Govern-ments and their authorities can use information about citizens, but the private sector has been left largely unhindered by such restrictions.
But growing sophistication of database collection, increasingly global information transfers and questions over the security of information collected on members of the public have led to concerns about who controls information about us and how they got it.
Every time we tick a box in a survey or register for a new website, information about us is collated somewhere.
There is even technology which can secretly record your Internet viewing patterns. That is aimed at targeting advertising to you. But where such intimate knowledge is stored and who gets access to it is something of a mystery to most.
New laws coming into force from December 21 will outline how the private sector can go about such activity, from the collection and storage, to dissemination and security.
The new Privacy Act will be a double-edged sword for most people.
In private, Internet users will welcome the new restrictions on troublesome, uninvited advertising “spam” email, and other unsolicited circulation of private details.
But sweeping changes threaten another wave of compliance, likened to Y2K and the GST.
Those in private commerce should be concerned at the changes that will need to be made to their operating systems and storage of data to comply with the Act.
“Seventy per cent of business activity will be covered by the Privacy Act” Federal Privacy Commissioner Malcolm Crompton said.
“Privacy is a fundamental human right that needs to be respected in a modern democracy. It is for this reason that I welcome the Govern-ment’s move to extend the privacy legislation to the private sector.”
Acting chief executive of the Department of Commerce and Trade, Dr Paul Schapper, has urged Western Australian private sector companies to improve their understanding of the impact of the new federal legislation covering the privacy aspect of gathering, holding and distributing personal information.
“Some companies are unaware of their responsibilities under the Privacy Amendment (Private Sector) Act 2000. There is still a general feeling that the Privacy Act won’t affect them,” Dr Schapper said.
“The new legislation is aimed at protecting an individual’s rights, and with so much information being transferred electronically, there is a real potential for misuse of that information.”
This particularly was the case for companies involved in direct marketing and advertising, and which maintained and distributed client information, he said.
Unlike the old Privacy Act and the Freedom of Information Act, the new legislation applies to “private sector organisations”, including individuals, body corporates, partnerships, unincorporated associations and trusts with an annual turnover of greater than $3m.
The thrust of the legislation is to ensure that a person’s private details are not disseminated without their prior consent.
Consent may be obtained in different forms and issues of capacity, age and culture need to be considered.
The Act has provisions detailing how information should be collected, handled, stored and kept up to date.
The effect of the legislation is evident, for instance, when organisations such as the Australian Direct Marketing Association announced that its Do Not Mail/Call Service will be made available to all organisations across Australia who rent or sell marketing lists.
The service enables consumers to have their names removed from the lists by registering with the ADMA.
What You Need to Do
p Appoint a privacy officer.
p Consult a privacy expert or self educate.
p Develop a privacy policy.
p Educate all staff.
p Do an audit of all data collection processes. Eliminate irrelevant information collection.
p Identify data being collected directly, and indirectly, from third parties.
p Do an audit of all data storage and its security. Is it correct? Secure? Sensitive?
p Integrate data bases to enable ease of accessibility.
p Update all application forms.
p Put privacy policy on website.
p Differentiate between data collected before and after 21/12/01.
p Choose between the NPPs or an industry code.
