Privacy Act (1988)

Privacy Laws
Safeguard personal information or sensitive information stored by organisations about people

Personal Information

 * name, address, age, sex
 * shopping habits, personal opinions
 * living arrangements, partners, children
 * does not include records held by an employer about an employee, including health information
 * so an employer who stores employee's health info is not necessarily subject to privacy laws

Sensitive Information

 * racial or ethic origin
 * political opinions
 * membership of a political association
 * religious beliefs or affiliations
 * philosophical beliefs
 * membership of a trade union
 * sexual preferences or practices
 * criminal record

Medical Information

 * medical history
 * current medical condition and treatments
 * dental records
 * genetic information
 * notes and opinions of health service provider (e.g. doctor, psychiatrist)

1. Collection
Organisations should only collect personal information that is necessary for one or more of it's functions and activities

2. Use and Disclosure
An organisation must not use or disclose information about an individual for any other purpose (a secondary purpose) other than the purpose for which the information was collected

3. Data Quality
An organisation must take reasonable steps to ensure that the personal information it collects, uses or discloses is  accurate, complete and up-to-date 

4. Data Security
An organisation must take reasonable steps to ensure that the personal information that it collects is  protected from misuse such  as as unauthorized access, modification or disclosure or loss

5. Openness
An organisation must set out in a document, a  clearly expressed policy on it's management of personal information  and make this document available to anyone who asks for it

6. Access and Correction
If an organisation holds personal information about an individual, it must  provide the individual with access to the information  on request by the individual

7. Identifiers

 * An organisation cannot use the same identifier that another organisation uses to identify an individual (e.g. Tax File Number, Medicare number)
 * Must create their own identifier (e.g. account number, user ID)
 * Why? To look up data mining collating info on an individual from several different databases

8. Anonymity
Where it is lawful and practicable, individuals must have the opinion of  not identifying themselves  when entering transactions with an organisations

9. Transborder Data Flow
An organisation in Australia or an external territory may not transfer personal information about an individual to someone, other than the organisation or individual who is in a  foreign country , without the consent of the individual

10. Sensitive Information
An organisation must not collect sensitive information about an individual unless the individual has consented, or law requires the collection