Director, Regulation and Strategy

Slides:

Advertisements

Similar presentations

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

Advertisements

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date:

AMSRO Leaders Forum 2014 Presentation by Timothy Pilgrim to AMSRO Sydney, Thursday 20 March 2014.

CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.

The Data Protection (Jersey) Law 2005.

C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 10 Privacy Policy © Routledge Richard.

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

The Australian Privacy Principles Protecting information rights – advancing information policy.

Presentation by Mark Grady Vancouver Island University June 13, 2012.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

Information Privacy Policy in Canada Presented By: Sue Wu.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Volunteers and the Law Riverland Community Legal Service Inc.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Protecting information rights – advancing information policy Privacy law reform for APP entities (organisations)

Jayne Van Souwe, Principal, Wallis Consulting Group Andrew Maher, Partner, HR Legal.

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University

13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.

HIPAA PRIVACY AND SECURITY AWARENESS.

Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.

Protecting information rights – advancing information policy The Australian Privacy Principles.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Managing Risks Associated With Privacy Alison Baker- Senior Associate Hall & Wilcox 24 November

Privacy Impact Assessments Iain Bourne, Group Manager, Policy Delivery Information Commissioner’s Office, UK Workshop on data protection and the internet:

Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

IT Applications Theory Slideshows By Mark Kelly Vceit.com Privacy Laws.

Privacy in the Workplace Roland Hassall, Partner Date: 12 November 2015.

An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Federal Privacy Law Coverage and new requirements CLCNSW presentation 20 May 2014 Patrick Fair Partner Baker & McKenzie.

HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.

The New Privacy Principles and Schools Charles Alexander Veronica Scott March2014 ME_ _3 (PPT)

Understanding Privacy An Overview of our Responsibilities.

2011 Annual May Workshop The Australian Privacy Law Reform Project: a snapshot Karin Clark 4 May 2011.

Understanding Privacy An Overview of our Responsibilities.

The Data Protection Act 1998

UNHCR‘s Policy on the Protection of Personal Data of Persons of Concern - An introduction (October 2016)

Data Protection Officer’s Overview of the GDPR

Enforcement, Business Associates and Breach Notification. Oh my!

Privacy principles Individual written policies

Surveying the privacy landscape

IT Applications Theory Slideshows

Privacy principles Individual written policies

APP entities (organisations)

The Data Protection Act 1998

Data workshop WhOSE DATA IS IT ANYWAY? Alexia Christie

The European Union General Data Protection Regulation (GDPR)

Notifiable data breaches Roundtable

GENERAL DATA PROTECTION REGULATION (GDPR)

Move this to online module slides 11-56

State of the privacy union

Data Protection principles

Move this to online module slides 11-56

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

D3 Confidentiality.

Information management and communication

General Data Protection Regulations 2018

By The Data Protection Commissioner

Tools & Approaches for Ongoing Privacy Compliance

Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.

Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas

HIPAA Privacy and Security Update - 5 Years After Implementation

Move this to online module slides 11-56

Data protection & FOIA considerations

Colorado “Protections For Consumer Data Privacy” Law

Presentation transcript:

Director, Regulation and Strategy Getting privacy right Jacob Suidgeest Director, Regulation and Strategy www.oaic.gov.au 1

Outline Office functions and jurisdiction The co Office functions and jurisdiction Costs to business of getting privacy wrong Securing personal information Disclosure of personal information www.oaic.gov.au 2

Office of the Australian Information Commissioner (OAIC) The co Extensive range of functions in Freedom of Information, Information Policy and Privacy Privacy functions drawn from the Privacy Act 1988 OAIC may be replaced by an Office of the Privacy Commissioner www.oaic.gov.au 3

What does the Privacy Act cover The co Privacy Act 1988 provides for the protection of an individual’s personal information Privacy Act contains provisions that deal with: ‘personal information’ ‘sensitive information’ (which includes health information) The OAIC also regulates: credit reporting information, TFNs, Healthcare Identifiers, Personally Controlled Electronic Health Records www.oaic.gov.au 4

Who does the Privacy Act cover The co Australian Government agencies Businesses with turnover of more than $3 million All private health service providers Exemptions: employee records, some small business, media Others relating to credit reporting, healthcare identifiers, PCEHR, TFNs www.oaic.gov.au 5

Australian Privacy Principles The co 13 APPs replace IPPs and NPPs Single set of principles APPs apply to both private and public sectors – called ‘APP entities’ Structured to reflect the information life cycle from organisational preparedness, collection, through to use and disclosure, security and access and correction www.oaic.gov.au 6

Recent data breaches The co ‘80 Million Anthem customers hacked in data breach’ News8 ‘DNA test names exposed online’ The Australian ‘Medical records discovered in garden shed after robbery’ IT News www.oaic.gov.au 7

Community expectations The co 90% of Australians continue to be concerned about their personal information being sent overseas 95% of people say that they should be informed how their information is handled and protected, and if it is lost 74% of Australians are more concerned about the privacy of their personal information in the online environment than they were 5 years ago 63% of Australians have chosen to not deal with a public or private sector organisation due to concerns about the way their personal information is used or protected www.oaic.gov.au 8

Securing personal information The co Entities must account for the Human element Mobile devices and bring your own devices Trusted insider risk Embedding privacy into projects www.oaic.gov.au 9

Use and disclosure Is it personal information? means information or an opinion about an identified individual, or an individual who is reasonably identifiable…… www.oaic.gov.au 10

Use and disclosure APP 6 says you can use or disclose information for the primary purpose for which it was collected. To use it for a secondary purpose an exception must apply. www.oaic.gov.au 11

Use and disclosure APP 6.1(a) consent APP 6.2(a) -The individual would reasonably expect that secondary use or disclosure and - the use or disclosure is related (directly related for sensitive information) to the primary purpose of collection www.oaic.gov.au 12

Use and disclosure APP 6.2(b) use or disclosure is required or authorised by law APP 6.2(e) the APP entity reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body. www.oaic.gov.au 13

Use and disclosure s16A permitted situation 2: the entity has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the entity's functions or activities has been, is being or may be engaged in; and (b) the entity reasonably believes that the collection, use or disclosure is necessary in order for the entity to take appropriate action in relation to the matter. www.oaic.gov.au 14

Stay up-to-date www.oaic.gov.au Privacy Awareness Week: 3–9 May 2015 The co Privacy Awareness Week: 3–9 May 2015 APP guidelines Data breach notification guide Privacy impact assessment guide Guide to Securing Personal Information www.oaic.gov.au 15

www.oaic.gov.au www.oaic.gov.au 16