Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding Privacy An Overview of our Responsibilities.

Published byJennifer Ward Modified over 8 years ago

Similar presentations

Presentation on theme: "Understanding Privacy An Overview of our Responsibilities."— Presentation transcript:

1 Understanding Privacy An Overview of our Responsibilities

2 Gioconda Di Lorenzo - University Secretary Privacy Officer & Freedom of Information Officer Education and Regulatory Compliance – Legal & Risk Raffaella Di Maio Privacy & Freedom of Information Coordinator Mary Oppy Education and Training Officer Introductions Education & Regulatory Compliance Legal & Risk, University Services Raffaella Di Maio & Mary Oppy

3 Information Privacy  What Governs Information Privacy?  The 10 Information Privacy Principles  The information privacy lifecycle  Managing Breaches Education & Regulatory Compliance Legal & Risk, University Services Raffaella Di Maio & Mary Oppy

4 Privacy Protection Education & Regulatory Compliance Legal & Risk, University Services Raffaella Di Maio & Mary Oppy Privacy and Data Protection Act 2014 (Vic) Privacy and Data Protection Act 2014 (Vic) All recorded personal information handled by the University, State and local government agencies (other than health related info) Health Records Act 2001 (Vic) Health Records Act 2001 (Vic) All health related personal information held in public and private sectors. Most of the personal info handled by health service

5 What is Personal Information?  Recorded information or opinion whether true or not about an individual whose identity is apparent or can be reasonably ascertained Education & Regulatory Compliance Legal & Risk, University Services Name Signature Telephone Number Email, Home or Work Address Employment Position Voice Recordings, Photographs or Videos Medical Records Academic Records Raffaella Di Maio & Mary Oppy

6 When can I use or Disclose Personal Information? Raffaella Di Maio & Mary Oppy Education & Regulatory Compliance Legal & Risk, University Services As outlined in the collection notice Primary Purpose a related purpose & one the individual would reasonably expect Secondary Purpose

7 What is Sensitive Information?  Recorded information or opinion whether true or not about an individual whose identity is apparent or can be reasonably ascertained that is of a sensitive nature Education & Regulatory Compliance Legal & Risk, University Services Racial or ethnic origin Political opinions Membership of a political association Religious beliefs or affiliations Philosophical beliefs Membership of a professional or trade association Membership of a trade union Sexual preferences or practices Criminal record Raffaella Di Maio & Mary Oppy

8 When can I use or Disclose Sensitive Information? Raffaella Di Maio & Mary Oppy Education & Regulatory Compliance Legal & Risk, University Services Only as outlined in the collection notice Primary Purpose a directly related purpose & one the individual would reasonably expect Secondary Purpose

9 10 Information Privacy Principles Education & Regulatory Compliance Legal & Risk, University Services IPPs 1.Collection 2.Use & Disclosure 3.Data Quality 4.Data Security 5.Openness 6.Access & Correction 7.Unique Identifiers 8.Anonymity 9.Transborder Data Flows 10Sensitive Information Raffaella Di Maio & Mary Oppy

10 Lifecycle of IPPs I. Prior to, or at the time of collection II. While holding information III. When using the information IV. When you no longer need the information Education & Regulatory Compliance Legal & Risk, University Services Raffaella Di Maio & Mary Oppy

11 Prior to, or at the time of, collection  Is collection necessary (IPP 1)?  Do we need to collect sensitive information (IPP 10) and unique identifiers (IPP 7.4)?  Can the University allow individuals to transact anonymously (IPP 8)?  Provide a collection notice of the intended uses and individuals’ rights of access (IPP 1)  Does the University have a policy outlining its information handling practices (IPP 5)? Tools: A Privacy Impact Assessment can be used for new or amendments to existing projects or processes. Education & Regulatory Compliance Legal & Risk, University Services Raffaella Di Maio & Mary Oppy

12 A collection notice must include : Raffaella Di Maio & Mary Oppy Education & Regulatory Compliance Legal & Risk, University Services 1. The identity and contact details of the department/division which is collecting the information. 2. The Primary Purpose for which the information is collected 3. To whom generally (the types of individuals or organisations) the information will be routinely disclosed to. 4. Any Law that requires the particular information to be collected. 5. The main consequences (if any) for the individual if all or part of the information is not provided. 6. The fact that the individual is able to gain access to the Personal Information they have provided. 7. A statement of the University's obligations to protect personal information, and information about the University's Privacy Policy. Item 4 may be omitted if there are no specific Laws that require the collection. Item 5 may be omitted if the consequences of not providing all or part of the information is nil or minimal.

13 Raffaella Di Maio & Mary Oppy Education & Regulatory Compliance Legal & Risk, University Services A Privacy Impact Assessment (PIA) is a way of measuring the privacy impacts on any new or amened project or process. A PIA will assist in identifying ways in which any negative impacts can be mitigated. Note: Privacy impacts can also be positive and enhance privacy protection

14 While holding information:  Ensure the University has security measures in place for the information (IPP 4.1)  Provide mechanisms to enable individuals to access and correct their information. IPP 6 / Freedom of Information Act 1982 (Vic)  Update, amend and supplement the information, as necessary (IPP 3) Education & Regulatory Compliance Legal & Risk, University Services Raffaella Di Maio & Mary Oppy

15 When using the information  Check that the proposed use is permitted under the Privacy and Data Protection Act or otherwise authorised under law, taking extra care with sensitive information (IPP 2)  Ensure that privacy protection travels with information if it is to leave Victoria (IPP 9)  Be careful about assigning, using or disclosing unique identifiers (IPP 7.1-7.3) Education & Regulatory Compliance Legal & Risk, University Services Raffaella Di Maio & Mary Oppy

16 When you no longer need the information  Consider whether, and when, the organisation should destroy or de-identify the information (IPP 4.2)  Do not destroy documents that are required to be retained under other laws Eg Public Records Act 1973 (Vic), Electronic Transactions (Victoria) Act 2000 (Vic), Crimes Act 1958 (Vic) Education & Regulatory Compliance Legal & Risk, University Services Raffaella Di Maio & Mary Oppy Tools: The Records Services team can provide advice on how long records should be retained and how to manage records no longer required. A comprehensive retention and disposal schedule is available at http://www.unimelb.edu.au/records/ http://www.unimelb.edu.au/records/

17 Reporting the breach Preventing future breaches Notifying relevant people Evaluating the risks Containing the breach Head of Department Breaches Education & Regulatory Compliance Legal & Risk, University Services Raffaella Di Maio & Mary Oppy

18 Education & Regulatory Compliance Legal & Risk, University Services http://www.unimelb.edu.au/governance/compliance/privacy

19 Privacy Web site Raffaella Di Maio & Mary Oppy Education & Regulatory Compliance Legal & Risk, University Services

20  Use the PIA for new or amended processes.  Review current collection notices  Ensure all staff complete privacy training. What next? Raffaella Di Maio & Mary Oppy Education & Regulatory Compliance Legal & Risk, University Services

21 Raffaella Di Maio & Mary Oppy Education & Regulatory Compliance Legal & Risk, University Services “Privacy is not secrecy. It is about giving individuals control over how their personal information is handled; creating customer confidence and trust. As such, good privacy practices and great innovation directly support each other.” Office of the Australian Information Commissioner

Download ppt "Understanding Privacy An Overview of our Responsibilities."

Similar presentations

Part 2. QUEENSLAND INTERNATINOAL BUSINESS ACADAMY.

Part 2. QUEENSLAND INTERNATINOAL BUSINESS ACADAMY.
CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.

CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.
Privacy An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Privacy An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
The Australian Privacy Principles Protecting information rights –­ advancing information policy.

The Australian Privacy Principles Protecting information rights –­ advancing information policy.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Volunteers and the Law Riverland Community Legal Service Inc.

Volunteers and the Law Riverland Community Legal Service Inc.
Data Protection Overview

Data Protection Overview
The Data Protection Act

The Data Protection Act
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)

Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.

13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.

Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
Managing Risks Associated With Privacy Alison Baker- Senior Associate Hall & Wilcox 24 November 2006 819234.3.

Managing Risks Associated With Privacy Alison Baker- Senior Associate Hall & Wilcox 24 November
Data Protection STFC Presentation to PPD Senior Staff 26/11/2009 FoI/DP team.

Data Protection STFC Presentation to PPD Senior Staff 26/11/2009 FoI/DP team.

Similar presentations

Ads by Google