TEN NATIONAL PRIVACY PRINCIPLES
|
| Principle 1. |
|
Collection of Personal Information Must be Fair, Lawful and NOT Intrusive.
A person MUST be told: |
| |
a.) |
The Organisations Name. |
| |
b.) |
The purpose of the Collection. |
| |
c.) |
That they have access to the information. |
| |
d.) |
What happens if they DON'T give the information. |
| Principle 2. |
Use and Disclosure An organisation can ONLY use or disclose the information for the purpose
IT WAS COLLECTED. UNLESS the person consented, OR the secondary purpose would reasonably be expected. (Some exclusions do apply to
specified direct marketing, health and police matter. |
| Principle 3. |
Data Quality An organisation MUST take reasonable steps to ensure that the personal
information it collects is: ACCURATE, COMPLETE & UP TO DATE. |
| Principle 4. |
Data Security An organisation must take reasonable steps to protect the personal
information from loss or misuse, unauthorised access etc. |
| Principle 5. |
Openness An organisation MUST have a policy document outlining its information handling
practice and make this available to ANYONE that asks. |
| Principle 6. |
Access and Correction As a general rule an organisation MUST give an individual access
to their information upon request. |
| Principle 7. |
Identifiers As a general rule, organisations CANNOT use identifiers issued by a Federal
Government Department. i.e. : Passport / Medicare etc as the PRIMARY identifier. |
| Principle 8. |
Anonymity Organisations MUST give people the option to interact with it anonymously
whenever it is lawful and practicable to do so |
| Principle 9. |
Transborder Data Flow An organisation can only send data to a foreign country where
they have appropriate protection. |
| Principle 10. |
Sensitive information An organisation cannot collect SENSITIVE information unless
the individual has consented OR it is required by law. (Sensitive information has a specific description and relates to
colour, religion etc). |
