Elder Law Review
|
|
Home
| Databases
| WorldLII
| Search
| Feedback
Elder Law Review |
|
Sue Field s.field@uws.edu.au
The Privacy Amendment (Private Sector) Act http://www.austlii.edu.au/cgi-bin/disp.pl/au/legis/cth/num_act/pasa2000n1552000373/longtitle.html?query=%22privacy%22%20and%20%22amendment%22%20and%20%22private%22%20and%20%22sector%22#disp0 places another layer of obligation – over the Aged Care Act 1997 (Cth) http://www.austlii.edu.au/cgi-bin/disp.pl/au/legis/cth/num%5fact/aca199757/?query=title+%28+%22aged+care%22+%29 – on health care providers in the aged care sector. The Act emphasises the importance of ensuring that the privacy of vulnerable people (and their families) is protected.
The Act came into effect on 21 December 2001 and extends the effect of the Privacy Act 1988 (Cth) to include the private sector throughout Australia. The purpose of the legislation is to provide individuals with greater control over the manner in which organisations handle information about them.
The Act generally applies to all health service providers (including the not-for-profits) and organisations with an annual turnover in excess of three million dollars. However, there are a number of exemptions and these include:
| § | State/Territory authorities; |
| § | Political parties; |
| § | Practices which relate to the records of employees (either former or current); and |
| § | Practices of media organisations related to journalism. |
If the annual turnover of a business is three million dollars or less the organisation will not be exempt if:
| § | It is connected to a business which does have an annual turnover in excess of three million dollars; |
| § | It is a health service provider; |
| § | Personal information is disclosed for a benefit, service or advantage; |
| § | Another body is provided with a benefit, service or advantage to collect personal information; or |
| § | If it is a service provider pursuant to a commonwealth contract. |
Pursuant to the legislation organisations are now required to comply with ten legally binding National Privacy Principles (NPP’s). These principles – outlined below - relate to how organisations manage personal information.
| § | NPP 1 collection |
| § | NPP 2 use and disclosure |
| § | NPP 3 data quality and collection |
| § | NPP 4 data security |
| § | NPP 5 privacy policies and openness |
| § | NPP 6 access and correction |
| § | NPP 7 Commonwealth government identifiers |
| § | NPP 8 anonymity |
| § | NPP 9 transborder flow of data |
| § | NPP 10 collection of sensitive information. |
National Privacy Principles 4, 5, 7 (some of 6) and 9 apply to information already held by organisations prior to December 21 2001.
Rather than comply with the NPP’s organisations can, if they choose, develop their own Privacy Code. A Code must be at least equivalent to the obligations pursuant to the NPP’s. Members of the public must be given the opportunity to comment on the Privacy Code before it is submitted to the Privacy Commissioner for approval.
If complaint handling procedures are addressed in the Code then provision is be made for the appointment of a code adjudicator who will determine complaints. If the Code does not address complaint-handling procedures then responsibility for resolving complaints remains with the Commissioner.
The Commissioner’s powers are wide ranging and include the following:
| § | Investigation of a complaint made by an individual to the Commissioner; |
| § | Investigation of a complaint referred to the Commissioner by a code adjudicator; |
| § | Investigation of complaints concerning a Federal Government contractor; |
| § | Investigation of a breach of privacy (even without a complaint); |
| § | Seeking a court injunction to prevent conduct that does (or may breach the Act; |
| § | On the request of an individual, review a decision made by a code adjudicator. |
A further requirement of the Act is that all organisations must develop and display a Privacy Policy which sets out the policies that the organ isation has in respect of management of personal information.
Detailed information on the legislation can be obtained from the following website http://www.privacy.gov.au/
AustLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.austlii.edu.au/au/journals/ElderLawRw/2002/4.html