The Privacy and Data Protection Act 2014

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/11

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

12 Terms

1
New cards

IPPs relating to cybersecurity

IPP 1, 2, 4, 5, 9

2
New cards

Federal or state?

state (Victoria only)

3
New cards

main focus?

Personal information (except health) handled by Victorian public sector organisations

4
New cards

amount of privacy principles?

10 Information Privacy Principles (IPPs)

5
New cards

Who does it apply to?

  • Victorian public sector organisations

  • local councils

  • government schools, universities and TAFEs

6
New cards

Define IPP 1

  • Collection

  • An organisation can only collect personal information if it is necessary to fulfil one or more of its functions

  • It must collect information only by lawful and fair means, and not in an unreasonably intrusive way. 

  • It must provide notice of the collection, outlining matters such as the purpose of collection and how individuals can access the information

7
New cards

Define IPP 2

  • Use and disclosure

  • Personal information can only be used and disclosed for:

    • the primary purpose for which it was collected for

    • a secondary purpose that would be reasonably expected

  • It can also be used and disclosed in other limited circumstances:

    • with the individual's consent

    • for a law enforcement purpose

    • to protect the safety of an individual or the public.

8
New cards

Define IPP 4

  • Data security

  • Organisations need to protect the personal information they hold from:

    • misuse

    • loss

    • unauthorised access

    • modification

    • disclosure

  • An organisation must take reasonable steps to destroy personal information when it is no longer needed.

9
New cards

define IPP 5

  • openness

  • Organisations must have clearly expressed policies on the way they manage personal information

  • Individuals can ask to view an organisation's Privacy Policy.

10
New cards

define IPP 7

  • Unique identifiers

  • A unique identifier is an identifier (usually a number) that is used for the purpose of identifying an individual

  • Use of unique identifiers is only allowed where an organisation can demonstrate that the assignment is necessary to carry out its functions efficiently

11
New cards

define IPP 9

  • Transborder data flows

  • If an individual's personal information travels outside Victoria, the privacy protection should travel with it.

  • Organisations can only transfer personal information outside Victoria in certain circumstances if:

    • the individual consents

    • the recipient of the personal information is subject to a law or binding scheme that is substantially similar to the Victorian IPPs.

12
New cards

define IPP 10 and give examples of what it is applicable to

  • sensitive information

  • examples:

    • racial or ethnic origin

    • political opinions or membership of political associations

    • religious or philosophical beliefs

    • membership of professional or trade associations or trade unions

    • sexual preferences or practices

    • criminal record

  • special restrictions on the collection of sensitive information