Questions:
1.Do research on privacy and data protection law for Victoria Australia and answer following questions.
1.1. What is “sensitive information”?
1.2. List and describe 10 information privacy principles briefly.
1.3. When a privacy breach occurs?
2.Read following scenarios carefully and answer if it violates any of the information privacy principles.
2.1. Unauthorised reading of a client’s medical file or an employee file
2.2. Accessing information on family, friends or co-workers
2.3. Responding to emails directed to others without their permission or revealing to the recipient information without clarifying that you were the actual sender 2.4. Using unauthorised shared passwords.
2.5. Being away from your desk while you are logged into a secure system
2.6. Allowing a co-worker to use a secure system for which he/she does not have access after you have logged in
Answers:
Answer 1:
1.1 The sensitive information includes the discussion about the racial and the ethical origin, with the political issues, religious beliefs and the other preferences of the sexual standards. This works over the membership of groups or the criminal records where the law puts the special restrictions based on the information collection.
1.2 a. Collection: The Government organisation works over the collection of the personal information with fulfilment of the function.
- Use and Disclosure: This works over the use and the disclosure of the primary standards with the collection till the secondary purpose set till the consent is requested upon.
- Data Quality: The organisation works over the personal information accuracy with the completeness and the up to-date information (Gentry et al., 2005).
- Data Security: The personal information works over the protection from the misuse, loss and the unauthorised access.
- Openness: The organisation work over the policies with the management of the personal information.
- Access and Correction: This works over dealing with the forms where the information is handled under the Victorian Freedom of Information Act.
- Unique Identifiers: This is important for the facilitation of matching the data. The use of the unique identifiers includes along of the certain conditions.
- Anonymity: The lawful and the options are set with transactions without identification of oneself (Ostrovsky et al., 2007).
- Trans border data: This work over accessing the personal information to travel out of Victor with privacy protection.
- Sensitive Information: This includes the racial and the ethical original with the political views, religious beliefs and the other membership of groups. The law includes the special restrictions with easy collection of information (Oiac.gov.au, 2017).
1.3 The breach of Information Privacy Principles works over the attempt to resolve the matter and then contacting the Privacy Officer or writing over the explanation of the situations and how it needs to be resolved. If one is not satisfied, there is a need to complain to the Commissioner for Privacy and the Data Protection. The Commissioner will make the efforts to conciliate with the complaints where the conciliation is not reasonable but failing, complaining to work on the Victorian Civil and Administrative Tribunal.
Answer 2:
2.1 The access of information which is not required for the job along with the breach of the confidential information which includes the information relating to the patients, clients and the residents. The data security is breached according to Privacy Act 1988 (Privacy Act) is an Australian law. The sharing, copying and working over the change of information without any proper authorisation to the medical records is also unethical as this can lead to the breach of privacy. With this, the focus is on the handling of the wrongdoings for which the action for the damages are brought into considered with the personal information stolen with the faulty business procedures (Vossen, 1997).
2.2 The breach is mainly of the collection of the information that does not concern you and the data breach without permission. It is important to focus on the fact that the individual should not collect the personal information with the consequences for the individual if the part of the information is not provided according to Privacy Act 1988 (Privacy Act) is an Australian law. With this, there is a need to list the different serious threats to the life or health of individual or the other individuals. The Biometric is effective for the protection of information with unique identifiers.
2.3 The anonymity where the person tends to send the email to the individual with entering the transactions that are not identified. With this, there are issues of impact on the sensitive information with inability to communicate to the collection according to Privacy Act 1988 (Privacy Act) is an Australian law. Here, there is a need to focus on establishing, exercising and defending over the legal or the equitable claims. The collection for the research includes the purpose of providing the proper check over the access and the correction where the email is sent to the third person from any other email id.
2.4 The issue is also related to the breach of the data security. It is important to secure the area, files and the other portable equipment. It works on the encryption, extra physical security and the portable devices which works with the encryption that have the strict physical security. There is a need to minimise the amount of sensitive data with stored reduced risks which is mainly the case of theft. One can always handle the transmits of the restricted data security which includes the transmissions from the client and server.
2.5 The information privacy policy includes the collection of information, data security and the access to the anonymous servers. There is a possibility that there is an easy identification of the public sector organisations to collect the information about the individuals and then the information could be stolen after logging into the system. the personal information is only collected in Australia under s 5B(3)(c). It includes the details of the information related to the individual, entities and the other available publications. Here, there is a complete security breach as well from the unauthorised access, modification and the disclosure that includes the destruction at the different steps with the de-identification of the personal information when there is no longer purpose needed as required. It also includes the individual entering the system and stealing the data for not identifying and setting the form for easy handling of the sensitive information.
2.6 This does not breach the privacy policy as the access is given by the owner but there is an issue of lack of the sensitive information which needs to be handled. (Korfhage, 2008). It is important to focus on the consents to the collection where the person has been authorised to work over the communication with proper establishment, exercising or defending a legal claim. It also includes the breach of openness where the policies are related to the management of the personal information which holds the public sector organisation with holding the kind of personal information. It also includes the collection, holding, and then making use of the information as well.
References
Gentry, C. and Ramzan, Z., 2005, July. Single-Database Private Information Retrieval with Constant Communication Rate. In ICALP (Vol. 3580, pp. 803-815).
Korfhage, R.R., 2008. Information storage and retrieval.
Oaic.gov.au. (2017). Information Privacy Principles| Office of the Australian Information Commissioner - OAIC. [online] Available at: https://www.oaic.gov.au/privacy-law/privacy-archive/privacy-resources-archive/information-privacy-principles.
Oaic.gov.au. (2017). Privacy law| Office of the Australian Information Commissioner - OAIC. [online] Available at: https://www.oaic.gov.au/privacy-law/.
Alrc.gov.au. (2017). Sensitive information | ALRC. [online] Available at: https://www.alrc.gov.au/publications/6.%20The%20Privacy%20Act%3A%20Some%20Important%20Definitions/sensitive-information.
Oaic.gov.au. (2017). Chapter B: Key concepts| Office of the Australian Information Commissioner - OAIC. [online] Available at: https://www.oaic.gov.au/agencies-and-organisations/app-guidelines/chapter-b-key-concepts.
Ostrovsky, R. and Skeith, W., 2007. A survey of single-database private information retrieval: Techniques and applications. Public Key Cryptography–PKC 2007, pp.393-411.
Vossen, P.J.T.M., 1997. EuroWordNet: a multilingual database for information retrieval.