[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Computerbank] [Fwd: Re: [CAI-committee] Draft CAI Privacy Statement]
Hey all,
FYI...since this thread has leaked out onto "computerbank"
Cheers,
Kylie
--
Kylie Davies
Victorian Branch Co-ordinator
Computerbank Australia Inc
Victorian State Branch
Tel: (03) 9600 9161
Email: kylied@projectx.com.au
*****************************************************************
This email and any attachments may be confidential and
the subject of legal professional privilege. Any disclosure,
use, storage or copying of this email without the consent
of the sender is strictly prohibited.
Please notify the sender immediately if you are not the
intended Recipient and then delete the email from your
inbox and do not disclose the contents to another
person, use, copy or store the information in any medium.
******************************************************************
--- Begin Message ---
HI there Cromwell and all,
I've read through the National Privacy Principles but their "mock-up copy of
the Privacy Ammendment (Private Sector) Act 2000" link was unsupported so i
could not read section 6 of this. Most of it seemed to make sense, although
there may be a few stumbling blocks, especially where language issues exist.
For instance, i forsee difficulty in satisfying point 1.5 in the context of
point 1.3.c, i.e. ensuring that we have fullfilled our duty in conveying
through an intermediary the purposes for which we collect a recipient's
private information. Also, to satisfy point 2.1.b, it may be a good idea to
include on our volunteer and member forms a question to the effect "Do you
give your consent to give your private details to other volunteers and/or
members?" We might also need to include in our privacy "waiver" (probably
the wrong term and all due apologies to the legally ruffled :) something to
cover us for 2.1.c, that is disclosing for any secondary purposes. Has
anyone ever heard of point 8 (Anonymity) put to the test? And point 10, do
we have a working definition of exactly what constitutes sensitive
information?
"Sensitive personal information may include information about a persons:
medical history, relationships, sexual preferences, personal finances,
political loyalty, religious of philosophical beliefs" Quote from
Guidelines to the Information Privacy Principles (October 1994) found at
http://www.privacy.gov.au/act/guidelines/index.html#3.4 in the
document that contains 1-3. It is on page 27-28 of the PDF doc.
In this regard, ethinicity, country of birth is not "sensitive
information". Don is absolutely correct, we collect this info as a way
to determine if any langauage difficulties may present. We asked country
of birth rather then are you from a NESB (non english speaking
background) as it seemed a lot simpler at the time. In light of Don's
suggestions - it might be wise to consider changing the question. This
question only appears on our application forms
"Reasonable steps" gets thown about a bit in the document and sounds a very
scary phrase indeed, like the sort of thing that gets defined by a judge
minutes before you get sued for every penny you possess. Is there any scale
of "reasonable steps" for every occasion out there on a statute somewhere?
I suggest that people take some time to surf the Internet to look for
examples of other organisations Privacy Statements. For eg,some of the
NPP's dont apply to all organisations (re unique identifiers) so when
addressing NPP's in a Policy - all you need to say there re Unique
Indentifiers, is that you dont use them.
Of the ones I have looked at - they all ranged in what they covered.
Some of them were 6 pages long - while others were 1-2 pages long.
I have been able to read neither the privacy_statement.html nor
privacy_policy.html documents, those links don't appear to be supported
either, the now.
They are not there...i thought i mentioned that in the original email. I
wanted to bring this up first, have you look at the statement - give me
feedback - so i can proceed with the policy that addresses all the
NPP's. 10 Statements. :)
Also there is no "request for information" form...yet.
Even if i had been able to, i've had no legal training
equal to this situation and i suspect that many of us would be incompetant to
judge what the relationship (in a legal sense) twixt these documents and the
ammended Privacy Act 2000 is. Would it be worth bringing in someone more
legally qualified for comment?
I really think it unnecessary at this point.
Regarding changes to the Privacy Statement, i commend to our consideration an
addition to the effect that as well as posting changes to the relevant
website, that we will also alert those that need to know that changes have
occurred, so they may appraise themselves of any new responsibilities in
timely fashion.
And at an organisational level - if the Statement or the policy changed
the lists would be emailed.
Another possibility to consider is that the role of Privacy Officer have an
associated CAI officer who automatically assumes this position's duties in
the stead, for whatever reason, of the incumbent's incapacity and who should
be informed whenever (if ever) this occurs.
As the issues will happen at the level of the State Branch collecting
the persnal info of vols, members, donors and recips - it would be
administratively astute to tie this to branch folk.
When it comes down to it - the Privacy Officer role can be delegated
internally. I dont think it will be much of a role.
Working in Victoria i heard discussion of requirements to destroy private
information when it was no longer appropriate to hold it. Is anybody aware
of what, if any, requirements need be met in this regard?
Hmmm we have not settled on this, nor really discussed it, but the
mountain of paper that gets stored in the filing cabinet is a bit of a
worry. Recip records,once entered into a database a foolproof fashion,
can and probably should be destroyed in the correct manner (shred beyond
recognition).
WFD records have to be kept for 5 years (i think) as per the WFD contract.
That was a long haul, sorry but i have no idea when it comes to legal
matters, per hap all this was unneccessary but better safe than sorry.
It is a tricky area, and one that we should get right. :) While i did
say that there is no need for 2 sets of rules when it comes to privacy
as it would be simpler...I think it makes professional sense to be
guided by them.
Cheers,
Kylie
--
Kylie Davies
Victorian Branch Co-ordinator
Computerbank Australia Inc
Victorian State Branch
Tel: (03) 9600 9161
Email: kylied@projectx.com.au
*****************************************************************
This email and any attachments may be confidential and
the subject of legal professional privilege. Any disclosure,
use, storage or copying of this email without the consent
of the sender is strictly prohibited.
Please notify the sender immediately if you are not the
intended Recipient and then delete the email from your
inbox and do not disclose the contents to another
person, use, copy or store the information in any medium.
******************************************************************
_______________________________________________
cai-committee mailing list
cai-committee@lists.linux.org.au
http://lists.linux.org.au/listinfo/cai-committee
--- End Message ---