Privacy news

Acknowledgement is made to Minter Ellison Lawyers for information gained through their Privacy Newsletters, and to the Office of the Victorian Privacy Commissioner’s website.

Quote of the month:

Technology today means that small mistakes can result in massive data breaches.

Quote from Helen Versey, Victorian Privacy Commissioner, Privacy Victoria Network eNews November 2011

Is it legal to send our data overseas?

When we change processes to store data with external storage providers it is important to assess the impact of privacy and other key statutes. This includes data that will be stored in the ‘cloud’ because this data is stored somewhere locatable.

A new procedure to aid in this assessment is being developed: Conducting a privacy impact assessment procedure. The draft procedure will shortly be published for public feedback. In the meantime, please contact Kathy Bramwell if you would like to view or discuss the document.

Guidelines on transferring information external to RMIT – whether in Australia, offshore or in the cloud – and what you should be aware of, are being developed and will be available for public feedback and discussion in early 2012.

Privacy Victoria newsletters

Privacy Victoria regularly produce electronic newsletters that can be accessed through the Privacy website, including:

• Privacy Aware Spring 2011 quarterly newsletter
• Privacy Victoria Network eNewsletter November 2011

New Privacy Victoria website aimed at Seniors

The Victorian Privacy Commissioner launched a new resource for Seniors on 16 November. This provides guidance to older Victorians on managing risks and protecting personal information in the digital age.

New, revised guidelines to the Information Privacy Principles published

Edition 3 of the guidelines to the IPPs have been published on 16 November to assist public sector organisations meet their obligations.

Five years have passed since the second edition was published. The updated third edition includes information to assist in interpreting and applying these and similar principles.

New case note relating to privacy in complaints processes

A new case note relating to a complaint managed by Privacy Victoria has been released that is of interest to those of you who manage complaints.

The case note relates to the disclosure to the respondent of personal information relating to the complainant. Disclosure was made of the full complaint documentation, including information on the complainant’s state of mind, emotional response to the incidents [allegation of bullying] and outcomes sought.

The Privacy Commissioner found that the information provided was much more than was necessary to allow the respondent to respond to the complaint about their own alleged behaviour. Disclosure of information in this context should have been kept to the minimum necessary to investigate the matter and should have been edited sufficiently to protect the complainant’s privacy.

It should be noted that the outcome of this complaint was not only an apology, but a required change in complaints management processes and a financial payment in compensation to the complainant. The case note can be accessed at Privacy Victoria website.

Privacy Victoria’s 2010-2011 annual report released

The Office of the Victorian Privacy Commissioner’s 2010-2011 Annual Report was tabled in Parliament in October. The report describes the work of the office during 2010-2011.

Privacy complaints made under the Victorian Information Privacy Act 2000 rose 27%, during which Privacy Victoria received 2,575 enquiries, including 345 that could potentially become a formal complaint. Of those 345 enquiries, 21% (73) were made into complaints after the complainant had unsuccessfully attempted to resolve the matter direct with the organisation. This is the highest number of new complaints receive din a reporting period since the establishment in 2001.

Alleged inappropriate use and disclosure of personal information remains the greatest area of concern, with data security being the second most common.

The Information Privacy Act is ten years old!

1^st September 2011 marked the tenth anniversary of the commencement of the Victorian Information Privacy Act 2000. A lot has changed in the last 10 years in the world of privacy in Victoria – in particular the level of public awareness of their right to privacy and the culture change in organisations like RMIT in doing their best to protect those rights.

Privacy Victoria have a produced an interesting booklet full of reflections on the ‘roller coaster ride’ of the last 10 years. You can access the booklet at the Privacy Victoria website.