|
|
|
The Privacy Act
Monash University controlled entities are required to comply with the Privacy Act 1988 (Cth).
Compliance with the Privacy Act
Private sector amendments to the Privacy Act took effect from the 21st December 2001. With limited exemptions, private sector bodies and Commonwealth government agencies must comply with the legislation.
The Act contains ten National Privacy Principles (NPP's) which are the central part of the laws.
Relevant Definitions
The Information Privacy Act applies to two types of information:
Personal Information: basically means information or opinion, whether recorded in a material form or not and whether true or not, about an identifiable individual. It also includes information from which the identity of the individual can be reasonably ascertained. Examples: name, address, telephone number, title.
Sensitive Information: racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record that is also personal information or health information about an individual.
Health Information: information or opinion about the health or disability (at any time) of an individual, an individual's expressed wishes about future provision of health services to him or her or a health service provided or to be provided to an individual that is also personal information. It also includes other personal information collected to provide a health service (eg name, address) and information about donation of body parts, organs or body substances and genetic information.
Differences between the Privacy Act and the Information Privacy Act
The differences between the Information Privacy Act and the Privacy Act can be summarised as follows. Please note, this is a guide only and should not be relied on as a definitive source in determining obligations under the various privacy laws.
| |
Privacy Act 1988 |
Information Privacy Act 2001 |
| Applies to |
Commonwealth Government Agencies, Private Sector (some exemptions)
Monash Controlled Entities
|
Victorian Government Agencies
Monash University |
| Definition of Personal Information |
‘whether recorded in a material form or not’ |
‘that is recorded in any form’ |
| Direct Marketing |
Assumed secondary purpose, can market providing it is not reasonable to obtain consent from individual and individual can opt out of receiving future marketing material |
Not assumed, must be related to purpose of collection. Individual must opt in eg consent must be obtained prior to marketing to them |
| Staff Records |
Are excluded from the coverage of the act if it is directly related to the employment relationship between a current or former employee. Note: the act applies to prospective employees. |
All staff records are covered by the act. |
| Related Body Corporate |
Personal information (excluding sensitive or health information) can be disclosed to related body corporate (eg Monash University |
This exemption does not apply. To disclose personal, sensitive or health information to the Monash Controlled entities it must fall within the primary or secondary purpose of collection or Monash should obtain consent from the individual. If Monash University wants to disclose information to the controlled entities it is also recommended that Monash and the Controlled Entity enter a contractual agreement to ensure that the privacy protection is guaranteed. |
|
