and transparent manner. policy and/or procedure that contains the following information: · How the organisation or practice information. holds, uses and discloses that information. as held by the organisation or practice, and seek the correction of that information if necessary. organisation or practice will deal with such a complaint. information to overseas recipients and, if so, if it is practicable to specify the countries in which those recipients are likely to be located. systems that will ensure compliance with the APPs. pseudonymity Under APP 2, an organisation must now provide individuals with the option of using a pseudonym. This obligation is in addition to the existing requirement that individuals may deal with an organisation anonymously. personal information Under APP 3, an organisation must than sensitive information), unless the information is reasonably necessary for one or more of the organisation's functions or activities. with an individual's consent, and if the collection is reasonably necessary for one or more of the organisation's functions or activities. individual, unless it is unreasonable or impracticable to do so. personal information Under APP 4 there now obligations with respect to the receipt of personal information not solicited. Where an organisation receives unsolicited personal information, it must determine whether it would have been permitted to collect the information under APP 3. If so, APPs 5 to 13 will apply to that information. the information is not contained in a Commonwealth record, the organisation must destroy or de- identify that information as soon as practicable, if it is lawful and reasonable to do so. collection of personal information APP 5 specifies certain matters about which an organisation must generally make an individual aware, with respect to the collection of his or her personal information. individuals about the access, correction privacy policies, and also the location of any likely overseas recipients of an individual's information. personal information APP 6 outlines the circumstances in which an organisation may use or disclose the personal information it holds about an individual. requirement that an organisation may only use or disclose personal information for the purpose for which the information was collected. necessary to assist in locating a missing person; to lessen or prevent a serious threat to the life, health or safety of an individual or to public health or safety; to establish, exercise or defend a legal or equitable claim; or for the purpose of a confidential alternative dispute resolution process. Organisations generally may only use or disclose personal information for a direct-marketing purpose where the individual has either consented to their personal information being used for that purpose, or has a reasonable expectation that their personal information will be used for that purpose. APP 8, and associated provisions, creates new accountability for organisations with respect to any cross-border disclosure of personal information, and provides the framework for the most contentious of the reforms. |