Privacy

Question 1

What are the main aims of the privacy act 1993 No 28(NZ)?

Answer 1

1- Give people control over their personal information
2- Allow people to access personal information about themselves
3- Limit the way agencies can deal with personal information
4- Ensure agencies hold personal information in a secure manner

Prompt- GALE

Question 2

What does the privacy act regulate?

Answer 2

The privacy act regulates how agencies may deal with personal information.

Question 3

Define agencies?

Answer 3

Agencies are very broadly defined and include- Any person or body of persons, whether corporate or not corporate, and whether in the public sector or the private sector. So every person and company is treated as an agency and is required to follow the privacy rules.

Question 4

What are individuals, whose information you have collected, entitled to?

Answer 4

The individuals you are collecting information from are entitled to presume that you will only use the information for the purpose for which it was collected. They are also entitled to presume that you store and disclose the information appropriately.

Question 5

How does the privacy act 1993 work?

Answer 5

The privacy act provides a set of baseline standards for privacy protection called the information privacy principles. Each agency is required to have a privacy officer, who is responsible for ensuring the agency complies with the act and for receiving and investigating privacy complaints about the agency.

Question 6

What is the process a person should follow who believes that their privacy has been breached?

Answer 6

A person who believes that their privacy has been breached may complain to the privacy commissioner, who will investigate and attempt to resolve the complaint.

Question 7

What is the privacy commission and what do they do?

Answer 7

The office of the privacy commissioner is an independent crown entity established within the terms of the act for the protection of personal information.

Question 8

What type of information is covered by the privacy act 1993?

Answer 8

The act covers personal information, which is defined as information about an identifiable individual.

Question 9

What is the key to determining what is personal information?

Answer 9

The key is that it must be information that identifies a particular person. It can be information such as a persons name, job title or position which will often identify a person.

Question 10

What is a common exception to the use of personal information?

Answer 10

Publicly available information, is information that can be collected and used without breaching the information privacy principles, although there are some restrictions. For the exception in regards to public information to apply, the information must have been obtained from a public source.

Question 11

What are the 12x information privacy principles?

Answer 11

1- Purpose of collection of personal information
2- Source of personal information
3- Collection of information from subject
4- Manner of collection of personal information
5- Storage and security of personal information
6- Access to personal information
7- Correction of personal information
8- Accuracy etc of personal information to be checked before use
9- Agency not to keep personal information for longer than necessary
10- Limits on use of personal information
11- Limits on disclosure of personal information
12- Unique identifier(numbers etc)

Question 12

What categories do the 12x information privacy principles fall into?

Answer 12

1- Collection of personal information
2- Storage and security of personal information
3- Use and disclosure of personal information
4- Access to and correction of personal information
5- Assigning identifiers (numbers etc)

Prompt- ACUSA

Question 13

Discuss the collection of personal information?

Answer 13

Personal information may be collected only for a lawful and necessary purpose. Agencies must not collect information by unlawful means or means that are unfair or that intrude to an unreasonable extent upon the personal affairs of the individual concerned. Personal information must generally be collected directly from the individual concerned.

Question 14

Who can personal information be collected from?

Answer 14

Personal information must be collected directly from the individual concerned unless an exception applies.

Question 15

Where an agency collects personal information directly from an individual, it must take reasonable steps to ensure that the individual is aware of the-

Answer 15

1- Fact that the information is being collected
2- Purpose for collection of the information
3- Intended recipients of the information
4- Name and address of the collective and holder of the information
5- Statutory authority (if any) for the collection
6- Consequences of refusing to provide information and whether its provision is voluntary or mandatory
7- Individuals right of access and right to request correction of that information

Prompt- FINPICS

Question 16

Discuss storage and security of personal information?

Answer 16

An agency holding personal information must ensure that information is reasonably protected against loss, unauthorised access, use, modifications or disclosure, and misuse. Personal information must not be kept for any longer than is required.

Question 17

Discuss use and disclosure of personal information with regard to the privacy act?

Answer 17

Personal information collected from an individual may only be used for the purpose for which it was collected. Where an agency collects and holds information, it must not use it without taking reasonable steps to ensure that the information is accurate, up-to-date, relevant and not misleading.

Question 18

Discuss access to personal information with regard to the privacy act?

Answer 18

Individuals are entitled to access personal information held about them. Where an agency holds personal information, the individual concerned is entitled to request that the information be corrected. If the agency decides not to make the correction requested because the agency believes that the existing information is correct, the statement of the corrections sought, but not made must be attached to the individuals information and held with it.

Question 19

Discuss ‘assigning unique identifiers’ with regard to the privacy act 1993?

Answer 19

Generally speaking, an agency must not use an identifier that has been used by another agency to identify an individual.

Question 20

Name 5x exceptions to the information privacy principles?

Answer 20

1- Information obtained from a publicly available source

2- Where the use or disclosure has been authorised by the individual concerned

3- When non-compliance is necessary for the maintenance of law

4- Where the personal information will not be used in a way that allows a particular individual to be identified

5- Where the use or disclosure is one of the purposes for which the information was obtained or is directly related to those purposes. This covers situations where the information is used or disclosed for a purpose other than the obvious or main purpose for which it was obtained, but that purpose is closely related to the original purpose.

Question 21

What type of client information do you need to be extremely careful with, to ensure it is kept private?

Answer 21

1- Financial circumstances
2- Medical history
3- Previous insurance experience
4- Identification information such as name, telephone number, postal and email addresses

Question 22

Discuss principle 1?

Answer 22

Purpose of collection of information- Requires that information is collected for a lawful and necessary purpose.

Question 23

Discuss principal 2?

Answer 23

Source of personal information- Principal 2 requires agencies to collect information directly from the individual concerned (authority could be required to collect information from third parties).

Question 24

Discuss principle 3?

Answer 24

Individuals must reasonably understand:

1-The fact that information is being collected
2-The purpose of collection
3-Intended recipients of information
4-The name and address of the Information collector and holder
5- Any statutory authority for information collection
6- The consequences of refusal to provide information and whether collection is voluntary or mandatory
7- Individuals rights of access and right to request correction of information

Question 25

Discuss principle 4?

Answer 25

Manner of collection- Principal 4 provides that agencies should insure that the information collected is necessary and not collected by unlawful means or means in which the circumstances are unfair or intrude to an unreasonable extent into the personal affairs of the individual.

Question 26

Discuss principle 5?

Answer 26

Storage and security of personal information- Principal 5 requires an agency holding personal information to ensure there is reasonable protection against:

1- Loss
2- Unauthorised- access, use, modifications or disclosure
3- Misuse

Question 27

Discuss principle 6?

Answer 27

Access- An individual is entitled access to personal information as long as it can be readily retrieved. This principle applies to information collected before and after the commencement of the act.

The individual may:

1- Obtain confirmation if any personal information is held
2- Have access to the information
3- Be advised of the individuals right to request correction to personal information held

Question 28

Discuss principal 7?

Answer 28

Correction of personal information- When an agency holds personal information, the individual concerned can:

1- Request correction of the information
2- Requested that there be attached to the information, a statement of a correction sought but not made

Question 29

Discuss principle 8?

Answer 29

Accuracy to be checked before use- An agency shall not use information collected or held without reasonably ensuring the information is up to date, complete, relevant and not misleading.

Question 30

Discuss principle 9?

Answer 30

Personal information shall not be kept for longer than necessary- Keeping information longer than necessary is only a permissible use if authorised by the individual.

Question 31

Discuss principal 10?

Answer 31

Limits on use of personal information- An agency may not use personal information obtained for one purpose for any other purpose without the authorisation of the individual. There are further limits and exceptions under this principle.

Question 32

Discuss principle 11?

Answer 32

Limits on disclosure- An agency may not disclose personal information to any person, body or agency without authorisation of the individual. There are further limits and exceptions under this principle.

Question 33

Discuss principle 12?

Answer 33

Unique identifiers- A unique identifier shall not be assigned to an individual except where this is necessary to enable the agency to carry out its functions efficiently.

Question 34

Is it possible for organisations or industries to develop their own privacy codes?

Answer 34

Yes. However the privacy commissioner must approve the code. Once approved, the code replaces the information privacy principles for those organisations or industries.

Question 35

What is the complaints process with regard to a breach of the information privacy principles under the privacy act 1993?

Answer 35

If an individual is unsatisfied with an agency, a complaint can be made to the privacy commissioner. The commissioner may investigate any such action, and if there has been an interference of privacy then they may also act as a mediator to try and achieve a settlement.

Question 36

What is the process, if the privacy commissioner cannot negotiate a settlement between the parties with regard to a breach of the information privacy principles of the privacy act 1993?

Answer 36

If settlement is not possible, the commissioner may refer the matter to the proceedings commissioner of the human rights commission. The proceedings commissioner can then bring a civil case before the Human Rights Review Tribunal. The tribunal has powers to grant enforcement orders and award damages and compensation.