What is data privacy? It’s the protection of your personal data so that it is used only for the purpose that it was supplied, and only by the people authorised at the time you gave your personal details.
Why is this important to organisations? Because, an organisation has a legal responsiblility to protect your data and make the use of it only for those purposes that were stated at the time of the collection. Organisations also have a legal duty to take measures to protect your data held in computer systems, protect those computer systems properly, and not to sell your data or in any way make your data available to other people or organisations.
There are new rules for the protection of data and these are being highlighted by the Office of the Privacy Commission during the forthcoming Privacy Awareness Week running from 3rd-9th May this year.
The Privacy Act has twelve information privacy principles. For the full text of each, click on its number. As a brief guide, though:
Principle 1, Principle 2, Principle 3 and Principle 4 govern the collection of personal information. This includes the reasons why personal information may be collected, where it may be collected from, and how it is collected.
Principle 5 governs the way personal information is stored. It is designed to protect personal information from unauthorised use or disclosure.
Principle 6 gives individuals the right to access information about themselves.
Principle 7 gives individuals the right to correct information about themselves.
Principle 8 and Principle 9, Principle 10 and Principle 11 place restrictions on how people and organisations can use or disclose personal information. These include ensuring information is accurate and up-to-date, and that it isn’t improperly disclosed.
Principle 12 governs how “unique identifiers” – such as IRD numbers, bank client numbers, driver’s licence and passport numbers – can be used.
For more information view the Information Privacy Principles Fact Sheet
Submitted by Jennifer