New Privacy laws come into effect in Australia on 22 February 2018. The Notifiable Data Breaches Scheme is as important as it is boring.
Because Privacy is boring right? Well, until yours is affected…
It’s an interesting phenomenon that we all (me included) scoot along in life thinking that our privacy is protected because we live in a first-world country. Well, to some extent, yes we are far better protected than some other countries in the world. However, we’re pretty ignorant of how Privacy works, and some of the weird quirks of our laws.
So let’s make Privacy interesting for a while, and take a look at 9 of the most strange things you never knew about Privacy…
- The Privacy Act (1988) does not apply to all organisations in Australia
It only relates to organisations that fall under certain categories. Some of the main ones are:
- an annual turnover of $3m or more
- organisations who collect Tax file numbers
- credit reporting bodies
- business that purchase or sell private information
- private sector health service providers.
There are a number of other categories too. It can be very confusing what organisations can be held accountable under the Act.
- The Privacy Act (1988) does not apply to individuals who hold your private information
If an individual holds your information and uses it incorrectly, you can’t pursue them through the Privacy Act legislation. Depending on where you live, you have redress through the different State and Territory laws such as local Privacy Laws which you can read about at https://www.oaic.gov.au/privacy-law/other-privacy-jurisdictions or other Legislation which you can read about at https://www.oaic.gov.au/privacy-law/other-legislation/
- Your employer can monitor your activities at work
Your employer pays for the facilities and tools you use at work, including your technology hardware and software. Therefore, they have a right to ensure it is being used appropriately. They are legally allowed to implement appropriate monitoring activities, such as accessing email accounts, and monitoring what times you are at work.
However, there is a limit to the types and level of monitoring. CCTV cameras in a toilet wouldn’t be considered appropriate for example.
- Social media sites ‘own’ the data you post there and may keep it forever
Even if you delete a post or image or deactivate a whole account. Which means they can use it however they want (advertising etc.) without your consent or any payment, and everything you posted is stored somewhere FOREVER. Did I say forever?
There’s a great test on the Australian E-Safety Commissioner’s website to test if you should post a thought or an image on social media. Basically, it’s one question – ‘Would you be happy if your Grandmother saw this’?
- Employee information falls under different laws than customer information
The handling of your personal information by a private sector employer is exempt from the Privacy Act if it is directly related to:
- your current or former employment relationship
- an employee record relating to you.
The big thing to note here is that your employer does not have to provide you access to the private information they hold about you through the Privacy Act, instead it’s through Workplace laws. If you have an issue, or want access to the information your employer holds about you, the best place to start is the Fair Work Ombudsman.
- You may still receive calls from telemarketers even if you are on the Australian Government’s ‘Do not Call’ register
There are some exemptions to organisations making telemarketing calls. They include political parties and unions (I’m very disappointed I can’t opt out of these), charities, education institutions, and non-commercial research companies.
It won’t stop you from getting calls from scammers – because they are law breakers by default!
If telemarketers are not based in Australia, they aren’t bound to abide by our laws, so there’s no getting away from them either unfortunately.
- The Australian Bureau of Statistics has the power to direct you to provide private information
Under the Census and Statistics Act (1905), the ABS has the right to enforce your participation in requests for information. You are legally obliged to participate and may be fined if you continue to refuse.
- Persons convicted of certain crimes do not have to disclose these after a certain period of time
The Commonwealth Spent Convictions Scheme allows for a person to not have to disclose certain less serious criminal convictions after a certain period of time of good behaviour. It can range from 5 years (persons under 18) to 10 years (adult) from the day they were convicted.
The individual has the right not to disclose the offence, even if under oath.
There are exclusions, including Working with Children checks.
Standard practice is to blur all faces and number plates, however if you want further items blurred (my old house was scanned when we had a bunch of old doors sitting out the front while we were renovating – it looked awful!), or your entire address blurred, you may send a request to Google.
But you need to know that when your request is granted, the location will be blurred forever – even if they scan the address again.
And that’s just the tip of the Privacy iceberg! Now that I’ve got your interest, if you do only one thing this month to better protect your privacy, go and do some further reading.
The best source of information about Privacy in Australia is the Office of the Australian Information Commissioner (www.oaic.gov.au). Not only do they know Privacy inside and out, they are very good at breaking it down into understandable, practical actions.
Here’s this month’s challenge – take a pro-active rather than passive approach to your Privacy.