tags:: Software Development

topic:: [[Legislation]]

softdev:: Unit 3 Outcome 2

- trust and confidence in a system depends on its ability to ensure that

- data is private and confidential ([[Legislation]])

- data is available and accessible ([[Security Strategies]] and [[Risk Management]] )

- data has its integrity maintained ([[Data Integrity]])

- if any of the above are not handled correctly by an organisation or system there can be substantial impacts and consequences

- is about much more than simple security principles

tags:: Software Development

topic:: [[Legislation]]

softdev:: Unit 4 Outcome 2

- is a Victorian law that protects the privacy of individuals' health information

- regulates the collection and handling of health information by both public and private sector organisations in Victoria

- Health Records Act 2001 key points

- establishes Health Privacy Principles (HPPs) that apply to health information collected and handled in Victoria

- HPPs require organizations to

- only collect health information that is necessary for a lawful purpose

- use and disclose health information only for the purpose for which it was collected, or for a related purpose, without the individual's consent

- take reasonable steps to protect health information from misuse, interference, loss, unauthorised access, modification, or disclosure

- give individuals access to their health information upon request

- correct health information that is inaccurate, out of date, incomplete, irrelevant, or misleading upon request

- individuals have a right to request access to their health information from any organisation that holds it

- organisations must provide individuals with access to their health information within a reasonable time

- must charge no more than a reasonable fee for doing so

- individuals also have a right to request that organisations correct their health information

- organisations must correct health information that is inaccurate, out of date, incomplete, irrelevant, or misleading within a reasonable time and without charge

- requires organisations to obtain consent before sharing health information for research purposes with some exemptions

- research is being conducted by a public health body and is in the public interest

- research is being conducted by a research body and is approved by a Human Research Ethics Committee (HREC)

- health information has been de-identified

- Who is covered by Health Records Act 2001

- applies to

- all public sector organisations in Victoria that collect or handle health information, including hospitals, health services, and government departments

- all private sector organisations in Victoria that collect or handle health information, such as doctors, dentists, and other health professionals

- Penalties

- civil penalties of up to $1 million for organizations and $50,000 for individuals

- criminal penalties of up to two years imprisonment for individuals

- is enforced by the Health Complaints Commissioner (HCC)

- can investigate complaints about breaches of the Act and can take action to enforce the Act, including issuing infringement notices and prosecuting organisations and individuals

tags:: Software Development

topic:: [[Legislation]]

softdev:: Unit 4 Outcome 2

- is the principal piece of legislation governing the handling of personal information in Australia

- covers both the public and private sectors

- applies to organisations with an annual turnover of more than $3 million

- applies to all government organisations

- sets out 13 Australian Privacy Principles (APPs), which regulate the collection, use, disclosure, storage, and security of personal information

- APPs also give individuals rights to access and correct their personal information

- Privacy Act 1988 key points

- must only collect personal information that is necessary for a lawful purpose

- must not use or disclose personal information for a purpose other than the purpose for which it was collected, without the individual's consent

- must take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure

- must give individuals access to their personal information upon request

- must correct personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading upon request

- requires organisations to obtain consent before sharing health information for research purposes with some exemptions

- research is being conducted by an agency of the Commonwealth Government and is in the public interest

- research is being conducted by a research body and is approved by a Human Research Ethics Committee (HREC)

- health information has been de-identified

- *requires organisations to only collect and use personal information for a lawful purpose*

- means that organisations must have a valid reason for sharing non-health information for research purposes

- an organisation might share non-health information for research purposes to improve its products or services, or to contribute to public knowledge

- Who is affected by the Privacy Act 1988

- applies to organisations that

- have an annual turnover of more than $3 million

- collect or handle personal information in relation to their activities in Australia

- Penalties

- civil penalties of up to $2.5 million for organiSations and $500,000 for individuals

- criminal penalties of up to two years imprisonment for individuals

- is enforced by the Office of the Australian Information Commissioner (OAIC)

- can investigate complaints about breaches of the Privacy Act and can take action to enforce the Act, including issuing infringement notices and prosecuting organisations and individuals

tags:: Software Development

topic:: [[Legislation]]

softdev:: Unit 4 Outcome 2

- is a Victorian law that protects the privacy of individuals' personal information

- regulates the collection and handling of personal information by public sector organisations in Victoria

- Privacy and Data Protection Act 2014 key points

- establishes 10 Information Privacy Principles (IPPs) that apply to personal information collected and handled by Victorian public sector organizations

- IPPs require public sector organiations to

- only collect personal information that is necessary for a lawful purpose

- use and disclose personal information only for the purpose for which it was collected, or for a related purpose, without the individual's consent

- take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure

- give individuals access to their personal information upon request

- correct personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading upon request

- individuals have a right to request access to their personal information from any public sector organisation that holds it

- public sector organisations must provide individuals with access to their personal information within a reasonable time

- must charge no more than a reasonable fee for doing so

- individuals also have a right to request that public sector organisations correct their personal information

- public sector organisations must correct personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading within a reasonable time and without charge

- Penalties

- civil penalties of up to $1.7 million for organisations

- criminal penalties of up to two years imprisonment for individuals

- Applies to

- applies to all public sector organisations in Victoria, including

- Government departments

- Local councils

- Public hospitals and health services

- Public schools and universities

- Other government-owned or controlled entities

- is enforced by the Office of the Victorian Information Commissioner (OVIC). The OVIC can investigate complaints about breaches of the Act and can take action to enforce the Act, including issuing infringement notices and prosecuting organizations.

- understanding and implementing strategies and practices that enable [[Data Protection]]