mutable-learning · gflaz · Nov 6, 2023 · Nov 6, 2023 · Nov 6, 2023 · Nov 6, 2023
diff --git a/pages/Copyright Act 1968.md b/pages/Copyright Act 1968.md
@@ -0,0 +1,37 @@
+tags:: Software Development
+topic:: [[Legislation]]
+softdev:: Unit 4 Outcome 2
+
+-
+- provides protection for original literary, dramatic, musical and artistic works, and subject matter other than works.
+- protection is automatic and arises as soon as a work is created
+	- no need to register copyright
+- protects the expression of ideas, not the ideas themselves
+- protection lasts for the life of the author plus 70 years
+- owners have the exclusive right to reproduce, publish, communicate, and adapt their works
+- are a number of exceptions to copyright infringement, such as fair dealing and statutory licences
+- Copyright Act 1968 applies to
+	- anyone who creates, uses, or distributes copyrighted material
+	- includes authors, artists, musicians, publishers, broadcasters, and consumers
+- How Copyright works
+	- the act gives copyright owners the exclusive right to reproduce, publish, communicate, and adapt their works
+		- copyright owners can control how their works are used and distributed, including securing these
+	- owners can grant permission to others to use their works in certain ways, such as by granting a licence
+		- a license can be applied to software that allows/disallows specific activity
+			- this license is chosen by the copyright holder
+	- if someone uses a copyrighted work without permission from the copyright owner, they may be infringing copyright
+- Penalties
+	- infringement can be a civil or criminal offence
+	- civil penalties include damages, injunctions, and account of profits
+	- criminal penalties include fines and imprisonment
+- Copyright infringement
+	- copying a book and selling it without permission
+	- uploading a song to the internet without permission
+	- streaming a movie without a license
+	- using a copyrighted image on a website without permission
+- Fair dealing
+	- is an exception to copyright infringement
+	- allows people to use copyrighted material for certain purposes, such as research, study, criticism, or review, without permission from the copyright owner
+- Statutory licences
+	- are another exception to copyright infringement
+	- allow people to use copyrighted material for certain purposes, such as educational or broadcasting purposes, without permission from the copyright owner
diff --git a/pages/Data Protection.md b/pages/Data Protection.md
@@ -0,0 +1,11 @@
+tags:: Software Development
+topic:: [[Legislation]]
+softdev:: Unit 3 Outcome 2
+
+-
+- trust and confidence in a system depends on its ability to ensure that
+	- data is private and confidential ([[Legislation]])
+	- data is available and accessible ([[Security Strategies]] and [[Risk Management]] )
+	- data has its integrity maintained ([[Data Integrity]])
+- if any of the above are not handled correctly by an organisation or system there can be substantial impacts and consequences
+- is about much more than simple security principles
diff --git a/pages/Health Records Act 2001.md b/pages/Health Records Act 2001.md
@@ -0,0 +1,33 @@
+tags:: Software Development
+topic:: [[Legislation]]
+softdev:: Unit 4 Outcome 2
+
+-
+- is a Victorian law that protects the privacy of individuals' health information
+- regulates the collection and handling of health information by both public and private sector organisations in Victoria
+- Health Records Act 2001 key points
+	- establishes Health Privacy Principles (HPPs) that apply to health information collected and handled in Victoria
+	- HPPs require organizations to
+		- only collect health information that is necessary for a lawful purpose
+			- use and disclose health information only for the purpose for which it was collected, or for a related purpose, without the individual's consent
+			- take reasonable steps to protect health information from misuse, interference, loss, unauthorised access, modification, or disclosure
+			- give individuals access to their health information upon request
+			- correct health information that is inaccurate, out of date, incomplete, irrelevant, or misleading upon request
+	- individuals have a right to request access to their health information from any organisation that holds it
+		- organisations must provide individuals with access to their health information within a reasonable time
+			- must charge no more than a reasonable fee for doing so
+	- individuals also have a right to request that organisations correct their health information
+		- organisations must correct health information that is inaccurate, out of date, incomplete, irrelevant, or misleading within a reasonable time and without charge
+- requires organisations to obtain consent before sharing health information for research purposes with some exemptions
+	- research is being conducted by a public health body and is in the public interest
+	- research is being conducted by a research body and is approved by a Human Research Ethics Committee (HREC)
+	- health information has been de-identified
+- Who is covered by Health Records Act 2001
+	- applies to
+		- all public sector organisations in Victoria that collect or handle health information, including hospitals, health services, and government departments
+		- all private sector organisations in Victoria that collect or handle health information, such as doctors, dentists, and other health professionals
+- Penalties
+	- civil penalties of up to $1 million for organizations and $50,000 for individuals
+	- criminal penalties of up to two years imprisonment for individuals
+- is enforced by the Health Complaints Commissioner (HCC)
+	- can investigate complaints about breaches of the Act and can take action to enforce the Act, including issuing infringement notices and prosecuting organisations and individuals
diff --git a/pages/Privacy Act 1988.md b/pages/Privacy Act 1988.md
@@ -0,0 +1,33 @@
+tags:: Software Development
+topic:: [[Legislation]]
+softdev:: Unit 4 Outcome 2
+
+-
+- is the principal piece of legislation governing the handling of personal information in Australia
+- covers both the public and private sectors
+	- applies to organisations with an annual turnover of more than $3 million
+	- applies to all government organisations
+- sets out 13 Australian Privacy Principles (APPs), which regulate the collection, use, disclosure, storage, and security of personal information
+	- APPs also give individuals rights to access and correct their personal information
+- Privacy Act 1988 key points
+	- must only collect personal information that is necessary for a lawful purpose
+	- must not use or disclose personal information for a purpose other than the purpose for which it was collected, without the individual's consent
+	- must take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure
+	- must give individuals access to their personal information upon request
+	- must correct personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading upon request
+- requires organisations to obtain consent before sharing health information for research purposes with some exemptions
+	- research is being conducted by an agency of the Commonwealth Government and is in the public interest
+	- research is being conducted by a research body and is approved by a Human Research Ethics Committee (HREC)
+	- health information has been de-identified
+- *requires organisations to only collect and use personal information for a lawful purpose*
+	- means that organisations must have a valid reason for sharing non-health information for research purposes
+		- an organisation might share non-health information for research purposes to improve its products or services, or to contribute to public knowledge
+- Who is affected by the Privacy Act 1988
+	- applies to organisations that
+		- have an annual turnover of more than $3 million
+		- collect or handle personal information in relation to their activities in Australia
+- Penalties
+	- civil penalties of up to $2.5 million for organiSations and $500,000 for individuals
+	- criminal penalties of up to two years imprisonment for individuals
+- is enforced by the Office of the Australian Information Commissioner (OAIC)
+	- can investigate complaints about breaches of the Privacy Act and can take action to enforce the Act, including issuing infringement notices and prosecuting organisations and individuals
diff --git a/pages/Privacy and Data Protection Act 2014.md b/pages/Privacy and Data Protection Act 2014.md
@@ -0,0 +1,31 @@
+tags:: Software Development
+topic:: [[Legislation]]
+softdev:: Unit 4 Outcome 2
+
+-
+- is a Victorian law that protects the privacy of individuals' personal information
+- regulates the collection and handling of personal information by public sector organisations in Victoria
+- Privacy and Data Protection Act 2014 key points
+	- establishes 10 Information Privacy Principles (IPPs) that apply to personal information collected and handled by Victorian public sector organizations
+	- IPPs require public sector organiations to
+		- only collect personal information that is necessary for a lawful purpose
+		- use and disclose personal information only for the purpose for which it was collected, or for a related purpose, without the individual's consent
+		- take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure
+		- give individuals access to their personal information upon request
+		- correct personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading upon request
+	- individuals have a right to request access to their personal information from any public sector organisation that holds it
+	- public sector organisations must provide individuals with access to their personal information within a reasonable time
+		- must charge no more than a reasonable fee for doing so
+	- individuals also have a right to request that public sector organisations correct their personal information
+		- public sector organisations must correct personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading within a reasonable time and without charge
+- Penalties
+	- civil penalties of up to $1.7 million for organisations
+	- criminal penalties of up to two years imprisonment for individuals
+- Applies to
+	- applies to all public sector organisations in Victoria, including
+		- Government departments
+		- Local councils
+		- Public hospitals and health services
+		- Public schools and universities
+		- Other government-owned or controlled entities
+- is enforced by the Office of the Victorian Information Commissioner (OVIC). The OVIC can investigate complaints about breaches of the Act and can take action to enforce the Act, including issuing infringement notices and prosecuting organizations.
diff --git a/pages/Security Strategies.md b/pages/Security Strategies.md
@@ -7,6 +7,7 @@ softdev:: Unit 4 Outcome 2
 - employ a wide variety of [[Software Security]] controls to maximise security
 - identify different [[Security Vulnerabilities]]
 - identifying and ensuring [[Data Integrity]] is considered and understood within the solution
+- understanding and implementing strategies and practices that enable [[Data Protection]]
 -
 - Further Research
   background-color:: purple