 |
|||||||||
|
|||||||||
|
|||||||||
|
|
|
 |
|
|
|
||||
 |
|
|
|
|
|
NPPs & codes: IntroductionOrganisations that come under the private sector privacy regime are bound by either an approved privacy code or the National Privacy Principles. Failure to follow a code or the NPPs constitutes an interference with the privacy of an individual and there are sanctions. Not sure if you have to comply? See Who does the privacy regime apply to? The Privacy Commissioner's May 2005 review of the private sector provisions of the Privacy Act 1988, includes some recommendations relating to certain NPPs. National Privacy PrinciplesThe NPPs set out a minimum standard for the fair handling of personal information by private sector organisations. The ten NPPs cover everything from the collection and use of information to data quality and access rights. They're based on the National Principles for the Fair Handling of Personal Information. We've provided a summary of the NPPs (including the recommendations made in May 2005 by the Privacy Commissioner) and how they may affect you. Approved Privacy CodesOne of the aims of the private sector laws was to encourage private sector organisations to develop industry-wide codes of practice for handling personal information. If there's an approved code for your industry, you can choose to be bound by the code instead of the NPPs themselves. You can also seek to have your own privacy code approved. In practice, very few codes have been developed and approved. This is something the Privacy Commissioner commented on in her review. An approved privacy code must incorporate all of the NPPs or impose equivalent - or more stringent - obligations. So an approved code may carry a higher burden than the NPPs. Once a code has been approved and adopted by the organisation, it replaces the NPPs. The Privacy Commissioner must keep a publicly available register of approved codes. He or she approves codes and has the power to review, vary or revoke approved codes. When considering codes for approval, the Commissioner may consult with anybody he or she thinks fit. The Commissioner must also be satisfied that:
The Privacy Commissioner has released guidelines to help private sector organisations develop privacy codes. Complaints handling procedureThe code can give procedures for making and handling complaints, although it isn't compulsory to do so. If the code doesn't set out a complaints handling procedure, the Commissioner will handle complaints and act as the adjudicator. If the code does outline a complaints handling procedure, there are various requirements. For example, there must be an independent adjudicator, the procedure must comply with the prescribed standards, and any guidelines the Commissioner has issued must be followed. Variation of an approved codeAn organisation may apply to the Commissioner for a variation to its approved code. The Commissioner must consider the same issues as if this was an application for approval of a code. But if the variation is minor, the Commissioner doesn't have to be satisfied that the public has had an adequate period of time to comment on the proposed variations. Instead, the Commissioner may just consult with any person that he or she thinks fit about the variation. Revoking an approved codeThe Commissioner may revoke approval of a code or variation, either on his or her own initiative or if requested by an organisation bound by the code. The Commissioner must first consult the organisation requesting the revocation (if practicable) and consider the extent to which members of the public have been able to comment on the proposed revocation. 
|
 |
 |
 |
|
|
|
|
|
|
|
|
|
 |
|
|
|
|
|
|
|
|
