KIT105 Assignment 4: Australian Privacy Principles Case Study

Verified

Added on 2023/03/17

AI Summary

This assignment analyzes a case study related to the Australian Privacy Principles (APP). The document systematically examines each APP, including APP 1 through APP 13, assessing their relevance to the case study and providing justifications for each assessment. The analysis considers aspects such as open and transparent management of personal information, anonymity, collection and use of personal data, notification of collection, direct marketing, cross-border disclosure, government identifiers, quality and security of information, and access and correction of personal information. The assignment highlights key issues such as the safeguarding of information, the need for user consent, and adherence to data protection standards. The document aims to clarify the practical implications of each principle within the context of the case study, providing a comprehensive overview of privacy law compliance.

KIT105 – Assignment 4 – Australian Privacy
Principles
Name & ID
Name & ID
Name & ID
Name & ID
The Topic of case study:
APP 1 — Open and transparent management of personal information
Ensures that APP entities manage personal information in an open and transparent way. This includes having
a clearly expressed and up to date APP privacy policy.
Is this one of the top 4 relevant principles: Yes No (highlight yellow)
Why/Why Not? It requires Uber to safeguard the information from hacking and other malicious
activities. Uber needs to ensure that all the personal information of both Uber users and drivers
are not compromised.
APP 2 — Anonymity and pseudonymity
Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym.
Limited exceptions apply.
Is this one of the top 4 relevant principles: Yes No (highlight yellow)
Why/Why Not? APP entities must give individuals the option of interacting with their AAP entity
anonymously or by using a pseudonym. For this it is not important to do this as an exception that
may apply to in relation to a particular matter.
APP 3 — Collection of solicited personal information
Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to
the collection of ‘sensitive’ information.
Is this one of the top 4 relevant principles: Yes No (highlight yellow)
Why/Why Not?
There are no rules to deal with the solicited data. Personal information must not be collected. But
solicited data can be collected and identified that any breach should not happen.
APP 4 — Dealing with unsolicited personal information
Outlines how APP entities must deal with unsolicited personal information.
Is this one of the top 4 relevant principles: Yes No (highlight yellow)
Why/Why Not? New rules must be identified on how the situations should be dealt with
unsolicited information and personal details, including the information that has been destroyed or
identified.
APP 5 — Notification of the collection of personal information
Outlines when and in what circumstances an APP entity that collects personal information must notify an
individual of certain matters.
Is this one of the top 4 relevant principles: Yes No (highlight yellow)
Why/Why Not? Users must be informed that the company wants to use their personal
information. This will ensure trust among the users on the company. Even if the company wants to
use the information for direct marketing, it is advisable to seek permissions.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

APP 6 — Use or disclosure of personal information
Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.
Is this one of the top 4 relevant principles: Yes No (highlight yellow)
Why/Why Not? There are new rules and information on use and disclosure of personal data of
users. It is mentioned that personal information can be used or disclosed for the purpose of direct
marketing. These rules are applicable on companies but can be applied to only few agencies
APP 7 — Direct marketing
An organisation may only use or disclose personal information for direct marketing purposes if certain
conditions are met.
Is this one of the top 4 relevant principles: Yes No (highlight yellow)
Why/Why Not?
Only if the conditions are met, companies will be able to access the information but not all
agencies will be able to apply.
APP 8 — Cross-border disclosure of personal information
Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.
Is this one of the top 4 relevant principles: Yes No (highlight yellow)
Why/Why Not? There are no identified rules for cross-border disclosure of personal information.
The company will however be accountable for circulating information overseas of its users.
APP 9 — Adoption, use or disclosure of government related identifiers
Outlines the limited circumstances when an organisation may adopt a government related identifier of an
individual as its own identifier, or use or disclose a government related identifier of an individual.
Is this one of the top 4 relevant principles: Yes No (highlight yellow)
Why/Why Not? There are new exceptions to the general prohibition against the use of
government related identifiers by some organizations. To some agencies, APP 9 policy will be
applied.
APP 10 — Quality of personal information
An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to
date and complete. An entity must also take reasonable steps to ensure the personal information it uses or
discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or
disclosure.
Is this one of the top 4 relevant principles: Yes No (highlight yellow)
Why/Why Not? Review on the practices and procedures of maintaining the personal information.
The APP 10 Quality standards will be applied for the purpose of disclosure.
APP 11 — Security of personal information
An APP entity must take reasonable steps to protect personal information it holds from misuse, interference
and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or
de-identify personal information in certain circumstances.
Is this one of the top 4 relevant principles: Yes No (highlight yellow)
Why/Why Not?
The APP 11 suggests that users’ personal information must be protected. In the case study,
personal information was compromised due to the issues of hacking.

APP 12 — Access to personal information
Outlines an APP entity’s obligations when an individual requests to be given access to personal information
held about them by the entity. This includes a requirement to provide access unless a specific exception
applies.
Is this one of the top 4 relevant principles: Yes No (highlight yellow)
Why/Why Not?
There must be a timeframe or manner in which the information will be collected from the users.
Written reasons are required for giving access.
APP 13 — Correction of personal information
Outlines an APP entity’s obligations in relation to correcting the personal information it holds about
individuals.
Is this one of the top 4 relevant principles: Yes No (highlight yellow)
Why/Why Not?
The company feels obligated of correcting the personal information about individuals. In order to
correct, the company tried to appoint new and trusted people so that they do not conduct any
personal information breach.