Department of Administrative Services: Data Protection Report
VerifiedAdded on 2020/06/04
|27
|10026
|55
Report
AI Summary
This report focuses on privacy and data protection within the context of the Department of Administrative Services (DAS), an Australian government entity providing centralized services. The study addresses the challenges of managing personal information in a shared services environment, where data is stored across multiple locations, including overseas. The report outlines a privacy strategy, emphasizing the importance of digital identities, secure data transfer, and adherence to Australian Privacy Principles (APP). It covers the collection, use, and disclosure of personal details, with recommendations for mitigating privacy risks and implementing robust data protection measures. The analysis includes strategies for securing digital identities, protecting personal data, and ensuring authorized access. The report concludes with recommendations for implementing the strategies and mitigating identified security risks, offering a comprehensive overview of data protection within the DAS framework.
Privacy and Data
Protection
Protection
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
INTRODUCTION...........................................................................................................................1
TASK...............................................................................................................................................1
1. PRIVACY STRATEGY FOR PERSONAL DATA...................................................................1
Management of personal information.........................................................................................1
Collection and management of solicited personal information...................................................2
Use and disclosure of personal details........................................................................................3
Use and security of digital identities...........................................................................................4
Security of personal information.................................................................................................5
Quality and correction of personal information..........................................................................7
2. RECOMMENDATIONS FOR PRIVACY CONTROLS...........................................................8
Mitigating privacy risk................................................................................................................8
Implementation of privacy strategy............................................................................................9
3. PERSONAL DATA PROTECTION STRATEGY..................................................................11
Protection of personal information............................................................................................11
Authorised access & disclosure of personal information..........................................................14
De-identification of personal data.............................................................................................14
Use of personal digital identities...............................................................................................15
Security of personal data...........................................................................................................16
Archiving of personal data........................................................................................................17
4. RECOMMENDATIONS FOR PERSONAL DATA PROTECTION STRATEGY................17
Mitigate the previously identified security risks.......................................................................17
Implement the personal data protection strategy......................................................................18
CONCLUSION..............................................................................................................................18
REFERENCES..............................................................................................................................20
INTRODUCTION...........................................................................................................................1
TASK...............................................................................................................................................1
1. PRIVACY STRATEGY FOR PERSONAL DATA...................................................................1
Management of personal information.........................................................................................1
Collection and management of solicited personal information...................................................2
Use and disclosure of personal details........................................................................................3
Use and security of digital identities...........................................................................................4
Security of personal information.................................................................................................5
Quality and correction of personal information..........................................................................7
2. RECOMMENDATIONS FOR PRIVACY CONTROLS...........................................................8
Mitigating privacy risk................................................................................................................8
Implementation of privacy strategy............................................................................................9
3. PERSONAL DATA PROTECTION STRATEGY..................................................................11
Protection of personal information............................................................................................11
Authorised access & disclosure of personal information..........................................................14
De-identification of personal data.............................................................................................14
Use of personal digital identities...............................................................................................15
Security of personal data...........................................................................................................16
Archiving of personal data........................................................................................................17
4. RECOMMENDATIONS FOR PERSONAL DATA PROTECTION STRATEGY................17
Mitigate the previously identified security risks.......................................................................17
Implement the personal data protection strategy......................................................................18
CONCLUSION..............................................................................................................................18
REFERENCES..............................................................................................................................20
INTRODUCTION
Leakage of personal and professional information has become the major problem in the
country. Government has made several legislation for maintaining confidentiality. Present study
is based on the Department of Administrative services (DAS) which provides quality services to
Australian State government (Trepte and et.al, 2015). It includes services related with contractor
management, contract tendering, payroll, procurement etc. Government has amended its policies
and now DAS is required to centralised its services for Whole of Government (WofG). That
means each department which comes under these centres will have to migrate their data to DAS.
Current assignment will discuss management of personal information in relation of Department
of Administrative services. Furthermore, strategies will be developed in order to keep personal
information secure.
TASK
1. PRIVACY STRATEGY FOR PERSONAL DATA
Management of personal information
Information is most essential assets of company, it is necessary for the firms to protect
their personal detail. Confidential detail of companies can be printed or can be written on papers.
It is responsibility of firms that to maintain confidentiality so that complexity can be minimized.
Changes in government policies has affected working of DAS to great extent. Now Department
of Administrative services have to move to “shared services” approach. In this system
Department of Administrative services now have to centralised its services (Granger and Irion,
2014). DAS will provide application for performance management with complete HR suite
through centralised system. However, the main databased is available in California with replica
in Dublin and Ireland. Whereas application provider's processing centre is held in Bangalore.
India. It is complicated situation because firms will have to share their employees detail on these
online Department of Administrative service's intranet. There are high chances that personal
detail of employees and companies can get leaked.
As per the statewide information security policy, each agency have to work together and
have to establish plan to protect their data and manage risk which are associated with the data
leakage (Koops and Leenes, 2014). DAS needs to adopt ISO/IEC 27002:2005 international
standards that can support in securing information effectively. Changes in technologies has
supported in emerging the new business model in which internet plays significant role. In order
1
Leakage of personal and professional information has become the major problem in the
country. Government has made several legislation for maintaining confidentiality. Present study
is based on the Department of Administrative services (DAS) which provides quality services to
Australian State government (Trepte and et.al, 2015). It includes services related with contractor
management, contract tendering, payroll, procurement etc. Government has amended its policies
and now DAS is required to centralised its services for Whole of Government (WofG). That
means each department which comes under these centres will have to migrate their data to DAS.
Current assignment will discuss management of personal information in relation of Department
of Administrative services. Furthermore, strategies will be developed in order to keep personal
information secure.
TASK
1. PRIVACY STRATEGY FOR PERSONAL DATA
Management of personal information
Information is most essential assets of company, it is necessary for the firms to protect
their personal detail. Confidential detail of companies can be printed or can be written on papers.
It is responsibility of firms that to maintain confidentiality so that complexity can be minimized.
Changes in government policies has affected working of DAS to great extent. Now Department
of Administrative services have to move to “shared services” approach. In this system
Department of Administrative services now have to centralised its services (Granger and Irion,
2014). DAS will provide application for performance management with complete HR suite
through centralised system. However, the main databased is available in California with replica
in Dublin and Ireland. Whereas application provider's processing centre is held in Bangalore.
India. It is complicated situation because firms will have to share their employees detail on these
online Department of Administrative service's intranet. There are high chances that personal
detail of employees and companies can get leaked.
As per the statewide information security policy, each agency have to work together and
have to establish plan to protect their data and manage risk which are associated with the data
leakage (Koops and Leenes, 2014). DAS needs to adopt ISO/IEC 27002:2005 international
standards that can support in securing information effectively. Changes in technologies has
supported in emerging the new business model in which internet plays significant role. In order
1
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
to manage the personal information employees will get digital ID and authentic passwords. This
ID will be generated by each agency's active directory instance. This can support in maintaining
information secure and maintain confidentiality (Watson, 2015).
Purchase contractor management application form can help in maintaining the security,
as all database of firms are in the Heidelberg and all configuration, updates and features are
provided from Walldorf lab, Germany. Thus, employees of DAS can directly enter into this
system. As this URL is secure and management look upon the element that data get transferred
with security. But hacking is the main risk, all data can be leaked thus, it is essential for DAS
that to maintain security and have to generate separate password so that no one can use these
details from intranet (Munir and et.al, 2015). Personal information management is the
systematic procedure which are followed by entity to acquire, retrieve the personal information
such as web-page, email, message etc. It is the method which assist in maintaining the personal
details effectively. Individual can make effective control over their data.
Collection and management of solicited personal information
Australian privacy principle (APP) assist process to collecting and managing solicited
personal information of companies and their employees. Government has made changes in the
policies and DAS has to move to shared services approach. That means DAS will have to
centralised its services and all database needs to be centralised. APP 3 principle applies
whenever DAS solicits and collects personal detail of employees and companies. On other hand
APP 4 applies in the situation when personal information are received by the entity (Quinn,
2016). It is the principles which helps in gathering, acquiring personal information from reliable
sources. APP guidelines states that before requesting another firm to send their detail companies
are required to take some steps in this respect.
Before collecting solicited information DAS needs to consider the factor whether this
detail are necessary or not. Sensitive data needs not to be collected from employees until unless
individual gives their consent regarding the same. In addition, collection of solicited information
needs to be done as per the guidelines of Australian law. If companies are not following the legal
requirements or gathering information unreasonable then firm will have to face legal punishment
for the mistake (Xu and et.al, 2014).
DAS have to kindly request the other branches humbly so that necessary details can be
gathered by companies and it can be managed properly. For managing each collected detail
2
ID will be generated by each agency's active directory instance. This can support in maintaining
information secure and maintain confidentiality (Watson, 2015).
Purchase contractor management application form can help in maintaining the security,
as all database of firms are in the Heidelberg and all configuration, updates and features are
provided from Walldorf lab, Germany. Thus, employees of DAS can directly enter into this
system. As this URL is secure and management look upon the element that data get transferred
with security. But hacking is the main risk, all data can be leaked thus, it is essential for DAS
that to maintain security and have to generate separate password so that no one can use these
details from intranet (Munir and et.al, 2015). Personal information management is the
systematic procedure which are followed by entity to acquire, retrieve the personal information
such as web-page, email, message etc. It is the method which assist in maintaining the personal
details effectively. Individual can make effective control over their data.
Collection and management of solicited personal information
Australian privacy principle (APP) assist process to collecting and managing solicited
personal information of companies and their employees. Government has made changes in the
policies and DAS has to move to shared services approach. That means DAS will have to
centralised its services and all database needs to be centralised. APP 3 principle applies
whenever DAS solicits and collects personal detail of employees and companies. On other hand
APP 4 applies in the situation when personal information are received by the entity (Quinn,
2016). It is the principles which helps in gathering, acquiring personal information from reliable
sources. APP guidelines states that before requesting another firm to send their detail companies
are required to take some steps in this respect.
Before collecting solicited information DAS needs to consider the factor whether this
detail are necessary or not. Sensitive data needs not to be collected from employees until unless
individual gives their consent regarding the same. In addition, collection of solicited information
needs to be done as per the guidelines of Australian law. If companies are not following the legal
requirements or gathering information unreasonable then firm will have to face legal punishment
for the mistake (Xu and et.al, 2014).
DAS have to kindly request the other branches humbly so that necessary details can be
gathered by companies and it can be managed properly. For managing each collected detail
2
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
authorised ID and password is generated to the employees by agency so that workers can look
upon data. As updated and configuration details are in the Walldoft lab and main database in the
California and it is replica in Dublin, Ireland. Thus, before collecting information from the other
places DAS needs to maintain security in the intranet so that issues related to hacking can not
take place (Victor, 2013). Apart from this it is required to take consent from the members so that
after releasing these details on website no-one can raise their voice and no complexity occur.
Collection agencies can also collect details to more than one agency's functions and their several
activities. DAS can gather personal data which is directly related with the functions and
activities but collection procedures needs to be Australian law standard.
Use and disclosure of personal details
APP 6 principle is related with the discloser of personal information. This principle can
only be applied in the condition when primary purpose is collection of details. APP 6 states that
internet is the common medium through which all details can be circulated. It is essential that
individual gives their consent to a secondary use. DAS reasonably believes that disclosure is
most important part that supports in maintaining the confidentiality in the workplace.
Centralization of database can creates issue and hacking and misuse type of risk can take place
(Macenaite, 2017). But this principle states that entities can only use these information when all
exceptions applies . Individual is only liable to disc;lose its personal detail when it is collected
for particular purpose. Wherever exceptions applies then DAS can use use personal information.
Exceptions related to the same are as following: Consent to secondary use is the first exception
of the same. Details which are collected for secondary use needs to be authorized by or
conducted as per the guidelines of Australian law. Disclosure can not be done if it is for the
purpose of direct marketing (KoninG and et.al, 2014).
Personal information are used by DAS in order to manage the details effectively. So that
employees can access the server and can gather detail about their payroll, contractor management
effectively. It will help them in getting overview about their post and pay scale. DAS will be able
to provide consolidated services to all agencies and related departments. So that they will be able
to manage their operations accordingly. By collecting all details and arranging these details on
the servers can be useful for the firms (Ni Loideain, 2016). DAS will provide facilities of on-
board, off-board contractors thus employees can be able to enter into site directly through secure
URL. Apart from this use of personal information and disclosure of these details can be
3
upon data. As updated and configuration details are in the Walldoft lab and main database in the
California and it is replica in Dublin, Ireland. Thus, before collecting information from the other
places DAS needs to maintain security in the intranet so that issues related to hacking can not
take place (Victor, 2013). Apart from this it is required to take consent from the members so that
after releasing these details on website no-one can raise their voice and no complexity occur.
Collection agencies can also collect details to more than one agency's functions and their several
activities. DAS can gather personal data which is directly related with the functions and
activities but collection procedures needs to be Australian law standard.
Use and disclosure of personal details
APP 6 principle is related with the discloser of personal information. This principle can
only be applied in the condition when primary purpose is collection of details. APP 6 states that
internet is the common medium through which all details can be circulated. It is essential that
individual gives their consent to a secondary use. DAS reasonably believes that disclosure is
most important part that supports in maintaining the confidentiality in the workplace.
Centralization of database can creates issue and hacking and misuse type of risk can take place
(Macenaite, 2017). But this principle states that entities can only use these information when all
exceptions applies . Individual is only liable to disc;lose its personal detail when it is collected
for particular purpose. Wherever exceptions applies then DAS can use use personal information.
Exceptions related to the same are as following: Consent to secondary use is the first exception
of the same. Details which are collected for secondary use needs to be authorized by or
conducted as per the guidelines of Australian law. Disclosure can not be done if it is for the
purpose of direct marketing (KoninG and et.al, 2014).
Personal information are used by DAS in order to manage the details effectively. So that
employees can access the server and can gather detail about their payroll, contractor management
effectively. It will help them in getting overview about their post and pay scale. DAS will be able
to provide consolidated services to all agencies and related departments. So that they will be able
to manage their operations accordingly. By collecting all details and arranging these details on
the servers can be useful for the firms (Ni Loideain, 2016). DAS will provide facilities of on-
board, off-board contractors thus employees can be able to enter into site directly through secure
URL. Apart from this use of personal information and disclosure of these details can be
3
beneficial because by this way all updated data will be transfer on daily bases which will help
firms in getting updated information all the time.
DAS payroll to a COTS application will help in processing and managing payrolls within
DAS. After getting this application companies will not have to process any additional
information into this application software. DAS policy and procedures for protecting data and
maintaining privacy of websites (Tan, 2014). It follows legislation and guidelines of the
government and does not disclose any personal detail of any employees to third party. All the
involved persons get secure ID and authentic password which supports in managing the system
effectively. Sensitive data is collected for only valid reasons which needs to be related with the
DAS power or duty. Valid reasons for disclosing of personal information are such as preparing
the administrative hearings, administrating an information system, etc (Irion, 2016).
Hold, use, disclose all terms are come under the principle of APP 6. Disclose is the term
in which DAS makes it accessible to other organizations but agencies work to make effective
control over the personal details. Disclosing party needs to pay much attention in this respect so
that no data can get misused by third party. Unauthorized access is not considered as disclosure
of personal information (Zinke and et.a., 2017). Cyber attack is the great example of
unauthorized access. APP 6 impose obligation on entities for disclosing the personal information.
Legislation states that DAS can only disclose personal information of employees and others only
when they have given their consent for the same. If any person is not ready to disclose these
details then companies can not share their details on intranet.
Use and security of digital identities
Identity plays a major role in everyone life but many people does not pay attention to it
unless and until something happen or goes wrong. in this increasing digital world which have no
boundary or borders few brick wall is not enough to security and privacy of sensitive
information. It acts as a frontier to security and privacy, its nature entitle us to complete some
transaction but denied from completing others. Identity play important role in transaction. Digital
Identity Is an identity which is adopted online in cyberspace by individual or organisation. It
works in collecting the information about person and that information in turn become the base
which is used to determine the rightful participation of a person in particular transaction.
Technology has taken a giant leap which has increase in no. of transaction and complexity the
4
firms in getting updated information all the time.
DAS payroll to a COTS application will help in processing and managing payrolls within
DAS. After getting this application companies will not have to process any additional
information into this application software. DAS policy and procedures for protecting data and
maintaining privacy of websites (Tan, 2014). It follows legislation and guidelines of the
government and does not disclose any personal detail of any employees to third party. All the
involved persons get secure ID and authentic password which supports in managing the system
effectively. Sensitive data is collected for only valid reasons which needs to be related with the
DAS power or duty. Valid reasons for disclosing of personal information are such as preparing
the administrative hearings, administrating an information system, etc (Irion, 2016).
Hold, use, disclose all terms are come under the principle of APP 6. Disclose is the term
in which DAS makes it accessible to other organizations but agencies work to make effective
control over the personal details. Disclosing party needs to pay much attention in this respect so
that no data can get misused by third party. Unauthorized access is not considered as disclosure
of personal information (Zinke and et.a., 2017). Cyber attack is the great example of
unauthorized access. APP 6 impose obligation on entities for disclosing the personal information.
Legislation states that DAS can only disclose personal information of employees and others only
when they have given their consent for the same. If any person is not ready to disclose these
details then companies can not share their details on intranet.
Use and security of digital identities
Identity plays a major role in everyone life but many people does not pay attention to it
unless and until something happen or goes wrong. in this increasing digital world which have no
boundary or borders few brick wall is not enough to security and privacy of sensitive
information. It acts as a frontier to security and privacy, its nature entitle us to complete some
transaction but denied from completing others. Identity play important role in transaction. Digital
Identity Is an identity which is adopted online in cyberspace by individual or organisation. It
works in collecting the information about person and that information in turn become the base
which is used to determine the rightful participation of a person in particular transaction.
Technology has taken a giant leap which has increase in no. of transaction and complexity the
4
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
need of digital identity has also increased. Stringent regulatory requirement and reputational
damage ad financial speed also act as a booster to the demand of digital identity.
digital identity has increased the overall efficiency of organisation, it improved there
services leading to better customer satisfaction, it reduces the error occur because of human
involvement streamlining and automation process also become far more smoother. It helps
organisation to reach each and every employee at much faster rate disregard of physical
boundaries. In addition to it this identity will not only help DAS to gain information about
companies but organisation will also get access to the available information in system. This
identity help in securing the resources as only few people have access to important information.
Digital identity act as a key to the access to the information in system. So its necessary
for DAS to take appropriate measure to protect this identity, it will not only help in keeping in
the information safe but also help in maintain a secure IT services. DAS plan to adopt ISO/IEC
standard to secure the digital identity of organisation. These techniques take in consideration the
overall intent to secure information. DAS ca also use block chain method to secure the identity,
it works on managing identity by sharing secure and auditable source information. DAS can also
accept Risk- Based Approach which not only provide security to the assets as well as people of
organisation.
Security of personal information
DAS has many organisation under its wings, It becomes DAS responsibility to take
reasonable steps to protect the personal information it has from any misuse or unauthorised
access which can lead to interference and loss as well as from modification and disclosure. It the
organisation is not needed of any personal information than they are required to destroy that
information so that it cannot be identified by others.
Having the personal information DAS has to become aware of which information they
can provide to other and which information is necessary to retain. They need strong security
measures against unauthorised access. The privacy Act implemented by government does not
include misuse, interference, loss, unauthorised access, modification and disclosure which can be
quite harmful if not taken in consideration.
Misuses: DAS is not allowed to misuse the personal information it has about the organisation
under the privacy act. Organisation should set out rules which depict when an entity is allowed to
5
damage ad financial speed also act as a booster to the demand of digital identity.
digital identity has increased the overall efficiency of organisation, it improved there
services leading to better customer satisfaction, it reduces the error occur because of human
involvement streamlining and automation process also become far more smoother. It helps
organisation to reach each and every employee at much faster rate disregard of physical
boundaries. In addition to it this identity will not only help DAS to gain information about
companies but organisation will also get access to the available information in system. This
identity help in securing the resources as only few people have access to important information.
Digital identity act as a key to the access to the information in system. So its necessary
for DAS to take appropriate measure to protect this identity, it will not only help in keeping in
the information safe but also help in maintain a secure IT services. DAS plan to adopt ISO/IEC
standard to secure the digital identity of organisation. These techniques take in consideration the
overall intent to secure information. DAS ca also use block chain method to secure the identity,
it works on managing identity by sharing secure and auditable source information. DAS can also
accept Risk- Based Approach which not only provide security to the assets as well as people of
organisation.
Security of personal information
DAS has many organisation under its wings, It becomes DAS responsibility to take
reasonable steps to protect the personal information it has from any misuse or unauthorised
access which can lead to interference and loss as well as from modification and disclosure. It the
organisation is not needed of any personal information than they are required to destroy that
information so that it cannot be identified by others.
Having the personal information DAS has to become aware of which information they
can provide to other and which information is necessary to retain. They need strong security
measures against unauthorised access. The privacy Act implemented by government does not
include misuse, interference, loss, unauthorised access, modification and disclosure which can be
quite harmful if not taken in consideration.
Misuses: DAS is not allowed to misuse the personal information it has about the organisation
under the privacy act. Organisation should set out rules which depict when an entity is allowed to
5
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
use personal information. In addition to it some rules should be set for DAS itself which define
its use of personal information.
Interference: When there is attack on the information DAS hold that intervene with the personal
information, it occurs, it does not generally modify the content, but mostly expose the personal
information through computer hacking.
Loss: It includes both physical loses and electronical loses our focus is on, electronical forces, it
includes losses of personal information because of system failure or organisation incompetency
to keep adequate data. It may also occur because of unauthorised access.
Unauthorised access: It occurs when someone who is not allowed gets access to personal
information held by DSA, it not only include hackers but also the employee of organisation and
any other associated person.
Unauthorised Modification and Disclosure: When the information stored by DAS get altered by
some unauthorised person which is not entitled under Privacy Act. Unauthorised disclosure
happen when the information in DSA get access or visible to outsider. It also includes releasing
of information from its effective control that is not permitted by Privacy act.
Destroying or de-identifying personal information: If entity is no longer in need of any personal
information then they are required to destroy all the person information or de-identifying of it
from any further use. The organization have to pay special attention to sensitive information that
they are deposed correctly. Its difficult for organisation to destroy the electronic information so
its necessary for them to make them beyond use. Beyond use include that organisation does not
attempt to get access to that particular information or it cannot give access to any other
organisation. Providing security to particular information also consider under it.
Access to personal information
Access request are made by employees to get a copy or access to the personal
information about them that is held organisation. Under the data protection law initiated by
government employees are entitled to get admittance to personal data under the organisation.
This data make sure that organization holding information provide access to individual to get
there personal data. It also includes setting out the rules when and how access is given and when
they can refuse there ingress. This access followed a particular process where the requirements
6
its use of personal information.
Interference: When there is attack on the information DAS hold that intervene with the personal
information, it occurs, it does not generally modify the content, but mostly expose the personal
information through computer hacking.
Loss: It includes both physical loses and electronical loses our focus is on, electronical forces, it
includes losses of personal information because of system failure or organisation incompetency
to keep adequate data. It may also occur because of unauthorised access.
Unauthorised access: It occurs when someone who is not allowed gets access to personal
information held by DSA, it not only include hackers but also the employee of organisation and
any other associated person.
Unauthorised Modification and Disclosure: When the information stored by DAS get altered by
some unauthorised person which is not entitled under Privacy Act. Unauthorised disclosure
happen when the information in DSA get access or visible to outsider. It also includes releasing
of information from its effective control that is not permitted by Privacy act.
Destroying or de-identifying personal information: If entity is no longer in need of any personal
information then they are required to destroy all the person information or de-identifying of it
from any further use. The organization have to pay special attention to sensitive information that
they are deposed correctly. Its difficult for organisation to destroy the electronic information so
its necessary for them to make them beyond use. Beyond use include that organisation does not
attempt to get access to that particular information or it cannot give access to any other
organisation. Providing security to particular information also consider under it.
Access to personal information
Access request are made by employees to get a copy or access to the personal
information about them that is held organisation. Under the data protection law initiated by
government employees are entitled to get admittance to personal data under the organisation.
This data make sure that organization holding information provide access to individual to get
there personal data. It also includes setting out the rules when and how access is given and when
they can refuse there ingress. This access followed a particular process where the requirements
6
are set before like time period of responding of to the request, how its given and the written
notice for the reason of refusal. This system work alongside the different procedures and does
not replace other informal or legal procedure through which individual get access. It provides
access to personal information but any other information access is denied.
There are chance of having same personal information, in such condition the organisation
provide the needed information even though its also the information of other person unless there
is refusal to access that applies. Before giving the access to person it also looks at other
legislature whether they provide right to access or not. Organisation takes discretionary
decision if the candidate does not get right under other legislature. They on their own decide
whether to grant him access or refuse it.
Before providing access organisation have to take appropriate measures like if the request
is made by the concerned person or by other authorised person. If entity provide information to
other people it may lead to disclosure of personal information which is not allowed.
Organisation have to make sure that FOI Act and access procedure are integrated
together. FOI act set rules about requesting and providing the access to documents. FOI demand
organisation to help individual in undertaking the necessary steps to take access of information.
DAS also advocate this right ad given there employees with digital identities which help them to
get access to DAS intranet, that give them authentication to get there information.
Quality and correction of personal information
Quality of personal information means that the organisation must take appropriate step to
make sure that the personal information it collects are correct, updated and completed. The
organisation have top make sure that the data they are using and disclose must be updated,
accurate and relevant. Having old or wrong information can have significant impact on the
privacy of individual. So its necessary for DAS to properly update there portals. DAS makes sure
to maintain high quality personal information which help them to build trust among the
organisations and also work to boost the confidence in handling personal information.
The organisation have to take special steps to ensure to maintain quality of information
specially at the time when its collected and the time when its used or disclosed. In addition to it
regular review help entity to maintain the good quality. An organisation should have better
internal practices and procedure to keep the update information of employee.
7
notice for the reason of refusal. This system work alongside the different procedures and does
not replace other informal or legal procedure through which individual get access. It provides
access to personal information but any other information access is denied.
There are chance of having same personal information, in such condition the organisation
provide the needed information even though its also the information of other person unless there
is refusal to access that applies. Before giving the access to person it also looks at other
legislature whether they provide right to access or not. Organisation takes discretionary
decision if the candidate does not get right under other legislature. They on their own decide
whether to grant him access or refuse it.
Before providing access organisation have to take appropriate measures like if the request
is made by the concerned person or by other authorised person. If entity provide information to
other people it may lead to disclosure of personal information which is not allowed.
Organisation have to make sure that FOI Act and access procedure are integrated
together. FOI act set rules about requesting and providing the access to documents. FOI demand
organisation to help individual in undertaking the necessary steps to take access of information.
DAS also advocate this right ad given there employees with digital identities which help them to
get access to DAS intranet, that give them authentication to get there information.
Quality and correction of personal information
Quality of personal information means that the organisation must take appropriate step to
make sure that the personal information it collects are correct, updated and completed. The
organisation have top make sure that the data they are using and disclose must be updated,
accurate and relevant. Having old or wrong information can have significant impact on the
privacy of individual. So its necessary for DAS to properly update there portals. DAS makes sure
to maintain high quality personal information which help them to build trust among the
organisations and also work to boost the confidence in handling personal information.
The organisation have to take special steps to ensure to maintain quality of information
specially at the time when its collected and the time when its used or disclosed. In addition to it
regular review help entity to maintain the good quality. An organisation should have better
internal practices and procedure to keep the update information of employee.
7
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
If the collected information by organisation is wrong than they are required to take
reasonable steps to correct that mistakes this is known as "Correction of personal information".
When the DAS feels that provided information is not up to date, accurate or relevant then they
can take require measures to correct that information.
An employee can also request the correction in his provided information.
Organisation have to keep in mind the common wealth records which can only altered
under the act of Archives Act 1983.
This changes require a procedural that is to take justified steps to notify entity of change.
Providing notice to individual that include the reason for the refusal of complaints and changes.
If organisation refuse to the correction then is applicant entitle to ask for the particular
information that they are refusing to change. Organisation cannot charge there employee for any
correction. In addition to it Organisation need to respond them in set time whether to correct it or
to justify why the correction was not made. It works alongside with other informal and legal
procedures through which a person ca correct there information.
2. RECOMMENDATIONS FOR PRIVACY CONTROLS
Mitigating privacy risk
Privacy and security risk are considered as one of the biggest threats to entity. If any
confidential detail of the firm are leaked then it may cause critical situation in the workplace.
There are many hackers those who access website in unauthorized manner. They misuse personal
information of firm and employees. That not only harm the firm;s images but alos decraese
moral of workers (Kindt, 2013). As DAS has moved from departmental intranet to Microsoft
sharepoint Pass platform. In this regards it has to provide intranet services to all concern
agencies. This transformation gives ability to configure it and uses also can access to these
websites. In the application DAS has to add all details of employees, company's performance to
this applications so that authorized use can get necessary details related to the same.
DAS should effectively implement ISO/IEC 27002:2005 international standard that will
be beneficial in creating information security for the state government and related agencies.
Agencies can also use ISO/IEC standards. By following these standards DAS will be able to
identity risk and accordingly it will be able to mitigate these issues. This standard will be
beneficial for mitigating information security risks (Szekely, 2016). DAS needs to improve its IT
8
reasonable steps to correct that mistakes this is known as "Correction of personal information".
When the DAS feels that provided information is not up to date, accurate or relevant then they
can take require measures to correct that information.
An employee can also request the correction in his provided information.
Organisation have to keep in mind the common wealth records which can only altered
under the act of Archives Act 1983.
This changes require a procedural that is to take justified steps to notify entity of change.
Providing notice to individual that include the reason for the refusal of complaints and changes.
If organisation refuse to the correction then is applicant entitle to ask for the particular
information that they are refusing to change. Organisation cannot charge there employee for any
correction. In addition to it Organisation need to respond them in set time whether to correct it or
to justify why the correction was not made. It works alongside with other informal and legal
procedures through which a person ca correct there information.
2. RECOMMENDATIONS FOR PRIVACY CONTROLS
Mitigating privacy risk
Privacy and security risk are considered as one of the biggest threats to entity. If any
confidential detail of the firm are leaked then it may cause critical situation in the workplace.
There are many hackers those who access website in unauthorized manner. They misuse personal
information of firm and employees. That not only harm the firm;s images but alos decraese
moral of workers (Kindt, 2013). As DAS has moved from departmental intranet to Microsoft
sharepoint Pass platform. In this regards it has to provide intranet services to all concern
agencies. This transformation gives ability to configure it and uses also can access to these
websites. In the application DAS has to add all details of employees, company's performance to
this applications so that authorized use can get necessary details related to the same.
DAS should effectively implement ISO/IEC 27002:2005 international standard that will
be beneficial in creating information security for the state government and related agencies.
Agencies can also use ISO/IEC standards. By following these standards DAS will be able to
identity risk and accordingly it will be able to mitigate these issues. This standard will be
beneficial for mitigating information security risks (Szekely, 2016). DAS needs to improve its IT
8
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
security services, there should be secure computers and servers. Apart from this it is essential to
use anti virus so that no virus can cause difficulty to data. All these personal information are
essential part of business, if these details are being leaked then it will affect the overall operation
of agencies and related departments.
Furthermore, it is essential for the DAS that to understand legal obligations and impact
on intranet on the business and its confidential details. Government has given specific principles
related with the data security on internet. Before requesting to share their personal details it is
essential that DAS take their consent (Information security plan guidelines, 2016). There are two
purpose of sharing information; primary and secondary. If DAS is asking for the employees and
department to share their confidential details then there should be some specific reason behind.
Company should follow international standards and legal obligation. This will support in
mitigating with the security and privacy risk effectively.
Many business do not focus on the aspect that how much sensitive data is being leaked
due to loop fall in information security. It is fact that no system is reliable percent. DAS should
conduct security audit time to time. There should be security scanners and auditors should work
properly and have to examine whether details are protected or not (Privacy notice, 2017). The
main purpose of security audit is to identify possible risks which are within the software
application. Security auditors examine the operating system, physical environment,
authentication system, third party components etc. All these factors can support the auditor in
addressing the privacy risk and working to eliminate it from the system.
In addition to this, DAS needs to adapt several source programs such as IS 201, IS 203
etc. IS201 is related with the securing computers in which training can be given by firm to its
associated department and agencies about computer viruses and spyware. Furthermore, IS 203 is
another course module which is related with using email. In this, employees get training about
keeping mails private.
Implementation of privacy strategy
DAS believes that effective data privacy plan plays important role in the organizations.
Cited firm needs to create plan for providing privacy guidance to the companies so that whatever
data is being shared it can be kept confidential. In this phase company is required to allocate
responsibilities to all involved departments and agencies effectively. Evaluation needs to be done
and for that DAS is required to evaluate confidentiality, integrity and availability of elements.
9
use anti virus so that no virus can cause difficulty to data. All these personal information are
essential part of business, if these details are being leaked then it will affect the overall operation
of agencies and related departments.
Furthermore, it is essential for the DAS that to understand legal obligations and impact
on intranet on the business and its confidential details. Government has given specific principles
related with the data security on internet. Before requesting to share their personal details it is
essential that DAS take their consent (Information security plan guidelines, 2016). There are two
purpose of sharing information; primary and secondary. If DAS is asking for the employees and
department to share their confidential details then there should be some specific reason behind.
Company should follow international standards and legal obligation. This will support in
mitigating with the security and privacy risk effectively.
Many business do not focus on the aspect that how much sensitive data is being leaked
due to loop fall in information security. It is fact that no system is reliable percent. DAS should
conduct security audit time to time. There should be security scanners and auditors should work
properly and have to examine whether details are protected or not (Privacy notice, 2017). The
main purpose of security audit is to identify possible risks which are within the software
application. Security auditors examine the operating system, physical environment,
authentication system, third party components etc. All these factors can support the auditor in
addressing the privacy risk and working to eliminate it from the system.
In addition to this, DAS needs to adapt several source programs such as IS 201, IS 203
etc. IS201 is related with the securing computers in which training can be given by firm to its
associated department and agencies about computer viruses and spyware. Furthermore, IS 203 is
another course module which is related with using email. In this, employees get training about
keeping mails private.
Implementation of privacy strategy
DAS believes that effective data privacy plan plays important role in the organizations.
Cited firm needs to create plan for providing privacy guidance to the companies so that whatever
data is being shared it can be kept confidential. In this phase company is required to allocate
responsibilities to all involved departments and agencies effectively. Evaluation needs to be done
and for that DAS is required to evaluate confidentiality, integrity and availability of elements.
9
By following standards and simplify the procedure's privacy strategies can be implemented in the
DAS (Privacy notice, 2017). It can be implemented by the cited firm by taking privacy-by-design
approach. That will support in addressing privacy and security risks. Company is required to
develop a system monitoring and tracking the process of collecting details. Details of
implementation plan are as following:
Develop monitoring and tracking system
Designing of policies and procedures
Development of breach response plan
Conducting regular audit
For implementing the privacy policy in the workplace effectively, DAS can identify
priorities. That will support in collecting only necessary information related to each department.
Furthermore, company needs to give immediate response to cyber incidents (Information
security plan guidelines, 2016). Timely detection can support in addressing issues on time thus
further complications can be avoided to great extent. Recruitment needs to be done effectively
so that right person gets entered into the system. In addition, company needs to follow standards
and guidelines of Australian law that will assist in effective implementation of privacy strategy.
Illustration 1: implementation of privacy strategy
Source: (Information security plan guidelines, 2016)
10
DAS (Privacy notice, 2017). It can be implemented by the cited firm by taking privacy-by-design
approach. That will support in addressing privacy and security risks. Company is required to
develop a system monitoring and tracking the process of collecting details. Details of
implementation plan are as following:
Develop monitoring and tracking system
Designing of policies and procedures
Development of breach response plan
Conducting regular audit
For implementing the privacy policy in the workplace effectively, DAS can identify
priorities. That will support in collecting only necessary information related to each department.
Furthermore, company needs to give immediate response to cyber incidents (Information
security plan guidelines, 2016). Timely detection can support in addressing issues on time thus
further complications can be avoided to great extent. Recruitment needs to be done effectively
so that right person gets entered into the system. In addition, company needs to follow standards
and guidelines of Australian law that will assist in effective implementation of privacy strategy.
Illustration 1: implementation of privacy strategy
Source: (Information security plan guidelines, 2016)
10
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 27
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.