Comprehensive Analysis of Privacy Policy: University A Student System
VerifiedAdded on 2022/10/08
|12
|3055
|20
Report
AI Summary
This report provides a detailed analysis of the privacy policy applicable to University A, particularly in the context of implementing a student management system. It begins by identifying the relevant laws and regulations, including the Privacy Act 1988, the Privacy Amendment (Enhancing Privacy Protection) Act 2012, and the Privacy Amendment (Notifiable Data Breaches) Act 2017. The report then outlines the obligations of University A under these laws, focusing on the Australian Privacy Principles (APPs) and their implications for data collection, storage, use, and disclosure. The importance of these obligations is highlighted, along with the potential consequences of data breaches, including legal repercussions and penalties. Furthermore, the report describes procedures for University A and its workforce to demonstrate compliance, such as privacy audits, privacy policy development, and the implementation of a robust security framework. The analysis underscores the critical need for the university to adhere to privacy regulations to protect student data and maintain legal compliance.
Running head: ANALYSIS OF PRIVACY POLICY
ANALYSIS OF PRIVACY POLICY
Name of student
Name of university
Author’s note:
ANALYSIS OF PRIVACY POLICY
Name of student
Name of university
Author’s note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1ANALYSIS OF PRIVACY POLICY
Table of Contents
Description of laws or regulations the University A needs to comply with from privacy and
security perspective....................................................................................................................2
Description of the obligations of University A under those laws and regulations.....................3
Importance of those obligations and the consequence if data is breached.................................6
Procedure for the University A and its workforce to demonstrate the compliance...................7
Description of additional areas that need to be considered in the initiative...............................9
References:...............................................................................................................................11
Table of Contents
Description of laws or regulations the University A needs to comply with from privacy and
security perspective....................................................................................................................2
Description of the obligations of University A under those laws and regulations.....................3
Importance of those obligations and the consequence if data is breached.................................6
Procedure for the University A and its workforce to demonstrate the compliance...................7
Description of additional areas that need to be considered in the initiative...............................9
References:...............................................................................................................................11
2ANALYSIS OF PRIVACY POLICY
Description of laws or regulations the University A needs to comply with from privacy
and security perspective
In order to implement student management system, the University A needs to comply with
applicable rules and regulations from privacy and security perspective.
While designing student management system it is important to identify applicable rules and
regulations for legal and regulatory compliances. The student management system required to
access personal information of the students and therefore rules and regulations related to data
security and data privacy is applicable in this context.
These laws and regulations are described in details in this context:
The Privacy Act 1988:
This is a privacy regulation act which regulates processing of personal information about
individuals. The privacy act was introduced for promoting and protecting privacy of
individuals. It regulates how government agencies and organizations with annual turnover
exceeding $3 million including other organizations as well process personal information
(OAIC 2019). The Privacy Act consists of 13 Australian Privacy Principles (APPs), which is
applicable to some private sector organisations and most of the Australian Government
agencies as well. These are together known as ‘APP entities’.
Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Amending Act):
The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (the Act) introduces the
Australian Privacy Principles (APPs), which is a combination and replacement of the
National Privacy Principles and the Information Privacy Principles that are contained in
the Privacy Act 1988 (Cth). The APPs makes it mandatory for organizations to comply with
the rules provided for “collection, storage, security, use, disclosure, access and correction of
Description of laws or regulations the University A needs to comply with from privacy
and security perspective
In order to implement student management system, the University A needs to comply with
applicable rules and regulations from privacy and security perspective.
While designing student management system it is important to identify applicable rules and
regulations for legal and regulatory compliances. The student management system required to
access personal information of the students and therefore rules and regulations related to data
security and data privacy is applicable in this context.
These laws and regulations are described in details in this context:
The Privacy Act 1988:
This is a privacy regulation act which regulates processing of personal information about
individuals. The privacy act was introduced for promoting and protecting privacy of
individuals. It regulates how government agencies and organizations with annual turnover
exceeding $3 million including other organizations as well process personal information
(OAIC 2019). The Privacy Act consists of 13 Australian Privacy Principles (APPs), which is
applicable to some private sector organisations and most of the Australian Government
agencies as well. These are together known as ‘APP entities’.
Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Amending Act):
The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (the Act) introduces the
Australian Privacy Principles (APPs), which is a combination and replacement of the
National Privacy Principles and the Information Privacy Principles that are contained in
the Privacy Act 1988 (Cth). The APPs makes it mandatory for organizations to comply with
the rules provided for “collection, storage, security, use, disclosure, access and correction of
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3ANALYSIS OF PRIVACY POLICY
personal information acquired by an organisation” (Legislation.gov.au. 2019). In this context,
personal information refers to any information which is capable of identifying an individual.
Privacy Amendment (Notifiable Data Breaches) Act 2017
The Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) is an amendment to
the Privacy Act 1988 (Cth) (Privacy Act) which makes it mandatory for entities that are
regulated by the Privacy Act to notify “eligible data breach” to the owner of the data (OAIC
2019). In previous data protection and privacy act, it was not required to notify individuals
about the data breach, however introduction of this new amendment requires organizations to
not only identify data breach, but to provide notification about the data breach as well.
Description of the obligations of University A under those laws and regulations
There are various obligations that the University A needs to consider that are provided in the
laws and regulations.
The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (the Act) provides the
Australian Privacy Principles (APPs), which is a combination and replacement of the
National Privacy Principles and the Information Privacy Principles that are contained in
the Privacy Act 1988 (Cth).
Therefore, while discussing about obligations for The Privacy Amendment (Enhancing
Privacy Protection) Act 2012 (the Act), it applies to the Privacy Act 1988 (Cth) as well.
The Australian Privacy Principles (APPs) includes 13 privacy principles which are (OAIC
2019):
APP 1 — Open and transparent management of personal information
According to this privacy principle, the APP entities need to ensure that management of
personal information is open and transparent. This requires to provide an APP privacy policy
personal information acquired by an organisation” (Legislation.gov.au. 2019). In this context,
personal information refers to any information which is capable of identifying an individual.
Privacy Amendment (Notifiable Data Breaches) Act 2017
The Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) is an amendment to
the Privacy Act 1988 (Cth) (Privacy Act) which makes it mandatory for entities that are
regulated by the Privacy Act to notify “eligible data breach” to the owner of the data (OAIC
2019). In previous data protection and privacy act, it was not required to notify individuals
about the data breach, however introduction of this new amendment requires organizations to
not only identify data breach, but to provide notification about the data breach as well.
Description of the obligations of University A under those laws and regulations
There are various obligations that the University A needs to consider that are provided in the
laws and regulations.
The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (the Act) provides the
Australian Privacy Principles (APPs), which is a combination and replacement of the
National Privacy Principles and the Information Privacy Principles that are contained in
the Privacy Act 1988 (Cth).
Therefore, while discussing about obligations for The Privacy Amendment (Enhancing
Privacy Protection) Act 2012 (the Act), it applies to the Privacy Act 1988 (Cth) as well.
The Australian Privacy Principles (APPs) includes 13 privacy principles which are (OAIC
2019):
APP 1 — Open and transparent management of personal information
According to this privacy principle, the APP entities need to ensure that management of
personal information is open and transparent. This requires to provide an APP privacy policy
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4ANALYSIS OF PRIVACY POLICY
that is properly up to date. Along with this, the features of the policy should be clearly
expressed so that the privacy policy is interpreted by anyone and it is required to ensure an
open and transparent privacy policy.
APP 2 — Anonymity and pseudonymity
The university A should provide individual option for not identifying them if they do not
want to. However, exception is also allowed if the university thinks that the identification of
individual is required to provide services to them effectively and efficiently as well.
APP 3 — Collection of solicited personal information:
If the personal information is solicited, then it needs to be properly analysed and needs to
consider higher standards in case of sensitive information.
APP 4 — Dealing with unsolicited personal information:
While collecting unsolicited personal information, it still requires to ensure that the owner is
aware of that information that is being collected
APP 5 — Notification of the collection of personal information:
While collecting personal information, the university needs to notify the individual student or
needs to ensure that the student is aware of this process of data collection
APP 6 — Use or disclosure of personal information:
While disclosing personal information of the students it is required to ensure that the
information is being disclosed for the purpose that it was collected.
APP 7 — Direct marketing:
that is properly up to date. Along with this, the features of the policy should be clearly
expressed so that the privacy policy is interpreted by anyone and it is required to ensure an
open and transparent privacy policy.
APP 2 — Anonymity and pseudonymity
The university A should provide individual option for not identifying them if they do not
want to. However, exception is also allowed if the university thinks that the identification of
individual is required to provide services to them effectively and efficiently as well.
APP 3 — Collection of solicited personal information:
If the personal information is solicited, then it needs to be properly analysed and needs to
consider higher standards in case of sensitive information.
APP 4 — Dealing with unsolicited personal information:
While collecting unsolicited personal information, it still requires to ensure that the owner is
aware of that information that is being collected
APP 5 — Notification of the collection of personal information:
While collecting personal information, the university needs to notify the individual student or
needs to ensure that the student is aware of this process of data collection
APP 6 — Use or disclosure of personal information:
While disclosing personal information of the students it is required to ensure that the
information is being disclosed for the purpose that it was collected.
APP 7 — Direct marketing:
5ANALYSIS OF PRIVACY POLICY
It is not allowed to use or disclose personal information of the students for advertising about
product or services that the university provides, however exception is allowed, but for that
proper justification in that context is required.
APP 8 — Cross-border disclosure of personal information:
If the university A discloses personal information overseas, it is the responsibility of the
university to ensure the privacy of the information.
APP 9 — Adoption, use or disclosure of government related identifiers:
If the university A consider identifiers provided by the government as identifier of the
university for the students, then it needs to provide proper context for using and disclosing
those information.
APP 10 — Quality of personal information:
The university needs to ensure that the personal information that is collected is accurate, up to
date and complete.
APP 11 — Security of personal information:
The university A needs to ensure that the personal information that it collects about the
students is secure from access that is not authorized. Along with that it is also required to
ensure that the information is not modified or disclosed without permission of the owner of
the information.
APP 12 — Access to personal information:
If the owner of the information or the students request to provide access to their information,
then the university needs to provide them access to their information. However, exception is
allowed and the university might not provide student access to their information. It is
It is not allowed to use or disclose personal information of the students for advertising about
product or services that the university provides, however exception is allowed, but for that
proper justification in that context is required.
APP 8 — Cross-border disclosure of personal information:
If the university A discloses personal information overseas, it is the responsibility of the
university to ensure the privacy of the information.
APP 9 — Adoption, use or disclosure of government related identifiers:
If the university A consider identifiers provided by the government as identifier of the
university for the students, then it needs to provide proper context for using and disclosing
those information.
APP 10 — Quality of personal information:
The university needs to ensure that the personal information that is collected is accurate, up to
date and complete.
APP 11 — Security of personal information:
The university A needs to ensure that the personal information that it collects about the
students is secure from access that is not authorized. Along with that it is also required to
ensure that the information is not modified or disclosed without permission of the owner of
the information.
APP 12 — Access to personal information:
If the owner of the information or the students request to provide access to their information,
then the university needs to provide them access to their information. However, exception is
allowed and the university might not provide student access to their information. It is
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6ANALYSIS OF PRIVACY POLICY
however important to note that in those context, the university has to provide proper
justification for that.
APP 13 — Correction of personal information:
If the information about the students requires correction, then the university has to ensure that
required corrections are made which is essential for ensuring that the personal information
that is collected is accurate as well.
Importance of those obligations and the consequence if data is breached
Due to advancement of technology, today most of the services are provided online. It not
only enhances the efficiency of the services, but also ensures that it is available to most of the
people in less time. However, in order to provide these services will require access to various
type of information of which access to personal information is an important consideration.
Now most of the time, individuals are not aware of what type of personal information is
collected and how they are processed (McIlwraith 2016). If there is no proper framework for
collection of personal information, it will be difficult for organizations to identify what type
of information is allowed to collect and how it should be processed to provide service to the
individual.
The university is planning to design and deploy an online student management system, they
will require to collect and process various information for ensuring that services are properly
provided to the students. Therefore, the university needs to access personal information about
the students and therefore they need to ensure that this is done with proper reference to the
laws and regulations. When the university ensures this, there are some benefits which
include:
A detailed and effective framework for collection of personal information
however important to note that in those context, the university has to provide proper
justification for that.
APP 13 — Correction of personal information:
If the information about the students requires correction, then the university has to ensure that
required corrections are made which is essential for ensuring that the personal information
that is collected is accurate as well.
Importance of those obligations and the consequence if data is breached
Due to advancement of technology, today most of the services are provided online. It not
only enhances the efficiency of the services, but also ensures that it is available to most of the
people in less time. However, in order to provide these services will require access to various
type of information of which access to personal information is an important consideration.
Now most of the time, individuals are not aware of what type of personal information is
collected and how they are processed (McIlwraith 2016). If there is no proper framework for
collection of personal information, it will be difficult for organizations to identify what type
of information is allowed to collect and how it should be processed to provide service to the
individual.
The university is planning to design and deploy an online student management system, they
will require to collect and process various information for ensuring that services are properly
provided to the students. Therefore, the university needs to access personal information about
the students and therefore they need to ensure that this is done with proper reference to the
laws and regulations. When the university ensures this, there are some benefits which
include:
A detailed and effective framework for collection of personal information
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7ANALYSIS OF PRIVACY POLICY
Comprehensive idea regarding processing of personal information with proper
reference to the data privacy law
Strategy for managing legal consequences due to issues in data security and data
privacy
Assistance for the government for increasing data security and data privacy
However, if the university does not comply with the legal obligations as already described
then in case there is issues regarding processing of personal information such as data breach,
then there might be several legal consequences, even ban on the university from providing
education to the students.
The Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) makes it mandatory for
the organization to notify its owner about the data breach. Whether the data breach is due to
the fault of the university or not, notifying the data owner is essential. After there is a data
breach, the university need to review the data breach and if there is possibility of any
significant harm that is identified after the assessment of the data breach (OAIC 2019). If
there is any eligible data breach is identified, then it requires to report to the Australian
Information Commissioner along with the possible affected party as soon as possible. The
notification needs to clearly specify the type of data breach, the specific information that is
affected and how the party who is effected in the data breach need to respond to the data
breach.
It is important to note that, even though the university notifies about the data breach, an audit
might be conducted by the Australian Information Commissioner and if any discrepancy is
found like if the data breach is due to lack of integration of proper security measures, then the
university needs to provide large amount as fine and might be liable for legal actions as well
as decided by the commissioner.
Comprehensive idea regarding processing of personal information with proper
reference to the data privacy law
Strategy for managing legal consequences due to issues in data security and data
privacy
Assistance for the government for increasing data security and data privacy
However, if the university does not comply with the legal obligations as already described
then in case there is issues regarding processing of personal information such as data breach,
then there might be several legal consequences, even ban on the university from providing
education to the students.
The Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) makes it mandatory for
the organization to notify its owner about the data breach. Whether the data breach is due to
the fault of the university or not, notifying the data owner is essential. After there is a data
breach, the university need to review the data breach and if there is possibility of any
significant harm that is identified after the assessment of the data breach (OAIC 2019). If
there is any eligible data breach is identified, then it requires to report to the Australian
Information Commissioner along with the possible affected party as soon as possible. The
notification needs to clearly specify the type of data breach, the specific information that is
affected and how the party who is effected in the data breach need to respond to the data
breach.
It is important to note that, even though the university notifies about the data breach, an audit
might be conducted by the Australian Information Commissioner and if any discrepancy is
found like if the data breach is due to lack of integration of proper security measures, then the
university needs to provide large amount as fine and might be liable for legal actions as well
as decided by the commissioner.
8ANALYSIS OF PRIVACY POLICY
Procedure for the University A and its workforce to demonstrate the compliance
In order to demonstrate the compliance, the university A needs to follow the following
procedures (Yazdanmehr and Wang 2016):
Privacy audit:
Privacy audit is an effective way to demonstrate what type of information is collected by the
organization. Along with this, it also provides a detailed description of how these information
are used, stored and disclosed by the university A. an audit also provides information
regarding strategies and procedures that are implemented by the organization to ensure
security and privacy of the information. Therefore, an audit will help to determine if the
information collection and information privacy is in accordance with the rules and regulations
of the privacy acts that are applicable for the organizations.
Privacy policy:
Privacy policy providing a detailed description of organizational aims and objectives
regarding the strategies for ensuing privacy of information needs to be designed. It should
define how the organization actually approaches security as well as privacy of the
information that the university collects and process. It also describes what type of information
is really collected and what type of information is not collected. Now this is an essential
information to demonstrate whether the university is considering the recommendations and
principles of the Australian privacy act and if so then to what extent. Therefore, a policy
document should be prepared and if required should be verified with the government agency
for ensuring that the policy is in compliance with the applicable rules and regulations.
Design an effective framework for security assessment:
It is important for the university A to design an effective security framework which will
provide a comprehensive strategy to the employees of the university to process information
Procedure for the University A and its workforce to demonstrate the compliance
In order to demonstrate the compliance, the university A needs to follow the following
procedures (Yazdanmehr and Wang 2016):
Privacy audit:
Privacy audit is an effective way to demonstrate what type of information is collected by the
organization. Along with this, it also provides a detailed description of how these information
are used, stored and disclosed by the university A. an audit also provides information
regarding strategies and procedures that are implemented by the organization to ensure
security and privacy of the information. Therefore, an audit will help to determine if the
information collection and information privacy is in accordance with the rules and regulations
of the privacy acts that are applicable for the organizations.
Privacy policy:
Privacy policy providing a detailed description of organizational aims and objectives
regarding the strategies for ensuing privacy of information needs to be designed. It should
define how the organization actually approaches security as well as privacy of the
information that the university collects and process. It also describes what type of information
is really collected and what type of information is not collected. Now this is an essential
information to demonstrate whether the university is considering the recommendations and
principles of the Australian privacy act and if so then to what extent. Therefore, a policy
document should be prepared and if required should be verified with the government agency
for ensuring that the policy is in compliance with the applicable rules and regulations.
Design an effective framework for security assessment:
It is important for the university A to design an effective security framework which will
provide a comprehensive strategy to the employees of the university to process information
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9ANALYSIS OF PRIVACY POLICY
securely so that it is easier to ensure that there is less chance of data breach. No matter what
is the privacy policy that the university consider, if there is no proper framework that
provides context for applying those policy, then it is not easy to demonstrate compliance with
the privacy regulation. Therefore, designing and implementing a security assessment
framework is essential in this context because it determines how effective the security policy
is for ensuring privacy of the personal information.
Description of additional areas that need to be considered in the initiative
Although integrating applicable laws and regulations is an excellent way to ensure privacy of
personal information, it is not only enough to identify those regulations and design a privacy
policy. There are some additional requirements as well that needs to be considered.
These requirements are:
Evaluating appropriate technology for designing and implementing the student management
system:
In order to ensure data privacy it is extremely important for properly assessing the technology
that is considered for designing and implementing the student management system. If in-
house system development is considered then it will increase the cost for the infrastructure
development. However, if SaaS solution is considered then, it will significantly decreases the
cost for infrastructure, but there might be security issues as these services are maintained by
third party cloud providers (Watts and Casanovas 2018). Whether, for in-house system, the
university A will have more control on how information is collected, stored, processed and
disclosed, therefore enhancing data security and data privacy. However, in SaaS solution
there is another additional benefit that is data is automatically backed up and in case if there
is any data breach, the university will have access to this data, increasing data availability and
data security as well. For in-house system development, data backup is not done
securely so that it is easier to ensure that there is less chance of data breach. No matter what
is the privacy policy that the university consider, if there is no proper framework that
provides context for applying those policy, then it is not easy to demonstrate compliance with
the privacy regulation. Therefore, designing and implementing a security assessment
framework is essential in this context because it determines how effective the security policy
is for ensuring privacy of the personal information.
Description of additional areas that need to be considered in the initiative
Although integrating applicable laws and regulations is an excellent way to ensure privacy of
personal information, it is not only enough to identify those regulations and design a privacy
policy. There are some additional requirements as well that needs to be considered.
These requirements are:
Evaluating appropriate technology for designing and implementing the student management
system:
In order to ensure data privacy it is extremely important for properly assessing the technology
that is considered for designing and implementing the student management system. If in-
house system development is considered then it will increase the cost for the infrastructure
development. However, if SaaS solution is considered then, it will significantly decreases the
cost for infrastructure, but there might be security issues as these services are maintained by
third party cloud providers (Watts and Casanovas 2018). Whether, for in-house system, the
university A will have more control on how information is collected, stored, processed and
disclosed, therefore enhancing data security and data privacy. However, in SaaS solution
there is another additional benefit that is data is automatically backed up and in case if there
is any data breach, the university will have access to this data, increasing data availability and
data security as well. For in-house system development, data backup is not done
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10ANALYSIS OF PRIVACY POLICY
automatically, it needs to be done by the university and along with that it requires significant
cost for system maintenance as well. Therefore, evaluation of appropriate technology is an
additional requirement for this initiative and it should be considered in this context by the
university as well.
Training:
How effectively data is processed by the university employees will significantly impact the
security and privacy of the data. However, to ensure this only security policy is not enough, it
requires skilled employees to implement this policy (Mikolic-Torreira et al. 2017). If the
persons who are processing the data do not know what are the possible security and privacy
issues of the data, then it is not easy to ensure that the strategies provided in the privacy
policy are being implemented effectively.
Therefore, training is required for the people who will have access to these data. The training
should provide them details like how to categorize data according to the level of privacy and
security control for those data should be decided according to that. However, it is not only
important to provide training to the employees, it is also required to ensure that the students
are aware of this process. A detailed manual should be provided to the students that should
provide them assistance to decide how to store their information into the student management
system (Bennett and Raab 2017). To ensure privacy of the information, it is not enough that
the university design strategies and implement that without considering the involvement of
the owner of the information. The students are also responsible for ensuring privacy of their
data and therefore designing a manual for the students is also an important requirement in this
context and needs to be considered as well.
automatically, it needs to be done by the university and along with that it requires significant
cost for system maintenance as well. Therefore, evaluation of appropriate technology is an
additional requirement for this initiative and it should be considered in this context by the
university as well.
Training:
How effectively data is processed by the university employees will significantly impact the
security and privacy of the data. However, to ensure this only security policy is not enough, it
requires skilled employees to implement this policy (Mikolic-Torreira et al. 2017). If the
persons who are processing the data do not know what are the possible security and privacy
issues of the data, then it is not easy to ensure that the strategies provided in the privacy
policy are being implemented effectively.
Therefore, training is required for the people who will have access to these data. The training
should provide them details like how to categorize data according to the level of privacy and
security control for those data should be decided according to that. However, it is not only
important to provide training to the employees, it is also required to ensure that the students
are aware of this process. A detailed manual should be provided to the students that should
provide them assistance to decide how to store their information into the student management
system (Bennett and Raab 2017). To ensure privacy of the information, it is not enough that
the university design strategies and implement that without considering the involvement of
the owner of the information. The students are also responsible for ensuring privacy of their
data and therefore designing a manual for the students is also an important requirement in this
context and needs to be considered as well.
11ANALYSIS OF PRIVACY POLICY
References:
Bennett, C.J. and Raab, C.D., 2017. The governance of privacy: Policy instruments in global
perspective. Routledge.
Legislation.gov.au. (2019). Privacy Amendment (Enhancing Privacy Protection) Act 2012.
[online] Available at: https://www.legislation.gov.au/Details/C2012A00197 [Accessed 27
Sep. 2019].
McIlwraith, A., 2016. Information security and employee behaviour: how to reduce risk
through employee education, training and awareness. Routledge.
Mikolic-Torreira, I., Snyder, D., Price, M., Shlapak, D.A., Beaghley, S.M., Bishop, M.,
Harting, S.J., Oberholtzer, J., Pettyjohn, S., Weinbaum, C. and Westerman, E.,
2017. Exploring Cyber Security Policy Options in Australia. RAND.
OAIC. (2019). Australian Privacy Principles quick reference. [online] Available at:
https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-
quick-reference/ [Accessed 27 Sep. 2019].
OAIC. (2019). Notifiable data breaches. [online] Available at:
https://www.oaic.gov.au/privacy/notifiable-data-breaches/ [Accessed 27 Sep. 2019].
Watts, D. and Casanovas, P., 2018. Privacy and Data Protection in Australia: a Critical
overview.
Yazdanmehr, A. and Wang, J., 2016. Employees' information security policy compliance: A
norm activation perspective. Decision Support Systems, 92, pp.36-46.
References:
Bennett, C.J. and Raab, C.D., 2017. The governance of privacy: Policy instruments in global
perspective. Routledge.
Legislation.gov.au. (2019). Privacy Amendment (Enhancing Privacy Protection) Act 2012.
[online] Available at: https://www.legislation.gov.au/Details/C2012A00197 [Accessed 27
Sep. 2019].
McIlwraith, A., 2016. Information security and employee behaviour: how to reduce risk
through employee education, training and awareness. Routledge.
Mikolic-Torreira, I., Snyder, D., Price, M., Shlapak, D.A., Beaghley, S.M., Bishop, M.,
Harting, S.J., Oberholtzer, J., Pettyjohn, S., Weinbaum, C. and Westerman, E.,
2017. Exploring Cyber Security Policy Options in Australia. RAND.
OAIC. (2019). Australian Privacy Principles quick reference. [online] Available at:
https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-
quick-reference/ [Accessed 27 Sep. 2019].
OAIC. (2019). Notifiable data breaches. [online] Available at:
https://www.oaic.gov.au/privacy/notifiable-data-breaches/ [Accessed 27 Sep. 2019].
Watts, D. and Casanovas, P., 2018. Privacy and Data Protection in Australia: a Critical
overview.
Yazdanmehr, A. and Wang, J., 2016. Employees' information security policy compliance: A
norm activation perspective. Decision Support Systems, 92, pp.36-46.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.