E.4 Information privacy

Question 1

What does ‘best practice’ require in the context of privacy legislation?

Answer 1

Compliance with legislation and regulation.

Question 2

What is the current version of the Commonwealth Privacy Act?

Answer 2

Privacy Act 1988, Compilation No. 89, registered on 25 October 2021.

Question 3

What are Australian Privacy Principles (APPs)?

Answer 3

They are principles described in Schedule 1 of the Privacy Act 1988 that guide decision making concerning privacy issues.

Question 4

What does APP#1 concern?

Answer 4

The open and transparent management of personal information.

Question 5

What does APP#2 address?

Answer 5

Anonymity and pseudonymity.

Question 6

What is the focus of APP#3?

Answer 6

The collection of solicited personal information.

Question 7

What does APP#4 deal with?

Answer 7

Unsolicited personal information.

Question 8

What is covered by APP#5?

Answer 8

Notification of the collection of personal information.

Question 9

What does APP#6 concern?

Answer 9

The use or disclosure of personal information.

Question 10

What is the focus of APP#7?

Answer 10

Direct marketing.

Question 11

What does APP#8 address?

Answer 11

Cross-border disclosure of personal information.

Question 12

What is the concern of APP#9?

Answer 12

The adoption, use or disclosure of government-related identifiers.

Question 13

What does APP#10 focus on?

Answer 13

The quality of personal information.

Question 14

What is addressed by APP#11?

Answer 14

The security of personal information.

Question 15

What do APP#12 and APP#13 concern?

Answer 15

Access to and correction of personal information.

Question 16

What is required from organizations subject to the Privacy Act 1988?

Answer 16

To take reasonable steps to implement practices, procedures, and systems that ensure compliance with the APPs.

Question 17

What is the purpose of a Privacy Impact Assessment (PIA)?

Answer 17

To identify the impact a project may have on individuals’ privacy and recommend ways to manage or mitigate that impact.

Question 18

Name the ten steps involved in conducting a PIA.

Answer 18

• Threshold assessment
• Plan the PIA
• Describe the project
• Identify and consult with stakeholders
• Map information flows
• Privacy impact analysis and compliance check
• Privacy management — addressing risks
• Recommendations
• Report
• Respond and review

Question 19

True or False: The OAIC can direct a private sector organization to provide a PIA.

Answer 19

False.

Question 20

What is a significant contemporary issue in information privacy?

Answer 20

Information privacy and the inference economy.

Question 21

How does machine learning affect information privacy?

Answer 21

It facilitates an inference economy that strains privacy protections.

Question 22

What is a potential benefit of facial recognition technology in healthcare?

Answer 22

Overcoming the ‘wrong patient’ risk.

Question 23

What are concerns regarding genetic privacy related to?

Answer 23

The risks posed by sharing genomic sequencing.

Question 24

Fill in the blank: The OAIC’s privacy management framework has _______ steps.

Answer 24

four

Question 25

What is recommended reading for managing data in research?

Answer 25

Management of Data and Information in Research: A guide supporting the Australian Code for the Responsible Conduct of Research.