protecting business information - topic 10 Flashcards
(44 cards)
Tarasoff v University of California
Student (Tarasoff) who had a classmate go to the university council and confess he wanted to kill tarasoff - she was stalked and killed. parents went to court to sue University however they argued that due to privacy they could not expose information. Judge said no and said this statement “ privacy ends where the public danger begins” - meaning there are limits to the privacy
Privacy Act 1993
implements in NZ international standards relating to the handling of personal information / personal data
- existing legal remedies have difficulty when applied to protecting ordinary / common place facts about individuals (eg where they shop, consumer preferences etc)
- the privacy act catches all such info (unlike the equitable action for confidence and the tort of privacy)
Principle 1 of PA
an organization can only collect personal information relevant to its relative purposes
Principle 2 of PA
personal information must be collected from the subject directly
Principle 3 of PA
subjects must be told info about them is being collected by whom, why and who it is to be shared with
Principle 4 of PA
personal info must not be collected by unfair or intrusive means
Principle 5 of PA
personal info must be held securely
Principle 6 of PA
individuals must be able to access their personal information
Principle 7 of PA
individuals must have the right to request correction of their personal info
Principle 8 of PA
an organizatoin must ensure that person info is up to date and accurate before using it
Principle 9 of PA
personal info must not be keopt for unnecessary longer than it needs to be
Principle 10 of PA
personal info can only be used for the purpose it is collected for
Principle 11 of PA
personal info held by an org must not be disclosed unless this was a purpose it was collected for
Principle 12 of PA
an organization cannot assign the same uniqe identifier that another organisation has assigned to the individual
who is excluded from the privacy act 1993?
the news median are excluded from the principles for ‘news activities’ although they must comply with principle 6 and 7
parliament, courts and tribunals are excluded
personal info collected / held by an individual for their “personal family or household affairs” s56
unsolicited electronic messages act 2007 (spam act)
an unsolicited electronic message is essentially electronic junk mail
section 3 of the Privacy Act 1993
sets out the purposes of the Privacy Act 1993
what is the first purpose of the unsolicited electronic messages act 2007 (spam act)?
prohibit unsolicited commercial electronic messages with a New Zealand link from being sent in order to;
- promote a safer and more secure environment for the use of use of information and communications technologies in new zealand and;
- reduce impediments to the uptake and effective use of information and communication technologies by businesses and the wider community in NZ and;
- reduce the costs to businesses and the wider community that arise from unsolicited commercial electronic messages
express consent =
a direct signal from recipient that they consent to sending the message
inferred consent =
consent arising from the conduct and the business and the other relationships of the sender and the recipient
deemed consent =
the act says demmed consent (s4) if:
- your email address is published In your business capacity, ie on your consumers website; and
- no statement that you do not want to receive unsolicited electronic messages at that electronic address; and
- the message sent is relevant to the business or to the role of the person in a business
s10
accurate sender information
s11
functional unsubscribe facility
s13
address - harvesting software and harvested - address lists must not be used
