Page 184 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 184

Information  Security and Privacy




                    Notes                   proficient  in  writing that the  information  is necessary in  connection with  the
                                            performance of the functions of ASIO.
                                       (j)  The Australian Secret Intelligence Service (ASIS) has demanded the organization to
                                            disclose the information, the revelation is made to an officer or employee of ASIS.
                                       (k)  Authorized by the Director-General of ASIS to obtain the information and an officer
                                            or employee of ASIS authorized by the Director-General of ASIS to do so has proficient
                                            in writing that the information is essential in connection with the performance of
                                            the functions of ASIS.




                                     Notes  It is not proposed to deter agencies from lawfully assisting with law enforcement
                                     agencies in the concert of their functions. This does not prevail any existing legal obligations
                                     not  to reveal  personal  information  and  does  not  need  an agency  to reveal  personal
                                     information. An agency is always entitled not to reveal personal information in the absence
                                     of a legal obligation to reveal it.

                                   2.  An agency is also accountable to the needs of IPP 9 if it transfers personal information to
                                       a person outside the Territory.
                                   3.  If an agency uses or revelations personal information to a law enforcement agency, the
                                       agency must make a printed note of the use or revelation.

                                   12.9.3 IPP 3: Data Quality

                                   Ensure that your personal information is:
                                   1.  Accurate

                                   2.  Complete
                                   3.  Up to date
                                   4.  Principle
                                   An agency must take sensible steps to make sure that the personal information it collects uses or
                                   discloses is accurate, absolute and up to date.

                                   12.9.4 IPP 4: Data Security

                                   Take sensible steps to defend personal information from misuse, loss, unauthorized  access,
                                   alteration or revelation. This principle includes the following:

                                   1.  An agency must take sensible  steps to defend the personal information  it holds from
                                       mistreatment and loss and from unauthorized access, alteration or revelation.
                                   2.  An  agency must  take  sensible  steps  to  destroy or  enduringly  de-identify  personal
                                       information if it is no longer required for any reason.

                                   12.9.5 IPP 5:  Openness

                                   Document evidently articulated polices on organization of personal information and offer the
                                   policies to anyone who asks. This principle includes the following:
                                   1.  All agencies should expand clear privacy policies and offer the policies to anyone who
                                       asks.



          178                               LOVELY PROFESSIONAL UNIVERSITY
   179   180   181   182   183   184   185   186   187   188   189