Page 187 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 187

Unit 12: Security Metrics and Privacy




               (b)  make the improvement or provide reasons for refusing to make it, or         Notes
               (c)  offer reasons for the delay in responding to the request.




              Task  Differentiate freedom of information from information privacy.


          12.9.7 IPP 7: Identifiers

          It restricts  the adoption and sharing of unique identifiers. It is intended to maximize cross-
          matching of data across agencies.
          A unique identifier is typically a number  allocated to an individual in order to identify the
          person for the reasons of an agency’ operations.

                 Example: A tax file number, drivers licence number, data collection identifier.

          This principle restricts the sharing of unique identifiers between agencies. It offers a safeguard
          against the creation of a single identifier that could be used to cross-match data across agencies.
          This principle includes the following:

          1.   An  agency must not assign unique identifiers to individuals, unless it  is necessary to
               enable the agency to perform its functions efficiently.
          2.   An agency must not adopt a unique identifier of an individual that has been assigned by
               another agency unless:
               (a)  it is essential to enable the agency to perform its functions efficiently;
               (b)  it has obtained the permission of the individual to do so, or

               (c)  it is an outsourcing agency accepting the unique  identifier created by a contract
                    service provider in the concert of its obligations to the outsourcing agency under a
                    service contract.
          3.   An agency must not utilize or reveal a unique identifier allocated to an individual  by
               another agency unless:

               (a)  the use or revelation is essential for the agency to fulfil its obligations to that other
                    agency;
               (b)  it has received the consent of the individual to the use or disclosure, or

               (c)  the agency reveals personal  information  about  an  individual  for a  reason  (the
                    secondary purpose) other than the primary purpose for collecting it, if:
                    (i)  an agency reasonably considers that the use or revels is essential to lessen or
                         prevent a serious and looming threat to the individual’s or another individual’s
                         life, health or safety; or a serious danger to public health or public safety;

                    (ii)  an agency has cause to suspect that unlawful activity has been, is being or may
                         be occupied in and uses or discloses the information as a necessary part of its
                         investigation of the matter or in reporting its issues to relevant persons or
                         authorities;
                    (iii)  the use or disclosure is required or authorised by law;





                                           LOVELY PROFESSIONAL UNIVERSITY                                   181
   182   183   184   185   186   187   188   189   190   191   192