Page 189 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 189

Unit 12: Security Metrics and Privacy




          This opinion is intended to make sure that steps are taken to defend the privacy of personal  Notes
          information if it is sent to a third party exterior the Northern Territory, either throughway or
          overseas. It recognizes that in a worldwide information economy, it is significant to consider
          the manners in which personal information may be conveyed. For instance, personal information
          may be gathered in a jurisdiction that has information privacy in place, but then be transmitted
          for processing offshore and arrive in a authority that has no privacy security in place.
          This principle includes the following:

          1.   An agency must not transport personal information regarding an individual to a person
               (other than the individual) outside the Territory unless:
               (a)  the  transfer  is  necessary  or  authorised  under  a  law  of  the  Territory  or  the
                    Commonwealth;
               (b)  the agency reasonably considers that the person receiving the information is subject
                    to a law, or a contract or other lawfully binding arrangement, that requires  the
                    person to comply with principles for managing the information that are substantially
                    similar to the Northern Territory IPPs;
               (c)  the individual approval to the transfer;
               (d)  the transfer is essential for the performance of a contract among the agency and the
                    individual or for the execution of pre-contractual measures taken in response to the
                    individual’s request;
               (e)  the transfer is essential for the performance or completion of a contract among the
                    agency and a third party, the  performance or achievement of which benefits  the
                    person all of the following apply:

                    (i)  the transfer is for the advantage of the individual;
                    (ii)  it is unfeasible to obtain the consent of the individual to the transfer;
                    (iii)  it is probable that the individual would sanction to the transfer;
                    (iv)  the agency has taken rational steps to ensure that the information will not be
                         held, used or revelation by the person to whom it is transported in a manner
                         that is conflicting with the Northern Territory IPPs.

          12.9.10  IPP 10: Sensitive Information

          Here, Compilation of sensitive information is firmly limited. The IPPs permit for a higher level
          of defense for sensitive information. This means information or opinion regarding an individual:
          1.   political choices
          2.   religious or philosophical beliefs

          3.   sexual preferences or practices
          4.   membership of professional associations, trade unions or political groups
          5.   racial or ethnic origin

          6.   criminal record.
          This principle includes the following:
          1.   An agency must not gather sensitive information regarding an individual unless:
               (a)  the individual approval to the collection;




                                           LOVELY PROFESSIONAL UNIVERSITY                                   183
   184   185   186   187   188   189   190   191   192   193   194