ATAR Notes: Forum
VCE Stuff => VCE Technology => VCE Mathematics/Science/Technology => VCE Subjects + Help => VCE Computing: Data Analytics => Topic started by: observer7 on November 10, 2011, 09:48:36 am
-
I was wondering if we need to know about the 'Privacy Amendment Act 2000' that supposedly relates to the private sector according to TSSM.
I was doing a a multiple choice Q:
'A child care centre owner is approached by a marketing company to pass over details of their clients. This would be a breach of:'
A) Privacy Act 1988
B) Information Privacy Act 2000
C) Health Records Act 2001
D) Privacy Amendment Act 2000
I naturally chose privacy act 1988 because it does include the private sector, but TSSM said it was D.
.. get on it lasered.
-
I believe that act of legislation is one of the new ones in the study design along with the Charter of Human Rights and responsibilities.
I think a company is only subject to the Federal Privacy Act 1988 if they turn over more than 3 million dollars annually. I like the law questions in IT:A but ones like this are so ambiguous. How much does the company earn? Exactly what data are they collecting?
Be careful with answers from other companies besides VITTA. I've seen some really dodgy questions and wrong answers in a few non VITTA papers.
-
An Amendment Act is just some basic legal knowledge you should be familiar with. It's really just a change to the original act.
You don't violate an amendment - it's not a new act in it's own right - it's merely an addition or whatever to the original act. You violate the original act. If you're interested in it, there was an amendment about Privacy in 2000 http://www.comlaw.gov.au/Details/C2004B00628.
What TSSM have stated as their answer is blatantly incorrect. It would be a violation of the original act - the Privacy Act 1988. EDIT: It would be a violation of the Privacy Act 1988 if they are subject to it, like MJRomeo mentioned, it's ridiculously ambiguous this question.
The legislation in the course are:
Privacy Act 1988
Information Privacy Act 2000 (Vic)
Health Records Act 2001 (Vic)
Copyright Act 1968
Charter of Human Rights and Responsibilities Act 2006 (VIC) (Section 13, 14 and 15)
Spam Act 2003 (Part 1.3, Simplified outline).
That said, Copyright Act 1968. That's had quite a few amendments - like Digital Agenda Amendment 2000, which extended the act to cover digital works. This is not it's own act, hence why when we refer to someone pirating software, they violate the Copyright Act 1968 (which now covers digital acts).
I hope the point I'm trying to get across is clear.
In the case with privacy, take note that Information Privacy Act 2000, Health Records Act 2001 and Charter of Human Rights and Responsibilities are not amendments, they are separate acts in their own right. Those 3 also only apply to Victoria (though other states have their equivalent acts and such).
I think a company is only subject to the Federal Privacy Act 1988 if they turn over more than 3 million dollars annually. I like the law questions in IT:A but ones like this are so ambiguous. How much does the company earn? Exactly what data are they collecting?
Federal Privacy Act 1988 applies to businesses that turn over of $3 million or more annually, profit from trading in personal information (e.g. those credit reporting dudes) and also federal government departments.
Definition of turn over: http://www.austlii.edu.au/au/legis/cth/consol_act/pa1988108/s6da.html
Health Records Act 2001 applies to all Victorian businesses handling health information. Under the Health Records Act, you can pass on health information for research, but only if you cannot identify an individual with the data.
IPA 2000 applies to Victorian government departments (and also people contracted by government departments).
There might have been some finer details I've forgotten to mention.
-
so basically the privacy act 1988 is applicable to all businesses in the private sector and individuals
-
so basically the privacy act 1988 is applicable to all businesses in the private sector and individuals
No, a lot of businesses wouldn't be turning over more than 3 million. Also note that profiting from the trading of personal information basically means selling people's information - not using their information in order to provide a service.
I don't have a source, but I remember reading that 98.9% of businesses turned over less than $3 million in 2001ish.
edit: fixed typo.
-
then what act do small businesses come under?
say the local fruit shop is selling customer details to a farmer in woop woop, what act is that?
-
then what act do small businesses come under?
say the local fruit shop is selling customer details to a farmer in woop woop, what act is that?
They're selling customer details?
That means they're trading personal information - they are subject to the Privacy Act 1988.
-
and if a business that turns over more than 3 million sell info they are subject to?
-
and if a business that turns over more than 3 million sell info they are subject to?
Any business turning over more than 3 million are subject to Privacy Act 1988
-
as well as if they turn over less than 3 million also?
-
I apologise, I take back what I said. I reread the textbook and VCEIT and I did leave out some of the eligibility criteria.
- Commonwealth government departments and ACT government agencies
- Private organisations with turnover over $3m per year*, or
- Any sized private organisation that holds health information, such as medical practices, pharmacies and health clubs (note: this does not include organisations that only store health info in employee records), or
- Any sized private organisation that buys or sells personal information for profit, or
- Any sized private organisation that is contracted to provide a service to the Commonwealth
However, reading other more legal oriented websites, I've seen this:
Trade in personal information, either:
- disclosing personal information for a benefit, service or advantage; or
- providing a benefit, service or advantage to collect an individual's personal information from anyone else (unless the individual consents, or the disclosure or collection is required or authorised by law);
So if they're a small business (turning over less than $3 million) and providing a service by using information, they are subject to The Privacy Act 1988.
Read this: http://www.lawhandbook.org.au/handbook/ch21s05s02.php#
I got that above quote out of the small business exemption bit (which then listed which small businesses are exempt from the exemption :/).
-
Don't stress too much about this guys. VCAA don't expect you to know all of the exact clauses. As long as you know generally what the Act/Amendment covers it's all good.
Since this is a new study design and new laws have been introduced (Spam Act 2003 and the Charter), I think they will receive more attention. When you say laws in ICT most people jump to the Privacy Act. I think VCAA will try and trick people with the copyright amendments personally.
-
On the topic of legislation, there was a question on a VIITA practise exam i was a bit confused about if any of you would be able to explain it that would be brilliant.
Nicholls Landscaping is subcontracted by the Maroondah Council in Victoria to maintain its parklands. It holds personal data about its employees including health information. Which of these laws apply?
A) Privacy Act 1988
B) Health Records Act 2000
C) Information Privacy Act 2001
D) Charter of Human Rights and Responsibilities Act 2006
I went with B because it specified health information but the solutions said it was C, does anyone know why that might be?
-
Nicholls Landscaping is subcontracted by the Maroondah Council in Victoria to maintain its parklands. It holds personal data about its employees including health information. Which of these laws apply?
Answer is wrong. Look at the years.
Question is talking about Victoria Public Sector, so it'd be Information Privacy Act 2000, but also talks about health records, so also Health Records Act 2001. If the year was correct, I'd go for IPA 2000 since there's two items in the question that implies it.
Privacy Act 1998 doesn't apply.
Charter of Human Rights and Responsibilities Act 2006 would be the only valid response, since the year is correct and human rights applies to all humans.
-
Thanks heaps for that, i just assumed the years was a typo and went with the name, would vcaa trick us like that do you think?
-
Thanks heaps for that, i just assumed the years was a typo and went with the name, would vcaa trick us like that do you think?
VCAA fail at writing decent IT exams, so I wouldn't be surprised.
Multiple choice is usually always full of distractors, so it's trying to trick us by nature. I guess a wrong year would allow a student to eliminate it straight off. If they were all the correct years, then it'd be harder - you couldn't eliminate based on recognition. Who knows.
But yeah, if VCAA makes a typo/mistake in multiple choice, then think about it hard and go for the most correct one. Usually with errors in MC, it ends up that everyone gets the right answer (unless a couple of the options were blatantly incorrect). You'll notice this happens a lot on the past IT exams if you read the assessor reports.
-
On the topic of legislation, there was a question on a VIITA practise exam i was a bit confused about if any of you would be able to explain it that would be brilliant.
Nicholls Landscaping is subcontracted by the Maroondah Council in Victoria to maintain its parklands. It holds personal data about its employees including health information. Which of these laws apply?
A) Privacy Act 1988
B) Health Records Act 2000
C) Information Privacy Act 2001
D) Charter of Human Rights and Responsibilities Act 2006
I went with B because it specified health information but the solutions said it was C, does anyone know why that might be?
I didn't like this question, it's apparently C. because subcontractors of the Victorian Government (or local councils, which are subentries of the state government) would be subject to the Information Privacy Act. It could not be B. because they are not a health service provider, and hence that bit about health information is a 'distractor', however it could still be A., in fact if they earn over $3M (or fulfil the criteria mentioned above) they could also come under the Privacy Act.
-
It could not be B. because they are not a health service provider, and hence that bit about health information is a 'distractor'
Health Records Act 2001 applies to non-health service providers as well.
Some evidence based on the less legalese websites:
"The employer needs to ensure that a record of any first aid treatment given is kept by the first aid officer and reported to managers on a regular basis to assist the employer when reviewing risk assessment procedures. These records are subject to the requirements of the Health Records Act 2001."
http://www.health.vic.gov.au/hsc/downloads/trainingpac0303.doc
All health service providers are covered by the Act, including doctors, dentists,counsellors, nurses, pharmacists and alternative therapists. Organisations such as schools, childcare centres, employers, banks, insurance companies, weight loss centres and gymnasiums may not be aware they hold health information. If an organisation holds personal health information then the management of that information is governed by the Act.
That Health comissioner thing does state that health service providers are held to additional standards though. Actually, take a look through the whole link, it's got some neat summaries of the privacy acts and stuff.