DATA LAW PRIVACY AND CYBERCRIME Notes

docx

School

Deakin University *

*We aren’t endorsed by this school

Course

444

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

6

Uploaded by mattmechka

Report
DATA LAW PRIVACY AND CYBERCRIME 1.1 INTRODUCTION DATA PROTECTION IN AUSTRALIA - Australia regulates data privacy and protection through federal, state and territory laws - E.g. privacy act 1988 (cth) (privacy act) and the Australian privacy principles (APPS) Privacy act 1988 - Regulates the handling of personal information by relevant entities - Privacy commissioner has authority to conduct investigations - Most states (except WA and Sa) have their data protection legislation (privacy and data protection act 2014 vic) Other acts - Telecommunication act - Criminal code act - National health act - Health records and information privacy act - Health records act - Workplace surveillance act CONSUMER DATA RIGHT - CDR allows a consumer to obtain specific data held about that consumer by a 3 rd party - CDR allows data to be given to accredited third parties for certain purposes - CDR allows consumers to compare and switch between products and services, as well as encouraging competition between service providers - CDR is regulated by the Australia Competition and Consumer Commission ACCC and the Office of the Australian Information Commissioner (OAIC) PERSONAL DATA - Referred to as personal information in Australia - Information or an opinion about an identified invidiual or and individual who is reasonably identifiable - Whether the information or opinion is true or not - Whether the information or opinion is recorded in material form or not COLLECTION AND PROCESSING OF DATA - Organisations may not collect personal information unless the information is reasonably necessary for one or more of their business functions or activities NOTIFICATION REQUIREMENTS - Organisations must provide individuals with the required notice on receipt of personal information from a third party though they did not collect personal information directly from the individual DISCLOSURE OF PERSONAL INFORMATION - Organisation must not use or disclose personal information aobut an idnvidual unless one or more of the following applies: PI was collected for a purpose and the indivudal would reasonably expect the organisation to use or disclose the information Idnvidual consents Information is not sensitive information A permitted health situation exists
It is required or authroised by law SENSITIVE PERSONAL DATA - Information or an opinion about; racial or ethnic origin, political opinions, membership of a political association, religious beliefs 1.2 BIG DATA INTRODUCTION - Big data is no longer a new phenomenon - Data does not lose its value after processing and use DEVELOPMENT OF NEW TECHNOLOGIES - Collecting data and creating large information databases will present unique legal challenges to governments and the private sector - Regulation is necessary to protect market participants, consumers and companies - What is a fair data market - Governments and regulators attempt to keep pact. Private companies with extensive data holding try to avoid regulations e.g. facebook, google, apple. Protection of big data - Protecting big data is fundamental to promoting innovation and competition - Flow of data is crucial to the wellbeing of companies - Protection of privacy as a fundamental right Policy challenges - Risk of algorithmic collusion - Risk of businesses using big data to personalise prices - Risk of data intensive companies reducing consumer privacy
A company perspective - Why do companies collect large amounts of personal data ? - Data monetisation and customisation - Data protection laws often require companies to obtain user consent for collecting and storing personal data TOPIC 2: INTRODUCTION TO CONSUMER DATA RIGHT - IN 2018 the federal government announced that it would introduce legislation ot enact consumer data right a form of data portability giving austrlians ownership of consumer data - The CDR scheme would initially cover banking and then progressively be rolled out to cover different industry sectors - Amend competition and consumer act and privacy act CONSUMER DATA RIGHT - Mechanism for enabling individual and business consumers to access information about themselves and their service providers products - CDR system revolves arounds several key concepts - CDR data – information that has been specified as falling within a class of information that is to be regulated by the new scheme - CDR consumer – person to whom the CDR data relates - DATA HOLDER – entity that holds the original data or which holds information directly or indirectly derived from the original data - Accredited data recipient – person formally authorised under the scheme to receive CDR data - Designated gateway – person specified as having the authority to receive and disseminate CDR data on behalf of the members of a designated industry group
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Privacy and the CDR - Office of the OAIC independent national regulator for privacy and freedom of information - OAIC regulates the privacy aspects of the CDR scheme - Integrity of the CDR system is upheld by the privacy safeguards which set out the privacy rights and obligations for participants in the CDR - Privacy safeguards are contained in the competition and consumer act and supplemented by the CDR rules
2.2 CDR PRIVACY SAFEGUARDS AND OAIC GUIDELINES - CDR Involves sharing sensitive customer data - Pt IVD of the CCA contains robust CDR privacy safeguards - 13 privacy safeguards contained in sch 2 of the privacy act Coregulation - Two regulators with responsibility for CDR
- ACCC is the lead regulator with of the responsibility for the CDR - OAIC responsibilities relate to privacy issues and the protection of customer data - Regulators are supported by information sharing powers and delegation OAIC guidelines - Not legal binding, rather they are a guide for businesses to the OAIC expectations - Promotes best practice for compliance with privacy requirements of CDR CDR PRIVACY SAFEGUARDS Includes: - CDR entities (accredited data recipients, data holders and desingated gateways) need to have a clear and up to date policies about how they manage CDR data - OAIC guidelines provide examples of practices procedures nad systems that CDR entities should implement - Informed and express consent from customers is required - Accredited persons and data holders must provides customers with a dashboard - Accredited data recipients must implement a formal governance framework - CDR data must destroyed or deidentified by an accredited data recipient once it is no longer needed ACCREDITATION - Only entiteies accredited by the ACCC will be permitted to receive and use CDR data, criteria area as follows: - Information security - Insurance - Fit and proper - Dispute resolution CDR COMPLIANCE AND ENFORCEMENT POLICY - Compliance and enforcement policy for the CDR sets out the approach the ACCC and OAIC will adopt towards part IVD of the CCA, the rules and the consumer data standards - The polocy states that both regulators will focus on the areas which could cause significant harm to the CDR system - Activities may include refuses to disclose consumer data, misleading and deceptive conduct and intentional misuse or improper disclosure of CDR consumer data.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

lab4(1).pdf
Assignment 1_Security Assessment.docx
lab2(1).pdf
lab1.pdf
NESC506 Research Proposal.docx
Assignment 3_0300238003.docx
1.docx
1.docx
1.docx
1.docx
1.docx
week 5 assignment.docx