Response 967470674

Back to Response listing

Questions about the submitter

What is your name?

Name
Malethy Mohan

Who are you making this submission for?

Please select one item
Myself
Another person
Organisation (including Commonwealth, state, territory or local government agency)

What sector is your organisation a part of?

Please select one item
Private sector – small business
Private sector – medium to large business
Representative body
Legal sector
Not-for-Profit sector
Government (including state and territory)
Academia

What is your position in the organisation?

Position
Engineer

Personal information, de-identification and sensitive information

Should there be a criminal offence for re-identifying de-identified information? What exceptions should apply?

Yes, on most accounts. de-identification needs to have a defined process in areas where harm or to harm is part of the equation

Should consent be required for the collection, use, disclosure and storage of other tracking data, such as health data, heart rate and sleeping schedule, in addition to precise geolocation tracking data?

Yes, consent should be asked. And also allow for cookies selection on all accounts. There should NOT be a forced consent by any merchant to a user as in most websites these days.

Small business exemption

If you are a small business operator, what support from government would be helpful for you to understand and comply with new privacy obligations?

Please select all that apply
Information sessions
Written guidance
Digital modules
Self-assessment tools
Financial rebates or tax concessions for obtaining independent privacy advice
Other

Employee records exemption

How should employers provide enhanced transparency to employees about the purposes for which their personal and sensitive information is collected, used and disclosed?

Yes. and ill expand to recruitment companies as well. As i noticed a lot of data is being collected. sensitive data collected by recruitment companies or even talent groups within organisations. This needs some transparency on how the data of applicants are being collected, used and how their social media profiles are used as well

Noting the current individual rights contained in Australian Privacy Principles 12 and 13, and the proposed individual rights in proposals 18.1, 18.2 and 18.3, what specific exceptions (if any) should apply to these rights in the employment context?

All good

If privacy protections for employees were introduced into workplace relations laws, what role should the privacy regulator have in relation to privacy complaints, enforcement of privacy obligations and development of privacy codes in the employment context?

no experience in this area

Journalism exemption

What additional support, if any, would be needed to assist smaller media organisations to comply with privacy obligations?

No experience here

Additional protections

What additional requirements should apply to mitigate privacy risks relating to the development and use of facial recognition technology and other biometric information?

with increase use of biometric and facial recognition technology, there should also be a safe guard of rules on who bares the responsibility should the information gets leaked.

Research

Should the scope of research permitted without consent be broadened? If so, what should the scope be?

Again transparency on processing, rights to be forgotten, to be informed on where the data will be used and for what purpose

Should there be a single exception for research without consent for both agencies and organisations? If not, what should be the difference in scope for agencies and organisations?

No experience here

Which entity is the most appropriate body to develop guidelines to facilitate research without consent?

No experience

People experiencing vulnerability

What privacy-related issues do APP entities face when seeking to safeguard individuals at risk of financial abuse?

This should be a selection option for the group instead of a blanket assumption that this group/s require help. Either themselves or guardian

How can financial institutions act in the interests of customers who may be experiencing financial abuse or may no longer have capacity to consent?

Better cyber security.
With cashless ATMs sprouting, there has been an increase in fradulent activity of withdrawing money from these cashless ATMs.Redacted text Financial institutions need to beef up their security to protect their customers otherwise bear the cost of lost due to fraudulent activities.

Should the permitted general situations in the Privacy Act be amended to enable disclosure of personal information in safeguarding situations which may not meet the requirements under section 16A, item 1? What other options for reform could be considered to protect people where abuse is suspected while respecting an individual's privacy and personal autonomy?

Agree. Further consultation required to brainstorm ideas

Individual rights

What would the impact of the proposed individual rights be on individuals, businesses and government?

Agree

Are further exceptions required for any of the proposed individual rights?

I think we should not be coaxed into providing consent and be allowed to pick and choose the options regardless of permitting moving onto the next web page

Automated decision-making

What types of decisions are likely to have a legal or similarly significant effect on an individual's rights?

Agree

Should there be exceptions to a right for individuals to request meaningful information about how substantially automated decisions with legal or similarly significant effect are made?

Please select one item
Yes
No
Unsure
Please provide examples of what these exceptions should be
to save Credit Card details or children information on websites where purchases made. Especially for traders outside of Australia and want to operate here

Direct marketing, targeting and trading

What would be the impact of the proposals in relation to direct marketing on individuals, businesses and government?

Agree Fully

What would be the impact of the proposals in relation to targeting on individuals, businesses and government?

There should be a cap on the amount of unsolicited advertising on user's social media pages just because they have visited a particular topic. we have all learnt about cambridge analytica and its profiling methods.
Consumers need to have autonomy to choose content they want to see or be exposed to. Parents need to give consent for kids under 18.

What would be the impact of the proposals in relation to sale of personal information on individuals, businesses and government?

DEfinitely!! consent is required and even payment!

Are there any technical or other challenges you would face in providing information about how your algorithms target users to provide them with online content or recommendations?

that groups are stereotyped and diverse feedback across all backgrounds, ethinicity etc is not taken to account. providing bias results to the information attained

Please share any examples of situations where greater transparency about how individuals are being targeted by recommender algorithms is not necessary or important to individual or societal wellbeing.

Targeting children and keeping them glued to the screen!!! Transparency on algorithms targeting children under 18 needs to be exposed and controlled

Security and destruction

What baseline privacy outcomes should be included in APP 11?

Australian Cyber secutity laws need to be strengthened. and who is responsible and how compensation is administered

What are the barriers APP entities face to minimise collection and retention of identity credential information (e.g. reference numbers from, or copies of, drivers’ licences and passports)?

No experience

Controllers and processors

If small business non-APP entities that process information on behalf of APP entities are brought into the scope of the Act for their handling of personal information on behalf of the APP entity controller, what support should be provided to small businesses to assist them to comply with the obligations on processors?

NO experience

Overseas data flows

Should the extraterritorial scope of the Act be amended to introduce an additional requirement to demonstrate an 'Australian link' that is focused on personal information being connected with Australia?

Yes. Just like European companies operating in Australia are adhered to the GDPR

Should disclosures of personal information to overseas recipients via the publication of personal information online be subject to an exception from the requirements of APP 8.1 where it is in the public interest? How should such an exception be framed to ensure the public interest in protecting individuals’ privacy is appropriately balanced with other public interests?

NO

Notifiable Data Breaches

How can reporting processes for Notifiable Data Breaches be streamlined for APP entities with multiple reporting obligations?

No experience

Should APP entities be required to take reasonable steps to prevent or reduce the harm that is likely to arise for individuals as a result of a Notifiable Data Breach? If so, what factors should be taken into account when determining reasonable steps?

Yes

Provide general feedback or upload a written submission

If you would like to provide general feedback on the Privacy Act Review Report please provide your response

None