Personal information, de-identification and sensitive information
Should there be a criminal offence for re-identifying de-identified information? What exceptions should apply?
Enter your response here
Yes
Should consent be required for the collection, use, disclosure and storage of other tracking data, such as health data, heart rate and sleeping schedule, in addition to precise geolocation tracking data?
Enter your response here
Yes
Small business exemption
If you are a small business operator, what support from government would be helpful for you to understand and comply with new privacy obligations?
Please select all that apply
Checkbox:
Ticked
Information sessions
Checkbox:
Ticked
Written guidance
Checkbox:
Ticked
Digital modules
Checkbox:
Ticked
Self-assessment tools
Checkbox:
Unticked
Financial rebates or tax concessions for obtaining independent privacy advice
Checkbox:
Unticked
Other
Please expand on your response
The more methods of information, the better. We all learn in different ways, so the more options, the more effective education should be.
Also, most small businesses have staff with varying levels of skills & experience. So the "one size fits all" will not work.
Also, most small businesses have staff with varying levels of skills & experience. So the "one size fits all" will not work.
Employee records exemption
How should employers provide enhanced transparency to employees about the purposes for which their personal and sensitive information is collected, used and disclosed?
Response
Yes
If privacy protections for employees were introduced into workplace relations laws, what role should the privacy regulator have in relation to privacy complaints, enforcement of privacy obligations and development of privacy codes in the employment context?
Enter your response here
Enforecement for bad offenders.
Including possibility of "go to jail" for serious offencesRedacted text.
Including possibility of "go to jail" for serious offences
Journalism exemption
What additional support, if any, would be needed to assist smaller media organisations to comply with privacy obligations?
Enter your response here
Same support as for any other small business.
Additional protections
What additional requirements should apply to mitigate privacy risks relating to the development and use of facial recognition technology and other biometric information?
Enter your response here
Customers and employees should have the right to refuse to provide facial recognition technology and other biometric information, UNLESS there is a Redacted text good reason.
For example, Bunnings scanning all faces without warning is NOT acceptable.
However, for military site and other key sites, using facial recognition technology and other biometric information as part of the security makes sense.
For example, Bunnings scanning all faces without warning is NOT acceptable.
However, for military site and other key sites, using facial recognition technology and other biometric information as part of the security makes sense.
Research
Should the scope of research permitted without consent be broadened? If so, what should the scope be?
Enter your response here
Difficult, as so much information is avalable on the web/cloud.
Restricting research could be difficult. Might be better to focus on how such reaerach is used - such as trqade off of privacy versus the purpose.
So if a journalist is purely seeking to :get rihc", not n. Howeverm if a journalist is seeking to uncover a truth, leniency.
Restricting research could be difficult. Might be better to focus on how such reaerach is used - such as trqade off of privacy versus the purpose.
So if a journalist is purely seeking to :get rihc", not n. Howeverm if a journalist is seeking to uncover a truth, leniency.
Should there be a single exception for research without consent for both agencies and organisations? If not, what should be the difference in scope for agencies and organisations?
Enter your response here
What's the difference between an "agency" and an "organisation"? Frankly, seems the be lawyers wasting time.
The same rules should apply to everyone, regardless of whether it is an individual, a company, a trust, a partnership, a government deparment, etc.
The same rules should apply to everyone, regardless of whether it is an individual, a company, a trust, a partnership, a government deparment, etc.
People experiencing vulnerability
How can financial institutions act in the interests of customers who may be experiencing financial abuse or may no longer have capacity to consent?
Enter your response here
Act honesty and stop being selfish.
Should the permitted general situations in the Privacy Act be amended to enable disclosure of personal information in safeguarding situations which may not meet the requirements under section 16A, item 1? What other options for reform could be considered to protect people where abuse is suspected while respecting an individual's privacy and personal autonomy?
Enter your response here
Simple: introduce "go to jail" for serious offences and repeat offenders.
The threat of "go to jail" is generally enough to make most people behave.
Adding complex layers only works in favour of the rich and "big business", whi can hire expensive lawyers to createRedacted text arguements.
The threat of "go to jail" is generally enough to make most people behave.
Adding complex layers only works in favour of the rich and "big business", whi can hire expensive lawyers to create
Individual rights
What would the impact of the proposed individual rights be on individuals, businesses and government?
Enter your response here
Individuals should have thje right to be told in advance what private information is being collected and why. Plus to be told later what is actually being held.
Frankly, too often businesses ask for private data that is not necessary.
Frankly, too often businesses ask for private data that is not necessary.
Are further exceptions required for any of the proposed individual rights?
Enter your response here
"Public interests" such as national security are important.
Common sense should prevail. However, common sense is usually not very "common".
Common sense should prevail. However, common sense is usually not very "common".
Automated decision-making
Should there be exceptions to a right for individuals to request meaningful information about how substantially automated decisions with legal or similarly significant effect are made?
Please select one item
Radio button:
Unticked
Yes
Radio button:
Unticked
No
Radio button:
Ticked
Unsure
Direct marketing, targeting and trading
What would be the impact of the proposals in relation to direct marketing on individuals, businesses and government?
Enter your response here
Direct marketing on indiviuals is currently a joke.
I have been on the "Do Not Call" register almost since it was introduced, but I still received unwanted telephone calls, SMSs and emails.
Direct marketing on indiviual should ONLY be where consent has been explicitly provided.
So I strongly agree with Proposal 20.2
I have been on the "Do Not Call" register almost since it was introduced, but I still received unwanted telephone calls, SMSs and emails.
Direct marketing on indiviual should ONLY be where consent has been explicitly provided.
So I strongly agree with Proposal 20.2
What would be the impact of the proposals in relation to targeting on individuals, businesses and government?
Enter your response here
Same as above. So I strongly agree with these Proposals to protect individuals.
What would be the impact of the proposals in relation to sale of personal information on individuals, businesses and government?
Enter your response here
The sale of private data for individuals should be unlawful with "go to jail" as an offence for blatant breaches.
Security and destruction
What are the barriers APP entities face to minimise collection and retention of identity credential information (e.g. reference numbers from, or copies of, drivers’ licences and passports)?
Enter your response here
Common sense should prevail, however rearely does.
Take theRedacted text at Optus. All contracts have ALL private data at the top of the contract. So when a customer telephones Optus, the Optus person then can see everything. Optus' argument is to save time for when customer ID checkes are required. However, most calls are probably queries only and not result in a change to a contract.
I note that Optus set aside A$140m to cover the cost to replace passports, etc. Having customers private data in a stand alone database would have been a lot cheaper!!!
Take the
I note that Optus set aside A$140m to cover the cost to replace passports, etc. Having customers private data in a stand alone database would have been a lot cheaper!!!
Controllers and processors
If small business non-APP entities that process information on behalf of APP entities are brought into the scope of the Act for their handling of personal information on behalf of the APP entity controller, what support should be provided to small businesses to assist them to comply with the obligations on processors?
Enter your response here
Good education tools are needed for small businesses.
Overseas data flows
Should the extraterritorial scope of the Act be amended to introduce an additional requirement to demonstrate an 'Australian link' that is focused on personal information being connected with Australia?
Enter your response here
Private data for Australian cistizens should be securely stored in Australia, not other countries.
Should disclosures of personal information to overseas recipients via the publication of personal information online be subject to an exception from the requirements of APP 8.1 where it is in the public interest? How should such an exception be framed to ensure the public interest in protecting individuals’ privacy is appropriately balanced with other public interests?
Enter your response here
There should be tighter rules for overseas recipients of personal information.
Notifiable Data Breaches
How can reporting processes for Notifiable Data Breaches be streamlined for APP entities with multiple reporting obligations?
Enter your response here
"Name and shame" for serious breaches and repeat offenders.
Low cost options include publishing in "The Gazette".
Low cost options include publishing in "The Gazette".
Provide general feedback or upload a written submission
If you would like to provide general feedback on the Privacy Act Review Report please provide your response
Response
"Go to jail" needs to be introduced for serious privacy breaches.
Currently Australian privacy (and human rights) laws are a "joke" as they have little "bite" for offenders.
I'm not suggesting "go to jail" for minor one-off offences. However, the fear of spending time in jail, or even spending 8 hours being interogatted by law enforcement, should be enough to get Boards and Senior Executives to take privacy more seriously.
Currently Australian privacy (and human rights) laws are a "joke" as they have little "bite" for offenders.
I'm not suggesting "go to jail" for minor one-off offences. However, the fear of spending time in jail, or even spending 8 hours being interogatted by law enforcement, should be enough to get Boards and Senior Executives to take privacy more seriously.