= material added since the date of the class concerning this topic
In the OECD's Security Guidelines, one of the principles says that security measures must not be so disproportionate as to be incompatible with a democratic society.
See Bygrave (doctoral thesis, 2000) 3.8. Information Security for a discussion of security requirements in the EC Directive and European laws.
While in theory data protection legislation might provides remedies against 'hackers' who obtain unauthorised access to personal data systems, in practice the only effective civil remedy will be against the data user whose system was broken into. Security principles in IPPs provide such a remedy.
DPP 4-security of personal data requires of data users that 'All practicable steps shall be taken to ensure that personal data (including data in a form in which access to or processing of the data is not practicable) held by a data user are protected against unauthorized or accidental access, processing, erasure or other use'.
The necessary 'practical steps' are to be assessed 'having particular regard to' a list of factors (a)-(e) that are set out. See B&W pgs 148-50 for detailed discussion.
B&W note that DPP 4 is not restricted to personal data in the sense of data in a form which can be effectively accessed/processed. For example, files mixed in a rubbish bin still require secure handling. Data must be securely disposed of, not only securely retained.
See HKPCO Complaints cases on DPP4
There is no equivalent in NPP 4 - acts and practices of contractors are deemed to be carried out by the client organization (s.8(1). Under the Victorian IPA the IPPs apply independently to anyone engaged by an agency (s.9(1)(j) and s.17). The NSW PPIPA includes data services contractors as agencies, (and therefore directly subject to the IPPs) definition of public sector agency (g) but other contractors would only be bound by contract terms.
There have been many cases involving breaches of security under the Federal Act - usually involving careless disclosure of paper records by Commonwealth agencies and TFN recipients. These have often come to light as a result of media attention rather than formal complaints by an affected person. Although none of the Commissioner's investigations of security lapses have resulted in a formal determination, in many cases the Commissioner has found the respondent to have breached IPP 4 (or TFN Guideline 6.1) and obtained a commitment to improved security measures, as well as apologies and or other redress for affected individuals.
To date, there have been few cases involving breaches of computer security, and it remains to be seen what will be considered `reasonable' security steps or safeguards in the context of databases, web servers etc.
However, other public interests such as historical research, genealogical research and epidemiological research may conflict with complete destruction.
The interests of persons or their families in personal information after the data subject is dead (whether described as a 'privacy' interest or otherwise) are less, if they exist at all.
Alternatives to complete destruction of personal information include (i) irreversible de-identification of the data; and (ii) 'archiving' of the data in the sense of removing it from active administrative use and (possibly) making it non-retrievable by the identify of the data subject.
See Bygrave (doctoral thesis, 2000) 3.8. Information Security for a discussion of security requirements in the EC Directive and European laws. He notes that some European laws require destruction of personal data in the case of national emergencies (reflecting the experience of some European countries on invasion by Nazi Germany in World War II.)
This is reinforced by s26 Erasure of personal data no longer required which provides two exceptions:
'(a) any such erasure is prohibited under any law; or
(b) it is in the public interest (including historical interest) for the data not to be erased.'
This very general exception leaves a wide ambit for disputes to arise. The Commissioner has not provided any guidelines on the interpretation of this provision, nor any examples of its application.
Under Public Records or Archives laws, public sector agencies are generally required to draw up disposal schedules for different classes of information, and provided privacy interests are taken into account, these can be the practical implementation of the disposal principles.
While records managers and archivists are normally natural allies of privacy interests in promoting a systematic approach to information handling, there is a tension between the two interests in relation to retention. Public Records or Archives laws generally frown on the complete destruction or permanent deletion of information, even when it is subsequently shown to be incorrect or misleading. They favour retention of a complete history of administrative actions. A compromise is usually possible, involving separate storage or limited access to historical data, allowing operational files to be corrected or otherwise updated.
The Victorian IPPs have an equivalent destruction principle.
For further discussion, see the separate Reading Guide on identity schemes.
There is no equivalent in the IPPs - but the potential of identifiers to facilitate data matching, and its privacy implications, have been addressed in both the see the data matching legislation Data-matching Program (Assistance and Tax Act 1990 and the Medicare and Pharmaceutical Benefit Program Guidelines under the National Health Act .