Legal Update: Victorian Privacy Commission's Data Matching Guidelines.The Office of Victorian Privacy Commissioner recently published a set of guidelines guidelines, n.pl a set of standards, criteria, or specifications to be used or followed in the performance of certain tasks. for the Victorian public sector dealing with data matching (Guidelines).1 They outline potential privacy issues that may arise in the context of data matching, and the considerations that should be taken into account. Whilst the Guidelines are directed at Victorian public agencies, data matching may also be undertaken by private entities such as financial institutions (eg fraud detection, anti-money laundering Anti-money laundering ("AML") is a term mainly used in the financial and legal industries to describe the legal controls that require financial institutions and other regulated entities to prevent or report money laundering activities. ), advertisers (eg targeted advertisements) and online merchants (eg targeted offers based on buying patterns). The Guidelines also serve as a useful reference for organisations wishing to undertake such exercises. Privacy issues and recommended practice Data matching refers to semi-automated comparisons of two or more systems of records, with the view of determining whether personal information from different records matches the same individual. The results of data matching can be used for a variety of purposes, including data verification and combining records to produce a more extensive set of personal information relating to relating to relate prep → concernant relating to relate prep → bezüglich +gen, mit Bezug auf +acc an individual. Due to its significant interaction with personal information, data matching can involve numerous privacy related risks. The following highlights some of the significant privacy issues outlined in the Guidelines and suggested practical ways to address them. Purpose of data matching and results Whilst data matching has its benefits, the Guidelines recognise that it may also harm individuals, particularly if the results of data matching are used by public agencies to make decisions that are adverse to the individual. To minimise such risks, organisations should consider and document the purpose of data matching and the proposed use of the results as part of their planning process. In particular, an organisation should consider whether it is necessary to undertake data matching, or if it is more appropriate to de-identify the results. Expectations of the individual In accordance Accordance is Bible Study Software for Macintosh developed by OakTree Software, Inc.[] As well as a standalone program, it is the base software packaged by Zondervan in their Bible Study suites for Macintosh. with IPP (Internet Printing Protocol) A protocol for printing and managing print jobs over the Internet using HTTP. Initially conceived by Novell, Xerox and others, the IETF made it a standard in 2000 that includes authentication and encryption. See printing protocol and LPD. 2.1, an organisation should generally consider the expectations of the individuals before using or disclosing personal information for the purposes of data matching. This may include reviewing the organisation's privacy policy, representations made by the organisation relating to the treatment of personal information and privacy collection statements given by the organisation pursuant to IPP 1.3. In our experience, many privacy policies and collection statements are generic and do not contemplate data matching. If an organisation intends to undertake data matching regularly, then we suggest that it should amend its privacy policy and collection statements to reflect that practice, as required by IPPs 1.3 and 2.1. In some circumstances CIRCUMSTANCES, evidence. The particulars which accompany a fact. 2. The facts proved are either possible or impossible, ordinary and probable, or extraordinary and improbable, recent or ancient; they may have happened near us, or afar off; they are public or , it may also be appropriate to have a separate policy explaining the organisation's data matching practices. Some organisations (particularly online business) may have represented that they will keep all personal information confidential and will not use the information for any other purpose. Such representations may be inconsistent with data matching and thus will need to be withdrawn and corrected. The Victorian Privacy Commissioner also considers that the collection of personal information may be considered unfair for the purposes of IPP 1.2 if the organisation's privacy notice has misrepresented the intended dealings with the collected information. Use of unique identifiers With reference to a given (possibly implicit) set of objects, a unique identifier is any identifier which is guaranteed to be unique among all identifiers used for those objects and for a specific purpose. Regular data matching may encourage the adoption and sharing of unique identifiers between organisations, which is inconsistent with the intent and objectives of IPP 7. Whilst the Guidelines do not prohibit pro·hib·it tr.v. pro·hib·it·ed, pro·hib·it·ing, pro·hib·its 1. To forbid by authority: Smoking is prohibited in most theaters. See Synonyms at forbid. 2. the use of unique identifiers in data matching per se, an organisation must ensure that it complies with IPP 7. In practice, given the narrow exceptions of IPPs 7.2 and 7.3, we suggest that data matching involving the use or disclosure of unique identifiers should be supported by the prior consent of the individuals. Quality of the data Since data matching is an automated au·to·mate v. au·to·mat·ed, au·to·mat·ing, au·to·mates v.tr. 1. To convert to automatic operation: automate a factory. 2. exercise, organisations should verify (1) To prove the correctness of data. (2) In data entry operations, to compare the keystrokes of a second operator with the data entered by the first operator to ensure that the data were typed in accurately. See validate. the accuracy of the source information before data matching to avoid creating inaccuracies. Similarly, depending on the intended use of the results, it may also be appropriate to verify and confirm the results before adopting them as the records of the organisation. This may involve verifying ver·i·fy tr.v. ver·i·fied, ver·i·fy·ing, ver·i·fies 1. To prove the truth of by presentation of evidence or testimony; substantiate. 2. the results directly with the individual. What do I need to do Whilst the Guidelines are not legally binding, they indicate the Victorian Privacy Commissioner's interpretation of the IPPs in the context of data matching. Accordingly, it is good practice to follow them. From a practical perspective, we recommend that all organisations wishing to undertake data matching should: review their privacy policy and collection statements (and amend where necessary) to ensure that they are consistent with the data matching practices; consider and plan for privacy risks before undertaking any data matching exercise, including consideration as to whether it is possible to achieve a similar outcome without data matching; clearly document the rights and responsibilities of each contributor to the data matching, including ongoing responsibilities in relation to the use, disclosure and disposal of the results; and where practical, notify the individuals or seek their consent to the data matching. We also note that Commonwealth agencies are subject to a different set of voluntary guidelines published by the federal Privacy Commissioner. Similarly, data matching involving tax file numbers that compare data from the Australian Taxation Office and assistance agencies are subject to specific legislation and mandatory guidelines. These guidelines should be taken into account when planning data matching involving Commonwealth agencies or information. Footnote Text that appears at the bottom of a page that adds explanation. It is often used to give credit to the source of information. When accumulated and printed at the end of a document, they are called "endnotes." 1 www.privacy.vic.gov.au/privacy/web.nsf/download/655CB1FFB FFB Fürstenfeldbruck (German auto license plate) FFB Foundation Fighting Blindness FFB Food from Britain (UK strategic international food and drink export marketing consultancy) 552BF01CA2576090018D1AE/$FILE/OVPC%20Data%20Matching%20Guide%20Edition%201%20August%202009.pdf The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances. Mr Ka-Chi Cheung Deacons Level 18 Grosvenor Place Grosvenor Place may refer to:
225 George St Sydney NSW NSW New South Wales Noun 1. NSW - the agency that provides units to conduct unconventional and counter-guerilla warfare Naval Special Warfare 2000 AUSTRALIA Tel: 29330 8000 Fax: 293308111 E-mail: maryanne.webb@deacons.com.au URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. : www.deacons.com.au Click Here for related articles (c) Mondaq Ltd, 2009 - Tel. +44 (0)20 8544 8300 - http://www.mondaq.com |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion