OctopusBI

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

APP 1 - Open and transparent management of personal information

Comments

Status

General compliance with the APP 1

APP 1.1

Does organization entity manage personal information in an open and transparent way?

Implementing practices, procedures and systems to ensure APP compliance

APP 1.2

Does organization entity take reasonable steps to implement practices, procedures and systems relating to the entity’s functions or activities that will:

  • ensure the entity complies with the APPs and any binding registered APP code

  • enable the entity to deal with inquiries or complaints from individuals about the entity’s compliance with the APPs or such a code

Developing an APP Privacy Policy

APP 1.3

Does organization entity have a clearly expressed and up-to-date APP Privacy Policy about how it manages personal information and At a minimum, a clearly expressed policy should be easy to understand, easy to navigate, and only include information that is relevant to the management of personal information by the entity?

And the policy will usually be available on the entity’s website?

Is it written in a style and length that makes it suitable for web publication

Does organization entity regularly review and update its APP Privacy Policy to ensure that it reflects the entity’s information handling practices?

  • This review could, at a minimum, be undertaken as part of an entity’s annual planning processes

  • Does entity include a notation on the policy indicating when it was last updated?

  • Does entity comment on the policy to evaluate its effectiveness, and explain how any comments will be dealt with?

APP 1.4

Does APP organization entity include following non-exhaustive list of information on the APP Privacy Policy?

  • the kinds of personal information collected and held by the entity (APP 1.4(a)

  • how personal information is collected and held (APP 1.4(b))

  • the purposes for which personal information is collected, held, used and disclosed (APP 1.4(c))

  • how an individual may access their personal information and seek its correction (APP 1.4(d))

  • how an individual may complain if the entity breaches the APPs or any registered binding APP code, and how the complaint will be handled (APP 1.4(e))

  • whether the entity is likely to disclose personal information to overseas recipients (APP 1.4(f)), and if so, the countries in which such recipients are likely to be located if it is practicable to specify those countries in the policy (APP 1.4(g))

Making an APP Privacy Policy publicly available

APP 1.5

Does APP organization entity take reasonable steps to make its APP Privacy Policy available free of charge, and in an appropriate form with the objective of APP 1 of ensuring that personal information is managed in an open and transparent way?

Does APP organization entity, upon request, to take reasonable steps to provide a person or body with a copy of its APP Privacy Policy in the form requested?

If a request for access in a particular form is declined for a valid reason, Does APP organization entity explain this decision to the person or body making the request and APP organization entity prepared to undertake reasonable consultation with the requester about the request?

APP 2 - Anonymity and pseudonymity

Comments

(Yes/No)

2.1

Does APP organization entity providing the option of dealing anonymously or by pseudonym for the individuals?

Does APP organization entity ensure that, if applicable, individuals are made aware of their opportunity to deal anonymously or by pseudonym with the entity? (If anonymity or pseudonymity is the default setting, this does not apply)

Does APP organization entity required to collect personal data in order to deliver a service to a individual?

Does APP organization entity enable individuals to exercise greater control over their personal information and decide how much personal information will be shared or revealed to others?

2.2

Does APP organization entity ensure that no more personal information collected than is required to facilitate the dealing with an individual?

APP 3 - Collection of solicited personal information

Comments

(Yes/No)

3.1, 3.2

Does APP entity only collect personal information which is reasonably necessary for one or more of the entity’s functions or activities?

Collecting sensitive information

3.3

Does APP entity collects sensitive information? If yes, then APP entity express consent of the individual before you collect sensitive data?

Does APP entity only collect sensitive information which is reasonably necessary for one or more of the entity’s functions or activities?

Collecting information from third parties

3.6

Does APP entity collects data from third parties? If Yes, Does entity considered whether it is unreasonable or impracticable to obtain the personal data directly from the individual?

APP 4 — Dealing with unsolicited personal information

Comments

(Yes/No)

4.1

Does APP entity received any personal data that entity have not specifically requested from an individual?

4.3

If APP entity have received any personal data from an individual that entity did not request, does entity have procedures in place to either destroy or deidentify the data?

APP 5 — Notification of the collection of personal information

Comments

(Yes/No)

5.1

When APP entity collects personal information about an individual does take reasonable steps either to notify the individual of certain matters or to ensure the individual is aware of those matters

5.2

Does APP entity’s notification statement include following contents?

  • APP entity’s identity and contact details

  • The fact and circumstances of collection

  • Whether the collection is required or authorised by law

  • The purposes of collection

  • The consequences if personal information is not collected

  • The entity’s usual disclosures of personal information of the kind collected by the entity

  • Whether the entity is likely to disclose personal information to overseas recipients, and if practicable, the countries where they are located

APP 6 — Use or disclosure of personal information

Comments

(Yes/No)

6.1

Does APP entity ensure that entity use or disclose personal data for the primary purpose for which it was collected?

6.2

Does entity disclose personal data for any secondary purpose?

If so, does entity check to see if entity hold the individual’s consent for the use and disclosure their personal data for the secondary purpose?

or

If else, does entity considered if the individual would reasonably expect entity to disclose the data for a secondary purpose? and, is that secondary purpose related to the primary purpose?

  • No labels