Legal Access Services abides by the following ten Principles which deal with how organisations, such as ours, may collect, use, store and disclose information which identifies individuals. 

1. Collection

Organisations must ensure that individuals are aware their personal information is being collected, why, who it might be passed on to and that they can ask the organisation what personal information it holds about them.

2. Use

Personal information may not be collected unless it is necessary for an organisations activities and must only be used for the purpose it was collected. Many direct marketing mailers will now have to offer the recipient the opportunity to elect not to receive further mailings.

3. Data quality

Organisations must take steps to ensure personal information they collect is accurate, complete and up-to-date.

4. Data security

An organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.

5. Openness

An organisation must have a policy document outlining its information handling practices and make this available to anyone who asks.

6. Access and correction

Generally, an organisation must give an individual access to personal information it holds about the individual on request.

7. Identifiers

Generally, an organisation must not adopt, use or disclose an identifier that has been assigned by a Commonwealth government agency.

8. Anonymity

Organisations must give people the option to interact anonymously whenever it is lawful and practicable to do so.

9. Transborder data flows

An organisation can only transfer personal information to a recipient in a foreign country in circumstances where the information will have appropriate protection.

10. Sensitive information

Sensitive information (such as about someone's health, political opinions or sexual preference), may only be collected with the consent of the individual (unless a public interest exception applies).

Click here to return.