Legal Access Services abides by the following ten Principles which deal with how organisations, such as ours, may collect, use, store and disclose information which identifies individuals.
Organisations must ensure that individuals are aware their personal information is being collected, why, who it might be passed on to and that they can ask the organisation what personal information it holds about them.
Personal information may not be collected unless it is necessary for an organisations activities and must only be used for the purpose it was collected. Many direct marketing mailers will now have to offer the recipient the opportunity to elect not to receive further mailings.
3. Data quality
Organisations must take steps to ensure personal information they collect is accurate, complete and up-to-date.
4. Data security
An organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.
An organisation must have a policy document outlining its information handling practices and make this available to anyone who asks.
6. Access and correction
Generally, an organisation must give an individual access to personal information it holds about the individual on request.
Generally, an organisation must not adopt, use or disclose an identifier that has been assigned by a Commonwealth government agency.
Organisations must give people the option to interact anonymously whenever it is lawful and practicable to do so.
9. Transborder data flows
An organisation can only transfer personal information to a recipient in a foreign country in circumstances where the information will have appropriate protection.
10. Sensitive information
Sensitive information (such as about someone's health, political opinions or sexual preference), may only be collected with the consent of the individual (unless a public interest exception applies).
Click here to return.