|
Biometrics Institute Privacy Code
Review of the Privacy Code
October 2009
The Code Review has been completed. The recommendations can be viewed in the Independent Review and the Code Administrator Response Report.
See also the article Biometrics Institute calls for Privacy Act improvement in the ASM Headlines 8 October 2009.
The Privacy Code has only a handful of subscribers but the Review indicated that a significant number use the Code as a reference point for their privacy planning and operations.
It was the view of both management and the reviewers that a major stumbling block to members formally signing up to the Code was the inadequate nature of the Privacy Act 1988. In particular members polled pointed to the lack of national unified principles in the Act, the number of exemptions that were allowed under the Act and the various jurisdictions that regulated privacy in this country.
The Biometrics Institute is has written to the Privacy Commissioner expressing its views that the Privacy Act desperately needs to be updated in order to reflect all the changes that have been made in society and technology since the Act was first implemented in 1988.
Until then the Biometrics Institute will continue to promote the Code and will provide members with a Best Practice Privacy Checklist.
This Checklist will be in place soon and will apply to all members regardless of whether they have formally signed up to the Privacy Code or not.
In terms of the inadequacies of the current Privacy Act, the Privacy Code Review particularly nominated the following weaknesses:
- the separation of government and non-government privacy principles
- the exemption from the Privacy Act of small business, media and those who work for political parties
- the separation of State and Federal jurisdictions especially the variations from State to State
- the exemption of employee records from the Act
- the fact that, in the Act, Privacy Impact Assessments and Audits are not mandatory as is the case with the Biometrics Institute Privacy Code.
The Biometrics Institute will continue to pursue the above changes so that its Code can work more effectively. In the meantime, the Biometrics Institute will continue its privacy training and awareness programme through its conferences, publications and consultations with privacy advocates and those with special privacy responsibilities in Australian organisation.
Subscription
This Code is binding upon organisations that have agreed to be covered by the Code by signing the ‘Biometrics Institute Privacy Code Agreement to Comply’.
-
Only members of the Biometrics Institute are eligible to subscribe to this Code.
-
Biometrics Institute membership, and thus subscription to this Code, is voluntary.
-
Government agencies at both a state and federal level may choose to follow the Code; they may also prefer tenderers to be signatories to the Code. However, Australian Government agencies are not legally required to comply with the Code.
-
The Office of the Privacy Commissioner will handle privacy complaints about organisations who volunteer to be bound by the Code.
A list of current Code Subscribers is available from this website.
| In August 2008, the Biometrics Institute was shortlisted for the Australian Privacy Awards in the Community and NGO Category for the development of its Biometrics Institute Privacy Code. |
 |
____________________________________________________________________
Overview of the Privacy Standards
The Code includes privacy standards that are at least equivalent to the Australian National Privacy Principles (NPPs) in the Australian Privacy Act and also incorporates higher standards of privacy protection in relation to:
-
certain acts and practices in relation to employee records that otherwise would be exempt.
-
the addition of three new Supplementary Biometrics Institute Privacy Principles 11, 12, and 13 in the Code:
-
Principle 11 deals with the protection of biometric information and in some ways supplements the data security obligations in NPP 4.
-
Principle 12 includes some added notice requirements, restricts some secondary uses without express free and informed consent and confers a right to request the removal of biometric information from a system. These obligations enhance NPP 1.3, NPP 1.5, NPP 2 and NPP 4.
-
Principle 13 introduces an obligation of accountability through an extra notice obligation, requires an audit of biometric systems to be undertaken, introduces the concept of holistic privacy management in relation to a biometric product or service, and mandates the use of privacy impact assessments. These requirements augment NPP 1, NPP 4 and NPP 5.1.
-
the inclusion of specific requirements in the Code for code subscribers to be aware of and take account of relevant national and international standards for information protection and biometric systems.
____________________________________________________________________
Privacy Code Review - March 2008 - September 2009
The Biometrics Institute has started a review process of the Code in February 2008 with the establishment of a Privacy Committee and two Surveys to its Members. Further briefings and consultations have been held with regular updates from this website.
The results from the Survey will be presented at the 2008 Annual Biometrics Institute Australia Conference (29-30 May 2008, Sydney) and at the 10th Biometrics Institute Australia Conference (28-29 May 2009).
If you would like to provide feedback on the Code or you would like to find out more, please contact manager@biometricsinstitute.org.
____________________________________________________________________
Background
 |
The Australian Privacy Commissioner Karen Curtis approved the binding Biometrics Institute Privacy Code on the 19 July 2006. The Code has come into operation on 1 September 2006, and is intended to cover the biometric industry in Australia.
See also "Biometrics: Still searching for a pulse" by David Braue, ZDNet Australia, 06 April 2005
|
Please also refer to the following documents for further guidance:
The Code has been registered on the Federal Register of Legislative Instruments as well as entered into the Privacy Commissioner's register of approved privacy codes.
Access the Biometrics Institute press release.
____________________________________________________________________
Contact the Code Administrator:
Biometrics Institute
Tel. +61 2 9431 8688 begin_of_the_skype_highlighting +61 2 9431 8688 end_of_the_skype_highlighting
Fax +61 2 9431 8677
Email manager@biometricsinstitute.org
Last updated: 3 September 2008
|
