Develop an organisations privacy practices

Assignment Help Business Management
Reference no: EM132609405

BSBCOM603 Plan and establish compliance management systems

Task 1 - Privacy Compliance Program/Management System

This assessment task requires the development of a compliance program/management system centered on meeting privacy legislative obligations. As a basis, you may use a business you work in, have access to or a simulated business.

Assume that your organisation needs to comply and it can choose to:

• become bound by an approved industry code
• apply to have its own code under the Privacy Act approved by the Federal Privacy Commissioner
• be bound by the Australian Privacy Principles (APPs) The functions of a compliance program are to;
• develop an organisation's privacy practices
• assist in defending a complaint made to the Privacy Commissioner

The following information will assist your organisation in developing a privacy compliance program.

1. The privacy officer

Depending on the size of the organisation, consider nominating a staff member to act as a privacy officer. The privacy officer should be given clear authority to:

• undertake a privacy review of existing systems to ascertain the way in which the organisation uses personal information
• direct and implement a privacy strategy
• establish systems to ensure compliance with the new legislation
• maintain the privacy compliance system.

2. Know the APPs

Be familiar with the Australian Privacy Principles (APPs) to understand the ways in which they are likely to impact on the business practices of the organisation.

3. Conduct a Privacy review

The key reasons for carrying out a review of activities are to assess:

• the type of information your organisation collects and keeps
• how your organisation uses such information and with whom it shares such information (if at all)

The review (in the form of a comprehensive questionnaire) should, as a minimum, address the following questions;

• What personal information has been and will be collected and from whom? (this question needs to be answered in two parts relating to personal information and sensitive information)
• How is personal information collected? (any medium of information collection should be taken into account, for example; standard forms, surveys, mails, emails, call centres)
• The purpose for which personal information is collected?
• The functions or activities carried out by your business and do all the purposes for which information is collected relate to one of those functions or activities?
• Who accessed and uses the personal information (within the organisation and third parties).
• How is the personal information stored and disposed of?
• How can the personal information be accessed?
• Who has access to what information?
• What information is disclosed to third parties? (for example mailing houses, business partners)
• What consents are in place for use or disclosure of personal information collected?
• How accurate and up to date is the information? (this will involve an assessment of what procedures there are to update information or delete irrelevant information and to ensure accurate data recording)
• How are complaints handled?
• Do you send or transmit information overseas or to related companies?
• How individuals may access personal information about them that the business holds; and seek the correction of such information?
• How individuals may complain to the business about a breach of the Australian Privacy Principles and how the business deals with such a complaint?
• Whether the business discloses personal information to overseas recipients?
• If the business is likely to disclose personal information to overseas recipients - the countries in which such recipients are likely to be located (if it is practicable to specify those countries).

4. Implement a privacy compliance program

Prepare a privacy compliance manual to minimise your exposure to privacy compliance risks. Consider the following three step process.

1. Identify privacy compliance issues which have been highlighted in the review. The privacy officer and senior management in consultation with lawyers should take responsibility for planning.
2. Implement - Educate staff about their responsibilities for security and information management.
3. Maintain - Update the contents of the manual according to changes in business practices law, regulations and industry codes and practices. Retrain and refresh staff in relation to their responsibilities. Undertake audits at regular intervals.

Refer to AS3806-1998.

5. The privacy statement and policy

An organisation which is subject to the Act is required to formulate a privacy policy which sets out clearly its approach on the management of personal information.

The policy is required to be made publicly available, free of charge. The website is a good place to do that, although hard copies should also be freely available.

A business' privacy policy must disclose:

a. the kinds of personal information it collects and holds;
b. how it collects and holds personal information;
c. the purposes for which it collects, holds, uses and discloses personal information;
d. how an individual may access personal information about them that the business holds; and seek the correction of such information;
e. how an individual may complain to the business about a breach of the Australian Privacy Principles and how the business will deal with such a complaint;
f. whether the business is likely to disclose personal information to overseas recipients; and
g. if the business is likely to disclose personal information to overseas recipients-the countries in which such recipients are likely to be located (if it is practicable to specify those countries).

6. Privacy procedures

An organisation must take reasonable steps to protect the personal information it holds from misuse and loss from unauthorised access, modification or disclosure.

It must also destroy and de-identify information as soon as it is no longer required for any purpose for which the information could be used or disclosed.

• Develop a procedure for handling complaints regarding privacy breaches and information access to records - this should cover logging of complaints and logging information disclosed to applicants (refer to AS 4269-1995).
• Train staff about your privacy policy and guidelines.
• Monitor ongoing privacy procedures to ensure compliance.
• Consider the need for external legal advice.

Specific procedures which support the privacy policy include guidelines on:

• the management of mailing lists
• the collection, management and use of contact lists
• provisions to include in contracts with consultants and suppliers including outsourcing where personal information may be handled
• managing personal information access requests
• use of sensitive information
• conduct security review of current practices or procedures
• forms used to collect personal information are not to be left in correspondence trays overnight
• paper shredders to be utilised for daily waste
• computer screens at inquiry counters positioned away from the public
• password protected computers and screen savers
• short time frame for activation of screen savers
• regular password changes
• restricted access to data by key staff only
• anti-virus software used for computers
• computer backup tapes to be stored securely away from the location of the relevant computer system
• removal of access rights for employees who leave the organisation
• internet and email usage policy distributed to staff Procedures in place:
• to ensure data is removed, destroyed or cleared once it is no longer required
• for access request to records handling policy
• to handle complaints or incidents regarding breaches of privacy - a key means of achieving privacy compliance is the inclusion of appropriate provisions governing information handling issues like security and confidentiality of personal information in contracts for service providers (two key areas identified by the Privacy Commissioner include cleaning services and counselling services)

Task 2 - Anti-Bribery and Corruption Program

This assessment task requires the development of a compliance program/management system centred on meeting Anti-Bribery and Anti-Corruption (ABC) obligations. As a basis, you may use a business you work in, have access to or a simulated business.

Use the attached checklist and undertake research in order to develop the ABC Program.

Attachment:- compliance management systems.rar

Reference no: EM132609405

Questions Cloud

Find the depreciation for the year : It has a useful life of 5 years and a residual value of $8,000. Find the depreciation for the year 2018 assuming the company uses sum-of-the-years-digit method
Perspectives of the customer and target market : According to the Perspectives of the Customer and Target Market, business success will increasingly depend on bringing new products to the market.
How management consultants solve problems and communicate : What steps will you follow in solving any managerial issue from the perspective of a consultant.
Find what is the entry for the dividend declaration : Find What is the entry for the dividend declaration? The board of directors of Staubach Co. declared a $0.50 per share cash dividend on its $1 par common stock.
Develop an organisations privacy practices : Development of a compliance program/management system centred on meeting Anti-Bribery and Anti-Corruption (ABC) obligations
Difference between management and leadership : Describe the difference between management and leadership.
Explain contrast the net income approach and net operating : Explain contrast the "net income approach," "net operating income approach," and "traditional approach" to the optimal debt-equity mix.
Write an e-mail to mr rosen including all vital information : Write an e-mail to Mr. Rosen including all the vital information he needs. Remember to use the e-mail template provided for you under Contents on FOL.
How to compulate a monitoring and evaluation team : How to compulate a monitoring and evaluation team"refer to the case of cared share in Barbados"

Reviews

Write a Review

 

Business Management Questions & Answers

  Discuss a type of channel that you could use for feedback

In the report, you will provide a potential audience analysis, create a purposeful message, and discuss a type of channel that you could use for feedback. Include answers to Neal's (2010) communication questions.

  Describe your experience in qa

Please Describe Your Experience in QA? Please describe the biggest challenge you ever faced and how you handled it as a QA?

  List 10 sources of information and ways of keeping

List 10 sources of information and ways of keeping up to date on issues in the hospitality industry.

  Explain the principal theories of leadership and motivation

Explain the principal theories of leadership and motivation and describe the fundamental considerations in managing and motivating individual and group behavior

  What are the uses of money

What are the uses of money? How do commercial banks and Federal banks create money? Is monetary policy conducted independently in the United States? Explain your answer. Is it important for monetary policy to remain independent from all parties? Wh..

  Find and include a current organizational chart

Part IV- Internal Assessment (B) Find and include a current organizational chart for your company. Then create an improved organizational chart, followed by an explanation of why these changes would improve the company. This will require you to inclu..

  Loss leader pricing method increase overall sales

Do you think a loss leader pricing method can actually increase your overall sales? Why or why not?

  How can we measure the geographical reach of stonehenge

How can we measure the geographical reach of Stonehenge? Where did the people who were buried there come from? How do we know? What does this information tell us about the geographic reach of Stonehenge?

  Challenges that international business negotiators face

Question - You will write a critical paper outlining, in detail, the challenges that international business negotiators face

  Federal appeals court overrules fcc on indenency

Although the First Amendment generally prevents the U.S. government from engaging in censorship, an exception exists for broadcast radio and television.

  Policies about surveillance

Another major ethical concern with surveillance is the extent to which it invades privacy freedoms that are protected by our

  Decision-making processes-decentralized control processes

How would you explain a company's decision to employ centralized decision-making processes and decentralized control processes

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd