In this case, the Federal Court held that the Department of Veterans’ Affairs did not breach the Information Privacy Principles in disclosing an individual’s personal information to their superior officer and ADF doctors.
On 25 May 2018, the European Union’s new data protection framework – the General Data Protection Regulation (‘GDPR’) – took effect. Despite some similarities with the Privacy Act, many APP entities will need to implement new processes to be GDPR-compliant.
The Health Records Act 2001 (Vic) and the Privacy and Data Protection Act 2014 (Vic) have been amended to provide exceptions in relation to the collection of particular health and personal information under the Family Violence Protection Act 2008 (Vic).
The Victorian Data Sharing Act 2017 (Vic) has introduced a new legal framework to facilitate the sharing of Victorian public sector data to improve policy-making whilst ensuring the privacy of the data.
The Victorian Civil and Administrative Tribunal found that the use of a person’s health information for the purpose of considering a request for clinical supervision and for the purpose of an intervention order proceeding did not interfere with the privacy of the applicant by breaching the Health Privacy Principles.
The Privacy Act 1988 (Cth) (Act) has been amended by the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) (the amending Act). The amending Act introduces a mandatory data breach notification regime where an ‘eligible data breach’ occurs. The amendments will commence on 23 February 2018, unless they are proclaimed to commence earlier.
On 12 September 2016, researchers at the University of Melbourne alerted the Commonwealth Government that it was possible to re-identify ostensibly “de-identified” Medicare Benefits Scheme (MBS) data that had been released for public access and analysis. The MBS Re-identification Event attracted significant media attention, generated an Australian Office of the Information Commissioner (OAIC) investigation and resulted in the introduction of the Privacy Amendment (Re-identification Offence) Bill 2016 (Cth). The MBS Re-identification Event is a reminder of the importance of considering the privacy implications of big data analytics.
The New South Wales Civil and Administrative Tribunal found that certain hospital CCTV footage could be released under freedom of information legislation, despite public interest and privacy concerns, if the faces, heads, necks and any tattoos or other identifying marks of persons in the footage were pixelated.