Introduction
Impacts of Technology > Legal > Privacy
Today we are interested in what the legal implications are for businesses collecting personal information about their customers.
Task
Your task is simple...
Work through this Webquest to increase your understanding of Privacy.
Process
Type your responses to all the questions in a Word Document, and save it for future reference
Part 1: Thoughts on privacy
Watch this video and then answer the following questions. Your responses should be 3-4 sentences in length.
1. What is your personal opinion about businesses collecting personal information about you, the customer?
2. Imagine you are a business owner. What would your opinion about collecting personal information be, and why?
[video:https://www.youtube.com/watch?v=BzDp1MahATc width:560 height:315 align:left]
Part 2: Collection & use of personal information
1. Brainstorm at least 4 different ways businesses could collect personal information about their customers.
2. Brainstorm at least 4 different ways businesses might use this personal information.
Part 3: What is the Privacy Act 1988?
Read: http://www.oaic.gov.au/privacy/privacy-act/the-privacy-act
Answer the following questions in a Word Document:
1. Define the Privacy Act 1988.
2. List 5 things the Privacy Act is responsible for.
3. Why do you think it is important to have the Privacy Act in place?
Part 4: Privacy Act Case Studies
Read through each case study, and then answer the questions using your own judgement. You will be able to review the real-life outcomes at the Evaluation stage.
Each answer should be 1-2 sentences in length.
Case Study #1 - Travel Insurance
An individual had taken out travel insurance, which was bundled with a credit card product, and had provided information about herself when applying for the credit product. The insurer's privacy statement was only brought to her attention when she made a claim under the travel insurance.
The complainant asserted that the privacy statement was deficient because it required her to provide further personal information before her claim would be processed.
1. What do you think think the Commissioner's views were on the timing of privacy statement being brought to her attention?
Case Study #2 - Health Insurance
The second complaint arose when a private health insurer mistakenly distributed information about an insured's medical status to a number of employers. The information was inadvertently included in a pro forma 'dummy' form that was intended to show employers the type of notice that employees would receive if they fell into arrears with their premiums.
1. What privacy breach was made?
2. What procedures might the Health Insurance Company have to undertake to rectify the error?
Evaluation
Evaluation
By the end of this period you should have completed the four parts of this webquest.
Parts 1-3: Answers
We will either go through these answers as a class or you will share your answers with the person sitting next to you.
Part 4: Case Studies Answers
The real-life conclusions made by the Commissioner for these case studies were....
Case Study #1: Travel Insurance
The Commissioner concluded that a privacy statement must be provided before insurance is taken out to allow individuals to make an informed choice about whether to enter into the insurance contract. The insurer agreed to include new terms and conditions, which included a more comprehensive privacy statement with the credit card product so that potential claimants would be told, before they entered into the contract, what would happen to their personal information and why the insurer needed to collect it.
Case Study #2: Health Insurance
The Commissioner concluded that this error showed that the insurer had not effectively protected the personal information from unauthorised access, in breach of NPP 4, which obliges an organisation to keep information it holds secure. The insurer also breached NPP 2.1 by disclosing personal information for a purpose other than the purpose for which it was collected.
The insurer agreed to revise and strengthen its procedures to reduce the risk of such mistakes and to provide further training to its staff. It advised all the recipients of the information to destroy it. Disciplinary action was taken against the staff member who made the error and all staff were reminded that breaching customers' privacy may have disciplinary consequences.
Conclusion
Save your Word Document for future reference