Collection
Use
Disclosure
Storage
Security of information and
rights to access this information.
They do differ slightly to the IPPs to reflect the different issues that operate in a commercial environment, such as provisions relating to direct marketing. The NPPs require organisations to allow individuals to deal with them anonymously provided this is lawful and practicable. For example, this would require electronic road toll systems and payphone providers to provide an anonymous payment option such as cash or prepaid cards.
B) Name the 10 NPPs that regulate how the private sector organisations must manage personal information.
NPP 1: collection
Describes what an organisation should do when collecting personal information, including what they can collect, collecting from third parties and, generally, what they should tell individuals about the collection.
NPP 2: use and disclosure
Illustrate how organisations may use and disclose individuals' personal information. If certain conditions are met, an organisation does not always need an individual's consent to use and disclose personal information. There are rules about direct marketing.
NPPs 3 & 4: information quality and security
An organisation must take steps to ensure the personal information it holds is accurate and up-to-date, and is kept secure from unauthorised use or access.
NPP 5: openness
An organisation must have a policy on how it manages personal information, and make it available to anyone who asks for it.
NPP 6: access and correction
Gives individuals a general right of access to their personal information, and the right to have that information corrected if it is inaccurate, incomplete or out-of-date.
NPP 7: identifiers
Generally prevents an organisation from adopting an Australian Government identifier for an individual (e.g. Medicare numbers) as its own.
NPP 8: anonymity