How much do you know about privacy?

In 2013, Yahoo was subject to a hack that exposed its entire user database at the time - approximately 3 billion accounts. The breach disclosed names, email addresses, telephone numbers, dates of birth, and security questions and answers. Check out OVIC’s guidance on how to prepare for and respond to the privacy implications of data breaches involving personal information.

In 2013, Yahoo was subject to a hack that exposed its entire user database at the time - approximately 3 billion accounts. The breach disclosed names, email addresses, telephone numbers, dates of birth, and security questions and answers. Check out OVIC’s guidance on how to prepare for and respond to the privacy implications of data breaches involving personal information.

Using private or incognito mode on a browser merely prevents your browsing history, cookies, passwords, or temporary files from being locally stored on your own device. It does not necessarily mask your identity or browsing activity from third parties such as the websites you visit or internet service providers.

Using private or incognito mode on a browser merely prevents your browsing history, cookies, passwords, or temporary files from being locally stored on your own device. It does not necessarily mask your identity or browsing activity from third parties such as the websites you visit or internet service providers.

The Information Privacy Act 2000 (Vic) commenced operation on 1 September 2001, establishing a regime for the responsible collection and handling of personal information in the Victorian public sector. That Act was later repealed and replaced by the current Privacy and Data Protection Act 2014 (Vic). The Health Records Act 2001 (Vic) commenced 1 March 2002, establishing a regime for the protection of health information.

The Information Privacy Act 2000 (Vic) commenced operation on 1 September 2001, establishing a regime for the responsible collection and handling of personal information in the Victorian public sector. That Act was later repealed and replaced by the current Privacy and Data Protection Act 2014 (Vic). The Health Records Act 2001 (Vic) commenced 1 March 2002, establishing a regime for the protection of health information.

Information Privacy Principle 1.3 requires organisations to take reasonable steps to provide individuals with certain information when collecting their personal information. It does not specify the method or format in which that information must be provided. Notice can be provided in writing, verbally or any other means that conveys the required information. Organisations should choose the most appropriate and transparent method or methods.

Information Privacy Principle 1.3 requires organisations to take reasonable steps to provide individuals with certain information when collecting their personal information. It does not specify the method or format in which that information must be provided. Notice can be provided in writing, verbally or any other means that conveys the required information. Organisations should choose the most appropriate and transparent method or methods.

In Victoria, section 13 of the Charter of Human Rights and Responsibilities Act 2006 (Vic) protects individuals’ right to not have their privacy interfered with. The Privacy and Data Protection Act 2014 (Vic) and Health Records Act 2001 (Vic) establish a framework for the collection, use and disclosure of personal information and health information by public sector organisations.

In Victoria, section 13 of the Charter of Human Rights and Responsibilities Act 2006 (Vic) protects individuals’ right to not have their privacy interfered with. The Privacy and Data Protection Act 2014 (Vic) and Health Records Act 2001 (Vic) establish a framework for the collection, use and disclosure of personal information and health information by public sector organisations.

While the General Data Protection Regulation is an EU law, it imposes obligations on organisations anywhere in the world, provided certain criteria are met. Victorian public sector organisations that operate in the EU or handle personal information of EU residents should review whether they have obligations under the GDPR.

While the General Data Protection Regulation is an EU law, it imposes obligations on organisations anywhere in the world, provided certain criteria are met. Victorian public sector organisations that operate in the EU or handle personal information of EU residents should review whether they have obligations under the GDPR.

According to the 2020 Australian Community Attitudes to Privacy Survey, only 1 in 5 Australians (20%) read and are confident they understand privacy policies on internet sites. The main reasons why Australians do not read privacy policies include the length and difficulty of the policies. Australians want to see standard, simple language (87% support) and a plain English summary at the start of every privacy policy (86% support). There is also support (73%) for the use of icons as indicators that certain activities are undertaken.

According to the 2020 Australian Community Attitudes to Privacy Survey, only 1 in 5 Australians (20%) read and are confident they understand privacy policies on internet sites. The main reasons why Australians do not read privacy policies include the length and difficulty of the policies. Australians want to see standard, simple language (87% support) and a plain English summary at the start of every privacy policy (86% support). There is also support (73%) for the use of icons as indicators that certain activities are undertaken.

According to NordPass’s annual research, in 2021 the most common Australian passwords were made up of simple names, consecutive numbers and, sequential keys on a keyboard. Check out the list on NordPass’s website.

According to NordPass’s annual research, in 2021 the most common Australian passwords were made up of simple names, consecutive numbers and, sequential keys on a keyboard. Check out the list on NordPass’s website.

Organisations that infer personal information are collecting the inferred information (this process is sometimes referred to as ‘collection by creation’). Information Privacy Principle 1.1 prohibits organisations from collecting unnecessary personal information. This means that organisations cannot infer personal information unless that information is necessary for their functions or activities. Check out OVIC’s blog post on artificial intelligence inferences and collection.

Organisations that infer personal information are collecting the inferred information (this process is sometimes referred to as ‘collection by creation’). Information Privacy Principle 1.1 prohibits organisations from collecting unnecessary personal information. This means that organisations cannot infer personal information unless that information is necessary for their functions or activities. Check out OVIC’s blog post on artificial intelligence inferences and collection.