Review a company’s privacy policy and compare this to the Privacy Act of Australia.
Unknown too many, the IT departments of organizations, just like any other departments, can, depending on how they are managed, determine whether the organization stands or falls. This is because, in the growing world of the internet, it is becoming increasingly crucial that specific information about a company does not fall into the hands of the wrong people. IT professionals have, therefore, to work harder than ever before. In this regard, the Australian government came up with a set of rules and regulations to govern issues of privacy for organizations and individuals, called the Privacy Act of 1988 (Adrian 2013).
In this report, we are going to examine the privacy policy of Wesfarmers Limited, an Australian union with its headquarters in Perth, Western Australia, and one of the largest business corporations in Australia. We will then compare the privacy policy of Wesfarmers Limited to the Privacy Act of Australia. We will then seek to find out if there are any backdrops of this company with relevance to the Privacy Act, or if there are areas that it goes beyond the stipulations of the Act or both. Finally, we will make recommendations, if any, that can be implemented by the company to ensure that it fully complies with the Act.
The primary function of the Act is to regulate the handling of personal information. For that reason, the first thing it does is stipulate a detailed and exhaustive definition of “personal information” and what it entails (Caron et al. 2016). The Privacy act rests on the Australian Privacy Principles, thirteen in total, from which it derives its authenticity. The primary areas that the Act is concerned about are credit reporting, tax file numbers, and health and medical research. Other legislation includes telecommunications, criminal records, government data matching, anti-money laundering, personal property security register and healthcare identifiers among others (Cate and Mayer-Schönberger 2013).
The privacy new policy is distributed across all the Australian organizations, companies, businesses, firms, public and private institutions, stakeholders, and also to individuals. We will look at the implementation of the new policy in Westfarmers Limited and see how the policy relates with the Act and collect the feedback from the stakeholders.
Let us then see if Wesfarmers Limited abides by the requirements of the Privacy Act. First of all, their definition of ‘personal information’ is exactly as it is in the Act. Their policy explains their methods of collection, storage, and disclosure of personal information and the rights of stakeholders concerning correction and submission of complaints about the company’s treatment of personal information (Choo 2010). As per the policy, the type of information they collect is mainly dependent on the rationale for collection, and the activity for which the information is relevant.
The Privacy Policy of Wesfarmers Limited stipulates well the type of personal information that they collect along with the underlying conditions. They collect the names and contact details and communication records with shareholders, employees in their group of companies, job applicants, their suppliers, their correspondents, and people who request updates of information about the company through their website mailing list. They do not go against section 6(1) of the Act, which outlines the type of personal information a company can take and from whom.
The policy also says how the company collects personal information (Clarke 2009). The primary method is direct collection from clients when they engage in various transactions with the company, like corresponding or registering with them, or when providing feedback or entering into agreements with them. Also, where circumstances dictate, they may collect personal information from third parties. For instance, they may require the referees given by job applicants to disclose personal information about the applicants. With the help of their service providers, or at their secure storage locations, the information is stored electronically or, on rare occasions, in hard copy.
The company collects and keeps personal information for various purposes. First is to enable effective communication with shareholders when their payments are being processed, and to ensure their compliance with legal obligations (Otlowski 2015). It further helps them to correspond with people who contact them so they can send and receive feedback appropriately, plus a series of other functions, all of which are in line with the postulates of the Australian Privacy Act. Generally, as the policy states, the information is used for the primary application for which it was intended, or for uses related to the primary purpose in a relevant manner, or for exceptional conditions as laid out by the Privacy Act.
The Privacy policy of Wesfarmers Limited points out the reasons why they may need to disclose personal information to third parties, and the specific third parties to who such kind of data may be made available (Pardo and Siemens 2014). They only share such information when it is a requirement by the law that they do so, or when they have obtained the full consent of the person or group whose information they wish to disclose. Otherwise, they do not disclose any personal information at all to anybody. And when they do, they do all they can to ensure that the person receiving the data has the capacity to protect and secure that information and use it only for the purpose for which it was intended.
As we would expect, Wesfarmers Limited allows people whose personal information they hold to access that information or request for its correction, provided they meet some conditions. The company must first ascertain that the person seeking access is the rightful person (Svantesson and Clarke 2010). This they do because they do not want to take chances with confidentiality. They have provisions put in place for people who would like to give complaints concerning their privacy policy. The claims can be submitted either electronically through an email they have provided, or formally through writing and submission to their Privacy Officer.
The policy was good because it protected the people’s personal information from being disclosed to the third parties. But on the other hand, it allowed the stakeholders to disclose the personal information under some circumstances. This disclosure of people’s personal information in spite of the conditions is a breach of their privacy.
The companies denies its stakeholders the rights to disclose personal information to the third parties and if they have to do so under some defined circumstances, the company requires that they must disclose this information only to people who can be entrusted to keep it private. The above practice ensures that the privacy policy and procedures are applied and followed.
The organizational privacy requires that the company should only demand personal information from job applicants, employees, shareholders, and other stakeholders when they need to keep updating them about the actions of the company affecting them. With the help of their service providers, or at their secure storage locations, the information is stored electronically or, on rare occasions, in hard copy. The company then uses their information security system to protect these information from the unauthorized people.
In my opinion, the company policy has a few flaws, with regards to the Australian Privacy Act, that they need to take care of. The first problem concerns the disclosure of personal information to third parties (Wright and De Hert 2012). Although the company has pointed out very well who is entitled to the personal information they hold and under what circumstances, they have not said who is not. The Act requires that you indicate, where relevant, who is not entitled to the personal information you sure and why.
Another limitation appertains to the exceptional conditions for which they share personal information as stipulated by the Act. The Act requires that they should have written down the exact situations or circumstances that may lead to sensitive personal information. Merely saying that there are exceptional circumstances leaves one guessing what they might be, which is not very pleasant.
To ensure the organization fully complies with the act, first, they should provide a full, detailed list of which third parties are cleared to receive the personal information they hold, and who is not cleared (Kenny et al. 2012). This will take care of the first limitation discussed in the preceding paragraph. The organization should communicate these changes with all their working personnel and make them fully aware that they should provide a clear record of the list of the third parties they should receive their personal information.
Secondly, they should provide a detailed list of conditions, including the exceptional ones, which may compel them to disclose personal information to third parties. This way they shall have removed any doubts and uncertainties in the minds of those whose personal information they are in custody of. For this policy to be implemented in this company and also n others, the Australian act needs to be amended to ensure that it provides a list of conditions under which the stakeholders may be compelled to disclose personal information to third parties.
The company should inform all their employees about the improvement of the policies to mitigate some of the risks associated with the privacy policy and their plan to keep these changes fully operational. We will continuously follow up the company to ensure that it keeps these new changes in practice. To inform the company stakeholders of the changes that would be made as I have shown in the recommendations, I will write an electronic memo that would be sent to each of the stakeholders’ emails.
Conclusion
Except for the two shortcomings we have found out, the privacy policy of Wesfarmers Limited is generally good and in total compliance with the Australian Privacy Act (the Act).
References
Adrian, A., 2013. How much privacy do clouds provide? An Australian perspective. Computer Law & Security Review, 29(1), pp.48-57.
Caron, X., Bosua, R., Maynard, S.B. and Ahmad, A., 2016. The Internet of Things (IoT) and its impact on individual privacy: An Australian perspective. Computer law & security review, 32(1), pp.4-15.
Cate, F.H. and Mayer-Schönberger, V., 2013. Notice and consent in the world of Big Data. International Data Privacy Law, 3(2), pp.67-73.
Choo, K.K.R., 2010. Cloud computing: challenges and future directions.
Clarke, R., 2009. Privacy impact assessment: Its origins and development. Computer law & security review, 25(2), pp.123-135.
Kenny, R., Pierce, J., and Pye, G., 2012, January. Ethical considerations and guidelines in web analytics and digital marketing: a retail case study. In AiCE 2012: Proceedings of the 6th Australian Institute of Computer Ethics conference 2012 (pp. 5-12). Australian Institute of Computer Ethics.
Otlowski, M.F., 2015. Disclosing genetic information to at-risk relatives: new Australian privacy principles, but uniformity still elusive. The Medical journal of Australia, 202(6), pp.335-337.
Pardo, A. and Siemens, G., 2014. Ethical and privacy principles for learning analytics. British Journal of Educational Technology, 45(3), pp.438-450.
Svantesson, D. and Clarke, R., 2010. Privacy and consumer risks in cloud computing. Computer law & security review, 26(4), pp.391-397.
Wright, D., & De Hert, P. (2012). Introduction to privacy impact assessment. In Privacy Impact Assessment (pp. 3-32). Springer, Dordrecht.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download