Reference Library

P3WG - Privacy Framework Sub-Committee Reference Library

The documents referenced here do not indicate endorsement or other support by the sub-committee.  They are included here for reference only.

Uncategorized Documents:

• ITSPA Privacy Management Reference Model 2.0
• ITSPA Analysis of Privacy Principles
• AICPA/CICA Generally Accepted Privacy Principles
• OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
• Directive 95/46/EC ofthe European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
• "The Personal Information Protection and Electronic Documents Act." Office of the Privacy Commissioner of Canada. 13 Apr 2000. (link currently unavailable)
• U.S. Safe Harbor Frameworks
• APEC Privacy Framework
• 2008 NAI Principles: The Network Advertising Initiative's Self-Regulatory Code of Conduct
• Privacy Policy Guidance Memorandum. US. Department of Homeland Security. 29 Dec 2008
• US. Department of Health and Human Services "Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information."
• Jim Purves' technical briefing paper on authentication processes for the UK Government Gateway
  • There's a lot of detail in Jim's document, but for our purposes, I recommend a look at p.40, (section 4.53) which describes a generic registration process (generic in the sense of 'across UK Government Gateway service/user types', not necessarily universally applicable).
• UK Government's general Authentication Framework 
  • Interestingly, this defines both the kinds of data to be collected in support of a registration/enrolment, and also the mapping to OMB 404-style LoAs (which the OMB 'borrowed' from the UK strategy a few years back).

Australian Privacy Principle Documents:

• Privacy Act 1988 (Cth)
  • Information Privacy Principles
    • Application: Commonwealth and ACT government agencies
  • National Information Privacy Principles
    • Application:
      Organisation = an individual, body corporate, partnership, any other unincorporated association or trust that is not a small business operator, a registered political party, an agency, a State or Territory authority or a prescribed instrumentality of a State or Territory.
      Health Service Providers (whether or not it is a small business operator)
  • Approved Privacy Codes
    • Application: Organisation = an individual, body corporate, partnership, any other unincorporated association or trust that is not a small business operator, a registered political party, an agency, a State or Territory authority or a prescribed instrumentality of a State or Territory.
      Initiated by an organisation and approved by the Privacy Commissioner – binding on the organisation – replace NPP
      As at 15 June 2010 – 3 approved codeshttp://www.privacy.gov.au/business/codes/register
      One under consideration - Internet Industry Privacy Codehttp://www.privacy.gov.au/business/codes/register
  • Tax file number Guidelines
  • Data-Matching Program (Assistance and Tax) Act 1990 Guidelines
  • The use of data matching in Commonwealth administration – Guidelines
    • Voluntary - not using Tax File Numbers
  • Exposure Draft Australian Privacy Principles

• Documents by State
  • Information Privacy Act 2009 (Qld)
    • Information Privacy Principles
    • Application: Queensland state agencies other than the health department
  • Information Privacy Act 2000 (Vic)
    • Information Privacy Principles
    • Application: Public sector organisations
  • Privacy and Personal Information Protection Act 1998 (NSW)
    • Information Protection Principles
  • Health Records and Information Privacy Act 2002 (NSW)
    • http://www.austlii.edu.au/au/legis/nsw/consol_act/hraipa2002370
  • Information Privacy Bill 2007 (WA) – not enacted
    • http://www.austlii.edu.au/au/legis/wa/bill/ipb2007241
  • Cabinet Administrative Instruction 1/89 – Information Privacy Principles Instruction (SA)
    • http://www.premcab.sa.gov.au/pdf/circulars/Privacy.pdf
  • Personal Information Protection Act 2004 (Tas)
    • http://www.thelaw.tas.gov.au/tocview/index.w3p;cond=all;doc_id=46%2B%2B2004%2BAT%40EN%2B20100629000000;histon=;prompt=;rec=;term=personal