Reference Library
P3WG - Privacy Framework Sub-Committee Reference Library
The documents referenced here do not indicate endorsement or other support by the sub-committee. They are included here for reference only.
Uncategorized Documents:
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
"The Personal Information Protection and Electronic Documents Act." Office of the Privacy Commissioner of Canada. 13 Apr 2000. (link currently unavailable)
2008 NAI Principles: The Network Advertising Initiative's Self-Regulatory Code of Conduct
Privacy Policy Guidance Memorandum. US. Department of Homeland Security. 29 Dec 2008
Jim Purves' technical briefing paper on authentication processes for the UK Government Gateway
There's a lot of detail in Jim's document, but for our purposes, I recommend a look at p.40, (section 4.53) which describes a generic registration process (generic in the sense of 'across UK Government Gateway service/user types', not necessarily universally applicable).
UK Government's general Authentication Framework
Interestingly, this defines both the kinds of data to be collected in support of a registration/enrolment, and also the mapping to OMB 404-style LoAs (which the OMB 'borrowed' from the UK strategy a few years back).
Australian Privacy Principle Documents:
Information Privacy Principles
Application: Commonwealth and ACT government agencies
National Information Privacy Principles
Application:
Organisation = an individual, body corporate, partnership, any other unincorporated association or trust that is not a small business operator, a registered political party, an agency, a State or Territory authority or a prescribed instrumentality of a State or Territory.
Health Service Providers (whether or not it is a small business operator)
Approved Privacy Codes
Application: Organisation = an individual, body corporate, partnership, any other unincorporated association or trust that is not a small business operator, a registered political party, an agency, a State or Territory authority or a prescribed instrumentality of a State or Territory.
Initiated by an organisation and approved by the Privacy Commissioner – binding on the organisation – replace NPP
As at 15 June 2010 – 3 approved codeshttp://www.privacy.gov.au/business/codes/register
One under consideration - Internet Industry Privacy Codehttp://www.privacy.gov.au/business/codes/register
Data-Matching Program (Assistance and Tax) Act 1990 Guidelines
The use of data matching in Commonwealth administration – Guidelines
Voluntary - not using Tax File Numbers
Documents by State
Information Privacy Act 2009 (Qld)
Application: Queensland state agencies other than the health department
Information Privacy Act 2000 (Vic)
Application: Public sector organisations
Privacy and Personal Information Protection Act 1998 (NSW)
Health Records and Information Privacy Act 2002 (NSW)
Information Privacy Bill 2007 (WA) – not enacted
Cabinet Administrative Instruction 1/89 – Information Privacy Principles Instruction (SA)
Personal Information Protection Act 2004 (Tas)