Amendments to the Privacy Act will come into effect on the 12th March 2014 and apply to all organisations and government agencies. These ammendments are:
- People must be able to use anonimity and pseudonyms
- Personal information other than sensitive information is not to be collected unless it is reasonably necessary or directly related to function or activities
- If unsolicited information is received and was not able to be collected by usual means, the information must be destroyed or deindentified as soon as is practicable
- People are to be notified as soon as is practicable that their information has or will be collected
- Personal information that has been collected must not be passed on to a third party
- Personal information must not be used in direct marketing unless consented to by the individual. This consent must be easy for the individual to deny or accept.
- If personal information is given to overseas entities, it must be ascertained that they will not breach privacy laws
- Government-related identifiers must not be disclosed
- Personal information must be able to be accessible to the individual, take steps to correct information if notified by the individual of errors
So what do these ammendments mean for librarians and libraries? I can think of 4. Please let me know if you think of any others.
Borrower information: Libraries typically collect personal information about people registering with the library. This information includes names, addresses, contact numbers. What borrower information is reasonably necessary for libraries to function? Libraries must take reasonable steps to inform borrowers about personal information that is held/going to be stored about them, allow potential borrowers to use pseudonyms or remain anonymous if they desire and provide them with details as to how to access their information and how to correct it should there be errors. Library systems used in Australia must be modilfable to be compliant.
User surveys: Librarians doing user surveys must ensure that any personal information that is collected is directly related to library activities or function. How much personal information is needed to make survey results useful? Names and addresses are not necessary. Perhaps age groups if your library is a public library (this might be applicable to academic libraries in respect to mature age students), or area of work (it is usful to know what training etc is most/least appreciated per area in an organisation).
Library resources: We all know that electronic resources collect usage information. What other information is collected? The library must be sure that information collected by overseas suppliers is be compliant with Australian Privacy laws. Do we have to inform users about the potential of information collection or is it the responsibility of suppliers?
User statistics: I keep record of literature searches and training/education sessions. I have only informed people on some occasions that I was collecting information for records. So why do I keep these records? Training – I discover what classes are popular by attendance numbers. For individual training, I can use it to fashion new training classes and modify others. Literature searches – this is just a numbers game. Names are collected but perhaps this is not necessary to keep on record – perhaps dept information is enough.
Disclaimer: I am not a soliciter/barrister and have no legal training. These are my thoughts about how these ammendents may have impact.