------------------------------------------------------------------------------------------------------------
PRIVACY NEWSLETTER 2
Summary of the National Privacy Principles (NPP)
Effective 21st December 2001 In the context of Recruitment

NPP-1. Collection
Must only collect personal information that is necessary for recruitment decision.
Must collect personal information only by lawful and fair means.
Must try to ensure that the individual from whom personal information is collected is aware: - of the identity and contact details for the organisation

• that the individual can access information
  
• why the information is collected
  
• to whom the information is usually disclosed
  
• any law requiring the collection
  
• main consequences for the individual if the information is not provided
  
• when personal information is collected from third parties. (Where possible,
  
• information should be collected directly from individual)

NPP-2. Use and Disclose
Must only use or disclose info for the primary purpose of collection unless:

• individual consent is given; or
  
• secondary purpose is related to primary purpose and reasonably expected by individual.
  

NPP-3. Data Quality
Must try to ensure information held is accurate, complete and up-to-date.

NPP-4. Data Security
Must take reasonable steps to ensure that:

• Personal information is protected from misuse, loss, unauthorised access, modification or disclosure.
  
• Personal information is destroyed or permanently de-identified if no longer needed.
  

TOP

NPP-5. Openness
Must have available on request a clearly expressed policy statement outlining personal information handling practices.

On request, take reasonable steps to let a person know what personal information it holds, for what purposes, how it collects, holds, uses and discloses that information.

NPP-6. Access and Correction
Must provide any individual with access to personal information about that individual.
Must take reasonable steps to correct information, or record disagreements.
May charge a reasonable fee for access.

NPP-7. Identifiers
Must not adopt as its own database record ID of an individual, an identifier assigned by Commonwealth agencies or contacted service provider, eg: Tax File Numbers etc.

NPP-8. Anonymity
Where lawful and practicable, individuals have right not to identify themselves (Unlikely to occur in recruitment)

NPP-9. Trans-border Data Flows
May only transfer personal information to someone in a foreign country if:

• recipient is subject to law/scheme/contract substantially similar to the National Privacy Principles; or
  
• individual has consented; or
  
• transfer necessary for the performance of the contract between the individual and the organisation.
  

NPP-10. Sensitive Information
Must not collect sensitive information unless:

• individual has consented; or
  
• collection required by law
  

(sensitive information is defined and includes such areas as race, religious beliefs, professional or trade association membership, political opinions, sexual preferences, health, criminal record etc.)

See ARS Recruitment Newsletter 3 for an understanding of the implications for recruitment.

TOP

This publication has been prepared exclusively for the information of clients and consultants of ARS Recruitment and should not be relied upon as a substitute for legal advice. The owners and consultants of ARS Recruitment expressly disclaim all and any liability flowing from any act done or omitted to be done in reliance upon the whole or part of the contents of this newsletter