Galexia
             home
       about us
        services
        projects
       research
          contact
» home » research » assets » eft review  

Subscribe to Galexia news and announcements.
More information »

Privacy Impact Assessment (PIA): This tool identifies privacy issues in specific sectors or applications. By using the PIA tool at the design stage of an implementation organisations can avoid privacy errors and the costs of rectification at later stages. Find out more »

[2018 Global Cloud Computing Readiness Scorecard]

2018 Global Cloud Computing Readiness Scorecard
Find out more »

Submission - Joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC (May 2007)

[« previous] [next »] [up] [title page] [full contents]

Q56 – Should the status of the cl 21.2 guidelines be changed to make these provisions contractually binding requirements?

Consumer stakeholders believe that some of the privacy guidelines in the current Code should be revised and implemented as contractually binding requirements. It is confusing and inconsistent for some provisions of the Code to be binding and for others to be mere guidance. This Review is an opportunity to clarify this situation.

The binding privacy clauses should be:

  • Clause 21.2 (a) Surveillance
    This Clause ensures that where a person calls a customer care hotline they are warned before the call is recorded. Similarly, ATMs using video surveillance must carry a notice to that effect. It is unlikely the same level of certainty could be achieved by relying on the vague National Privacy Principles (NPPs) in the Privacy Act; and
  • Clause 21.2 (c) Transaction receipts
    This Clause ensures that key personal information is not disclosed when receipts are misplaced. It is uncertain whether the NPPs could be relied upon to achieve this result as the information is initially disclosed to the consumer, and the NPPs are designed to cover third party disclosure. However, it is clear that receipts do represent a significant security risk as they are easily forgotten at the counter or misplaced.

The two other clauses (Clause 21.2 (b) Authorisation and Clause 21.2 (d) Privacy Policies) could be safely removed from the Code. These appear to be adequately covered by the NPPs and industry practice.

[« previous] [next »] [up] [title page] [full contents]

[view all] [download PDF version]

[up to research]

 

Search for:

HERE

PrintVersionprint this page

Sitemapsitemap

Subcribe to RSS newsrss news feed

Manage email subscriptionsmanage email subscriptions

Latest News

September 2019
Register of Public Galexia PIAs. Read more »

September 2019
Updates to Galexia Website. Read more »

September 2019
PM&C / Office of the National Data Commissioner (ONDC) releases Discussion Paper and accepts recommendations from Galexia’s PIA on the proposed Data Sharing and Release legislative framework. Read more »

August 2019
Galexia providing privacy advice and an independent public Privacy Impact Assessment (PIA) on 2021 Census for ABS. Read more »

June 2019
Galexia completes privacy advice and an independent Privacy Impact Assessment (PIA) on the Naval Shipbuilding College Workforce Register. Read more »

view all news items »

[Home] [Sitemap] [Print this page] [Privacy statement]

© Galexia Pty Ltd
Telephone: +61 (02) 9660 1111
Email: [email protected]