steve2
Good point joe. I'd only add that police have legislative backing for their information gathering and storing - even without individual's consent - for obvious reasons.
However, I wonder about the right of a religious organization to gather information on specified individuals without their even knowing it is being gathered and stored.
If you are still interested, maybe have a look at the APP's (Australian Privacy Principles)
www.oaic.gov.au/privacy-law/privacy-act/australian-privacy-principles
"APP 3 provides that an APP entity must collect personal information only by lawful and fair means, and must (where reasonable and practicable) collect personal information about an individual directly from that individual.
In addition, ‘sensitive information’ may generally only be collected if the individual about whom the information relates has consented to the collection.
‘Sensitive information’ means information about an individual’s racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; membership of a trade union; sexual orientation or practices; criminal record; health information about an individual; genetic background, or biometric identification (such as fingerprints that is to be used for the purpose of automated biometric verification)."
Summary of the australian privacy principles
"The biggest implication of these new laws is that bodies collecting and storing data (that’s potentially your company) can now be fined up to 1.7m per infringement.
The Privacy Amendment Act includes a set of new, harmonised privacy principles called Australian Privacy Principles (APPs). These APPs will regulate the handling of personal information by both businesses and Australian government agencies.
Sensitive information
3.3 An APP entity must not collect sensitive information about an individual unless:
(a) the individual consents to the collection of the information and:
(i) if the entity is an agency – the information is reasonably necessary for, or directly related to, one or more of the entity’s functions or activities; or
(ii) if the entity is an organisation – the information is reasonably necessary for one or more of the entity’s functions or aactivities"
www.cohortglobal.com/changes-to-australian-privacy-laws-effective-march-2014/
"Further the principles make it mandatory for organisations to give the option of client-anonymity. Good practice for internet trading and other electronic data collection is to include an opt-out clause when gathering client information.
Failure to maintain data integrity or to ensure that information is collected through compliant methods, may present substantial financial and reputational risks.
The obligations of the Act and the Privacy Principles are enforceable by the Australian Information Commissioner (AIC). As part of the legislative amendment, the Commissioner’s regulatory powers have been expanded with powers to investigate perceived breaches.
The AIC is empowered to conduct privacy audits of any Australian government body or regulated private organisation; where serious breaches are found, the Commissioner can penalise APP entities up to $1.1 million."
Not for profit compliance essentials
"There are no exemptions for Not-for-Profit or charitable entities."
www.charitiesnfplaw.com.au/2013/11/19/significant-privacy-act-amendments-to-regulate-government-agencies-individuals-and-businesses/
(Some of the links wouldn't fit on the page, that's why they are posted in blue text)
---------
Can someone please send a copy of this letter to the Australian Information Commission, and ask if they think APP 3.3 may apply here? They might be very interested in this apparent breach of privacy..
(Maybe you could phone the enquiry line and ask if this applies, if you live in Australia)
www.oaic.gov.au/about-us/contact-us
Please let us know if you get any response, or at least PM me, as this post took a while to put together. ;)
