eBook Publications

NSW Template – Privacy Audit Survey

PURCHASE eBOOK Checkout Added to basket

 

Share this eBook

NSW Template – Privacy Audit Report

Vic Template – Staff Undertaking

Vic Template – Privacy Manual for Staff

Vic Template – Data Use Protocol

Vic Template – Data Governance Protocol

Vic Template – Contract Clauses

Vic Template – Collection Notices and Consent Forms

Vic Template – Privacy Audit Report

Vic Template – Privacy Audit Survey

Vic Template – PIA Report

Vic Template – Privacy Risk Assessment Procedure

Vic Template – Data Breach Response Plan

Vic Template – Privacy Policy

Algorithms, AI, and Automated Decisions – A guide for privacy professionals

This plain language guide offers a framework for privacy professionals to use when assessing algorithmic systems for privacy risks and harms.

What is an Algorithmic Impact Assessment, and when are they needed?  What does a privacy professional need to know about how AI works?  What are the different types of bias which should be controlled for?  What does a ‘good’ system look like?

For an assessment of an algorithmic system to be robust, it should encompass:

• Legal compliance – ensure the algorithmic system is lawful, with particular focus on privacy, anti-discrimination, and consumer protection laws
• Social impacts – consider the social, political, and economic context for a deeper appreciation of potential privacy-related harms, and
• Technical considerations – integrate testing for accuracy, performance, fairness and bias.

This eBook provides a useful introduction in any jurisdiction.  It offers clear guidance on:

• foundational concepts and definitions about algorithmic systems, automated decision-making and artificial intelligence
• the various types of privacy-related harm which can arise from algorithmic systems
• an exploration of how fairness, ethics, accountability and transparency (‘FEAT’) can be built into algorithmic systems
• the Four D’s Framework for assessing privacy risk in algorithmic systems, across design, data, development, and deployment
• a comprehensive list of features of trustworthy systems, which can be used by privacy professionals seeking to assess algorithmic systems, and
• where to place Algorithmic Impact Assessments in the context of other types of risk assessments like PIAs.

Click below to purchase Algorithms, AI, and Automated Decisions – A guide for privacy professionals.

Alternatively, this eBook can be can be purchased along with other resources in one of our value-packed Compliance Kits – see the ‘PIA Pack’, ‘Algorithms Bundle’, or the ‘Everything…’ option for your sector.

We accept credit card, debit card or PayPal.  Questions? See our eBook FAQs.

NSW Template – Data Use Protocol

Template – Data Use Protocol

Template – Privacy Audit Report

Template – Privacy Audit Survey

CHECKLIST – Common Privacy Risks and Controls

Briefing Paper – Privacy, Marketing and Cookies

Template – PIA Report

CHECKLIST – Handling a Privacy Complaint

Untangling the APPs – A decision tree guide to using and disclosing personal information

A handy guide to help you untangle the complexities of privacy law.

Our clients often ask us to advise on a seemingly simple question: Can we use or disclose this?

In reality, the question is: Can we use X type of information, for Y purpose?

Or:  Can we disclose X type of information, to the recipient Y, in circumstances Z?

Finding the answer amongst the tangle of the Australian Privacy Principles, and various exemptions and exceptions, can be frustratingly complex.  For example, some rules only cover health information; some cover personal information but not ‘sensitive information’; some cover cross-border disclosures, but others don’t.

So how do you find your way through the maze?

Untangling the APPs is designed to help you quickly navigate your way through the Use and Disclosure principles in the Australian Privacy Act.  It is relevant for private sector organisations and Australian government agencies alike.

Untangling the APPs offers a set of seven decision trees, with yes/no answers determining your path, to quickly guide you through APPs 6-9, and all the exemptions to those principles.  As well as the Use & Disclosure principle (APP 6), it incorporates the rules about direct marketing (APP 7), cross-border disclosures (APP 8), and government related identifiers (APP 9).  It reflects the law as at 1 January 2021.

So now you can quickly figure out the answer to the question: Can we use or disclose this?

Click below to purchase Untangling the APPs – A decision tree guide to using and disclosing personal information.

Alternatively, this eBook can be included along with other resources in one of our value-packed Compliance Kits.

We accept credit card, debit card or PayPal.  Questions? See our eBook FAQs.

NSW Template – Staff Undertaking

NSW Template – Privacy Risk Assessment Procedure

NSW Template – Privacy Manual

NSW Template – PIA Report

NSW Template – Data Governance Protocol

NSW Template – Data Breach Response Plan

NSW Template – Contract Clauses

NSW Template – Collection Notices and Consent Forms

Template – Best Practice Privacy Principles

Briefing Paper – GDPR in a Nutshell

Briefing Paper – Australian privacy law index

CHECKLIST – 10 steps towards GDPR compliance

CHECKLIST – Cloud computing and the cross-border disclosure rule

CHECKLIST – Risks to avoid when selecting and configuring CRM systems

The Privacy Officer’s Handbook

Template – Privacy Policy

Template – Data Breach Response Plan

Template – Privacy Manual for Staff

Template – Data Governance Protocol

Template – Privacy Impact Assessment Framework

Template – Contract Clauses

Template – Collection Notices and Consent Forms

Template – Staff Undertaking

Demystifying de-identification

An introductory guide to de-identification for privacy professionals, risk managers … and anyone else who feels a bit bewildered

When it comes to de-identification, you can’t apply privacy or data protection law, or assess project risk, until you first understand the relative merits and limitations of different de-identification techniques.  There are detailed, lengthy guides available for statisticians and data scientists, but what if you want something more accessible as an introduction?

This concise eBook will improve data literacy for privacy, risk & compliance and legal professionals.  It covers:

• Why de-identification matters in privacy law
• Why de-identification matters in business practice
• Managing risk: (re)identification and other privacy harms
• A plain language guide to different de-identification techniques, including their strengths and weaknesses, and
• A checklist of factors to consider for any given de-identification proposal.

If you want to understand how de-identification fits into privacy or data protection law, a simple illustration of how each different technique works, and a plain language overview of the strengths and weaknesses to factor into risk assessment considerations, this guide is for you.

Our guide provides a useful introduction to the topic in any jurisdiction.

This fifth (2022) edition has been updated to include new resources published since our first edition in 2017, including guidance from the National Health & Medical Research Council, Australian Computer Society and the Office of the Victorian Information Commissioner.  We have also added an introduction to privacy-preserving computation techniques, additional examples of more recent re-identification exercises, critiques of k-anonymity and differential privacy, case law from 2021, and a diagram to explain identifiability.

Click below to purchase Demystifying De-identification.

Alternatively, this eBook can be purchased along with other resources in one of our value-packed Compliance Kits.

We accept credit card, debit card or PayPal.  Questions? See our eBook FAQs.

Untangling the IPPs and HPPs – A decision tree guide to disclosing personal information under NSW laws

A handy guide to help you untangle the complexities of privacy law.

Our consulting clients often ask us to advise on a seemingly simple question: Can we disclose this?

In reality, the question is: Can we disclose X type of information, to the recipient Y, in circumstances Z?

Finding the answer amongst the tangle of privacy principles, exemptions, exceptions, case law and interpretations offered by the Privacy Commissioner can be frustratingly complex.  For example, in NSW privacy law there are thirteen differently-phrased exemptions relating to disclosures for law enforcement and investigations alone!  Some rules only cover health information; some cover personal information but not ‘sensitive information’; some cover ‘transborder’ disclosures, but others don’t.

So how do you find your way through all the principles, exceptions and exemptions?

Untangling the IPPs and HPPs is designed to help you quickly navigate your way through the NSW privacy laws. It is relevant for private sector organisations and State-owned corporations regulated by HRIPA, and NSW public sector agencies (including universities and local councils) regulated by both PPIPA and HRIPA.

Untangling the IPPs and HPPs offers a set of six decision trees, with yes/no answers determining your path, to quickly guide you through the Disclosure principles – and all the exemptions to those principles – that apply in NSW.  It reflects the legislation as at 1 January 2021.

Untangling the IPPs and HPPs works as a companion guide to our annotated guide to the NSW privacy laws, PPIPA in Practice, which is updated quarterly to reflect the latest case law.  PPIPA in Practice incorporates interpretations of both PPIPA and HRIPA, from the more than 400 cases decided to date.

While Untangling the IPPs and HPPs provides the handy navigation tool to steer you in the right direction towards finding the legislative provision most relevant to your circumstances, PPIPA in Practice then fleshes out the detail.

Think of it like this: Untangling the IPPs and HPPs is your map, and PPIPA in Practice is the instruction manual to fly your plane.

So now you can quickly figure out the answer to the question: Can we disclose this?

Click below to purchase Untangling the IPPs and HPPs – A decision tree guide to disclosing personal information under NSW laws.

Alternatively, this eBook can be included along with other resources in one of our value-packed Compliance Kits.

We accept credit card, debit card or PayPal.  Questions? See our eBook FAQs.

Big Data – An Ethical Framework for Protecting Privacy

Can we realise the value of Big Data, but maintain our privacy too?

In an information economy, data is the new oil.  The computing analytics power of Big Data promises much, but its value cannot be realised without customer trust.

Drawing together global research into the factors that influence customer trust, and our own experience guiding clients through advanced analytics and business intelligence projects, we have developed a framework to balance business objectives with legal and ethical concerns about Big Data.

This eBook will guide you through how to build privacy protection into your Big Data projects.

Click below to purchase Big Data – An Ethical Framework for Protecting Privacy.

Alternatively, this eBook can be included along with other resources in one of our value-packed Compliance Kits.

We accept credit card, debit card or PayPal.  Questions? See our eBook FAQs.

PPIPA in Practice

Need to understand NSW privacy law?  Here is your bible. Over 500 cases read and annotated, and still going strong.

Now in its 16th year of publication, PPIPA in Practice is our signature publication – available as a single-purchase eBook, or as an annual subscription with quarterly updates.

PPIPA in Practice is a fully annotated guide to the Privacy and Personal Information Protection Act 1998 (NSW).  ‘PPIPA’ is the key Act that applies to State government agencies, universities and local councils in NSW.  It also includes all cases decided under the Health Records & Information Privacy Act 2002 (NSW), known as ‘HRIPA’, which applies to the private sector in NSW as well as public sector agencies.

Whether you are a privacy officer needing advice, a lawyer advising a client, or a member of the public trying to frame a privacy complaint, PPIPA in Practice is designed to provide you with quick and comprehensive information about how each section of PPIPA (and HRIPA) are being interpreted and applied in practice.

PPIPA in Practice brings together information and interpretations from over 525 NSW privacy cases decided since 2001, including seminal Court of Appeal cases.  It also incorporates the Privacy Commissioner’s advice on the legislation, drawn from various guidelines, newsletters and submissions.

The guide is constantly updated so you have the latest information available.

PPIPA in Practice answers common questions such as:

• what is included in the definition of “personal information”?
• are photographs or CCTV footage “personal information”?
• how does the “suitability for employment” exemption work?
• what form should a collection notice take?
• do customers need to consent to our privacy policy?
• what are the “reasonable security safeguards” each agency needs to take?
• what do “express consent” and “implied consent” mean in practice?
• is COVID-19 a “serious and imminent threat”?
• when will the “law enforcement” exemption apply?
• how much compensation can be paid for a privacy breach?

… and plenty of uncommon questions too.

PPIPA in Practice also works as a companion guide to Untangling the IPPs and HPPs, our decision-tree guide to the Disclosure rules that apply under NSW law.

Click below to purchase the latest edition of PPIPA in Practice for $450 + GST, or see our annual subscription option (four editions pa) for $900 + GST pa.

Beat the price rise!  Reflecting the value of the work that goes into compiling each edition, with around 12-15 new cases incorporated every quarter, on 1 July 2022 the cost of a single edition will rise to $600 + GST, and an annual subscription to $1,200 + GST pa.

Alternatively, the latest edition can be included along with other resources in one of our value-packed Compliance Kits.

We accept credit card, debit card or PayPal.  Questions? See our eBook FAQs.

Conducting Workplace Surveillance

Every employer in NSW, no matter how small, must comply with the NSW Workplace Surveillance Act.

As the leading experts in NSW privacy law, we have developed a practical, 40-page guide to your obligations. Conducting Workplace Surveillance includes:

• a clear and concise explanation of what you can and can’t do
• plain language definitions
• answers to 37 frequently asked questions
• tips and examples to illustrate how the law works in practice
• template forms
• a checklist and flowchart to guide you through every step along the way

Revised in 2020 to incorporate the impact of a recent unfair dismissal case involving workplace CCTV, Conducting Workplace Surveillance provides you with the advice you need: a clear, comprehensive, step-by-step guide to your obligations.

Click below to purchase Edition 5 of Conducting Workplace Surveillance.

Alternatively, this eBook can be included along with other resources in one of our value-packed Compliance Kits.

We accept credit card, debit card or PayPal.  Questions? See our eBook FAQs.