Qld Template – Privacy Policy
Qld Template – Data Breach Response Procedure
The Privacy Act in a Nutshell – An Executive Briefing Paper
This plain language guide offers a ‘101’ on what the Privacy Act requires now, and what is likely to change.
Australian privacy law is in a state of flux. The Privacy Act is in the process of being reformed, with some amendments already passed, and the remainder now being developed by the Australian Government with an intention to introduce a final Bill in early 2025.
Australian businesses, non-profits and federal government agencies therefore need guidance on the law as it is now, as well as where it is potentially headed in the near future. This briefing paper has been drafted with the intention of informing organisations regulated by the Privacy Act about both current and potential future legal obligations.
This plain language guide is suitable for busy executives, people new to the privacy role, or privacy officers wanting a resource to explain the Privacy Act’s obligations and reforms to their colleagues.
In a succinct 30-page download, The Privacy Act in a Nutshell describes the law as it is today, with sidebars offering additional explainers of key topics, and the more significant law reform proposals currently being considered.
Updated December 2024, to reflect the POLA Act amendments which commenced 11 December, and the final set of law reform proposals expected to form ‘tranche 2’ in early 2025.
The Privacy Act in a Nutshell covers:
- The ‘big picture’ – who is regulated, what data is regulated, and the scope of the privacy rules
- Authorising data flows – a clear summary of the rules when collecting, using or disclosing personal information
- When consent is needed, and what it entails
- Privacy and marketing, profiling, targeting and trading
- The role of transparency, privacy policies, accountability and data quality
- Data security and data breach notification
- Data rights, and
- Penalties and powers.
Click below to purchase The Privacy Act in a Nutshell – An Executive Briefing Paper.
Alternatively, this eBook can be can be purchased along with other resources in one of our value-packed Compliance Kits – see the ‘Privacy Act Reforms Bundle’, ‘Lawyer Pack’, ‘Essential SME paperwork’, ‘Everything for Businesses and NFPs’ or ‘Everything for Australian Government Agencies’ options.
Questions? See our eBook FAQs.
“This is an excellent resource – the “What might change” sections are particularly handy”
– Founder of a tech start-up
“If you’re new to Australian privacy law and trying to get your head around it, check out Salinger Privacy’s new primer. Anna Johnston is really the queen of Australian privacy law, can’t recommend highly enough the materials that she puts out.”
– Lawyer and privacy manager, financial services sector
“Excellent work … all very clear and concise with the policy roadmap elements especially helpful for informing strategy.”
– Chief Data Officer, health sector
NSW Template – Privacy Audit Survey
NSW Template – Privacy Audit Report
Vic Template – Staff Undertaking
Vic Template – Privacy Manual for Staff
Vic Template – Data Use Protocol
Vic Template – Data Governance Protocol
Vic Template – Contract Clauses
Vic Template – Collection Notices and Consent Forms
Vic Template – Privacy Audit Report
Vic Template – Privacy Audit Survey
Vic Template – PIA Report
Vic Template – Privacy Risk Assessment Procedure
Vic Template – Data Breach Response Plan
Vic Template – Privacy Policy
Algorithms, AI, and Automated Decisions – A guide for privacy professionals
This plain language guide offers a framework for privacy professionals to use when assessing algorithmic systems for privacy risks and harms.
What is an Algorithmic Impact Assessment, and when are they needed? What does a privacy professional need to know about how AI works? What are the different types of bias which should be controlled for? What does a ‘good’ system look like?
For an assessment of an algorithmic system to be robust, it should encompass:
- Legal compliance – ensure the algorithmic system is lawful, with particular focus on privacy, anti-discrimination, and consumer protection laws
- Social impacts – consider the social, political, and economic context for a deeper appreciation of potential privacy-related harms, and
- Technical considerations – integrate testing for accuracy, performance, fairness and bias.
This eBook provides a useful introduction in any jurisdiction. It offers clear guidance on:
- foundational concepts and definitions about algorithmic systems, automated decision-making and artificial intelligence
- the various types of privacy-related harm which can arise from algorithmic systems
- an exploration of how fairness, ethics, accountability and transparency (‘FEAT’) can be built into algorithmic systems
- the Four D’s Framework for assessing privacy risk in algorithmic systems, across design, data, development, and deployment
- a comprehensive list of 63 features of trustworthy systems, which can be used by privacy professionals seeking to assess algorithmic systems, and
- where to place Algorithmic Impact Assessments in the context of other types of risk assessments like PIAs.
Click below to purchase Algorithms, AI, and Automated Decisions – A guide for privacy professionals.
Alternatively, this eBook can be can be purchased along with other resources in one of our value-packed Compliance Kits – see the ‘PIA Pack’, ‘Algorithms Bundle’, or the ‘Everything…’ option for your sector.
Questions? See our eBook FAQs.
NSW Template – Data Use Protocol
Template – Data Use Protocol
Template – Privacy Audit Report
Template – Privacy Audit Survey
CHECKLIST – Common Privacy Risks and Controls
Briefing Paper – Privacy, Marketing and Cookies
Template – PIA Report
CHECKLIST – Handling a Privacy Complaint
Untangling the APPs – A decision tree guide to using and disclosing personal information
A handy guide to help you untangle the complexities of privacy law.
Our clients often ask us to advise on a seemingly simple question: Can we use or disclose this?
In reality, the question is: Can we use X type of information, for Y purpose?
Or: Can we disclose X type of information, to the recipient Y, in circumstances Z?
Finding the answer amongst the tangle of the Australian Privacy Principles, and various exemptions and exceptions, can be frustratingly complex. For example, some rules only cover health information; some cover personal information but not ‘sensitive information’; some cover cross-border disclosures, but others don’t.
So how do you find your way through the maze?
Untangling the APPs is designed to help you quickly navigate your way through the Use and Disclosure principles in the Australian Privacy Act. It is relevant for private sector organisations and Australian government agencies alike.
Untangling the APPs offers a set of seven decision trees, with yes/no answers determining your path, to quickly guide you through APPs 6-9, and all the exemptions to those principles. As well as the Use & Disclosure principle (APP 6), it incorporates the rules about direct marketing (APP 7), cross-border disclosures (APP 8), and government related identifiers (APP 9). It reflects the law as at 1 January 2021.
So now you can quickly figure out the answer to the question: Can we use or disclose this?
Click below to purchase Untangling the APPs – A decision tree guide to using and disclosing personal information.
Alternatively, this eBook can be included along with other resources in one of our value-packed Compliance Kits.
Questions? See our eBook FAQs.
NSW Template – Staff Undertaking
NSW Template – Privacy Risk Assessment Procedure
NSW Template – Privacy Manual
NSW Template – PIA Report
NSW Template – Data Governance Protocol
NSW Template – Data Breach Response Procedure
NSW Template – Contract Clauses
NSW Template – Collection Notices and Consent Forms
Template – Best Practice Privacy Principles
Briefing Paper – GDPR in a Nutshell
Briefing Paper – Australian privacy law index
CHECKLIST – 10 steps towards GDPR compliance
CHECKLIST – Cloud computing and the cross-border disclosure rule
CHECKLIST – Risks to avoid when selecting and configuring CRM systems
The Privacy Management Handbook
Template – Privacy Policy
Template – Data Breach Response Plan
Template – Privacy Manual for Staff
Template – Data Governance Protocol
Template – Privacy Impact Assessment Framework
Template – Contract Clauses
Template – Collection Notices and Consent Forms
Template – Staff Undertaking
Demystifying de-identification
An introductory guide to de-identification for privacy professionals, risk managers … and anyone else who feels a bit bewildered
When it comes to de-identification, you can’t apply privacy or data protection law, or assess project risk, until you first understand the relative merits and limitations of different de-identification techniques. There are detailed, lengthy guides available for statisticians and data scientists, but what if you want something more accessible as an introduction?
This concise eBook will improve data literacy for privacy, risk & compliance and legal professionals. It covers:
- Why de-identification matters in privacy law
- Why de-identification matters in business practice
- Managing risk: (re)identification and other privacy harms
- A plain language guide to different de-identification techniques, including their strengths and weaknesses, and
- A checklist of factors to consider for any given de-identification proposal.
If you want to understand how de-identification fits into privacy or data protection law, a simple illustration of how each different technique works, and a plain language overview of the strengths and weaknesses to factor into risk assessment considerations, this guide is for you.
Our guide provides a useful introduction to the topic in any jurisdiction.
This fifth (2022) edition has been updated to include new resources published since our first edition in 2017, including guidance from the National Health & Medical Research Council, Australian Computer Society and the Office of the Victorian Information Commissioner. We have also added an introduction to privacy-preserving computation techniques, additional examples of more recent re-identification exercises, critiques of k-anonymity and differential privacy, case law from 2021, and a diagram to explain identifiability.
Click below to purchase Demystifying De-identification.
Alternatively, this eBook can be purchased along with other resources in one of our value-packed Compliance Kits.
Questions? See our eBook FAQs.
“Salinger Privacy is extra-ordinarily effective at integrating law, technology and compliance to provide practical guidance.
The de-identification resources are the best effort at making de-identification easy to understand that I have ever come across.”
– Jules Polonetsky, CEO, Future of Privacy Forum
Untangling the IPPs and HPPs – A decision tree guide to disclosing personal information under NSW laws
A handy guide to help you untangle the complexities of privacy law.
Our consulting clients often ask us to advise on a seemingly simple question: Can we disclose this?
In reality, the question is: Can we disclose X type of information, to the recipient Y, in circumstances Z?
Finding the answer amongst the tangle of privacy principles, exemptions, exceptions, case law and interpretations offered by the Privacy Commissioner can be frustratingly complex. For example, in NSW privacy law there are thirteen differently-phrased exemptions relating to disclosures for law enforcement and investigations alone! Some rules only cover health information; some cover personal information but not ‘sensitive information’; some cover ‘transborder’ disclosures, but others don’t.
So how do you find your way through all the principles, exceptions and exemptions?
Untangling the IPPs and HPPs is designed to help you quickly navigate your way through the NSW privacy laws. It is relevant for private sector organisations and State-owned corporations regulated by HRIPA, and NSW public sector agencies (including universities and local councils) regulated by both PPIPA and HRIPA.
Untangling the IPPs and HPPs offers a set of six decision trees, with yes/no answers determining your path, to quickly guide you through the Disclosure principles – and all the exemptions to those principles – that apply in NSW. It reflects the legislation as at 1 January 2023.
Untangling the IPPs and HPPs works as a companion guide to our annotated guide to the NSW privacy laws, PPIPA in Practice, which is updated quarterly to reflect the latest case law. PPIPA in Practice incorporates interpretations of both PPIPA and HRIPA, from the more than 550 cases decided to date.
While Untangling the IPPs and HPPs provides the handy navigation tool to steer you in the right direction towards finding the legislative provision most relevant to your circumstances, PPIPA in Practice then fleshes out the detail.
Think of it like this: Untangling the IPPs and HPPs is your map, and PPIPA in Practice is the instruction manual to fly your plane.
So now you can quickly figure out the answer to the question: Can we disclose this?
Click below to purchase Untangling the IPPs and HPPs – A decision tree guide to disclosing personal information under NSW laws.
Alternatively, this eBook can be included along with other resources in one of our value-packed Compliance Kits.
Questions? See our eBook FAQs.
Big Data – An Ethical Framework for Protecting Privacy
Can we realise the value of Big Data, but maintain our privacy too?
In an information economy, data is the new oil. The computing analytics power of Big Data promises much, but its value cannot be realised without customer trust.
Drawing together global research into the factors that influence customer trust, and our own experience guiding clients through advanced analytics and business intelligence projects, we have developed a framework to balance business objectives with legal and ethical concerns about Big Data.
This eBook will guide you through how to build privacy protection into your Big Data projects.
Click below to purchase Big Data – An Ethical Framework for Protecting Privacy.
Alternatively, this eBook can be included along with other resources in one of our value-packed Compliance Kits.
Questions? See our eBook FAQs.
PPIPA in Practice
Need to understand NSW privacy law? Here is your bible. Over 600 cases read and annotated, 70 editions, and still going strong.
Now in its 18th year of quarterly publication, PPIPA in Practice is our signature publication – available as a single-purchase eBook, or as an annual subscription with quarterly updates every February, May, August and November.
PPIPA in Practice is a fully annotated guide to the Privacy and Personal Information Protection Act 1998 (NSW). ‘PPIPA’ is the key Act that applies to State government agencies, universities and local councils in NSW. It also includes all cases decided under the Health Records & Information Privacy Act 2002 (NSW), known as ‘HRIPA’, which applies to the private sector in NSW as well as public sector agencies.
Whether you are a privacy officer needing advice, a lawyer advising a client, or a member of the public trying to frame a privacy complaint, PPIPA in Practice is designed to provide you with quick and comprehensive information about how each section of PPIPA (and HRIPA) are being interpreted and applied in practice.
PPIPA in Practice brings together information and interpretations from over 600 NSW privacy cases decided since 2001, including seminal Supreme Court and Court of Appeal cases. It also incorporates the Privacy Commissioner’s advice on the legislation, drawn from various guidelines, newsletters and submissions.
The guide is constantly updated so you have the latest information available.
PPIPA in Practice answers common questions such as:
- what is included in the definition of “personal information”?
- what does “disclosure” mean?
- are photographs or CCTV footage “personal information”?
- how does the “suitability for employment” exemption work?
- what form should a collection notice take? will a generic notice suffice?
- do customers need to consent to our privacy policy?
- what are “such security safeguards as are reasonable in the circumstances”?
- what do “express consent” and “implied consent” mean in practice?
- when will the “law enforcement” exemption apply?
- can we refuse access on grounds of unreasonable diversion of resources?
- how much compensation can be paid for a privacy breach – or a data breach?
- will the Tribunal view how we conducted a data breach notification as relevant to considering remedies?
… and plenty of uncommon questions too.
PPIPA in Practice also works as a companion guide to Untangling the IPPs and HPPs, our decision-tree guide to the Disclosure rules that apply under NSW law.
Click below to purchase the latest edition of PPIPA in Practice for $600 + GST, or see our annual subscription option (four editions pa) for $1,200 + GST pa.
Alternatively, the latest edition is included along with tonnes of other resources in the value-packed Everything for NSW Public Sector Agencies Compliance Kit.
Questions? See our eBook FAQs.
“Probably the best privacy resource I’ve ever used, and definitely my favourite. I dip into this guide at least a couple of times a week.”
Privacy Manager at a NSW government department – comment on LinkedIn, 2023
“Around here we call it the bible.”
“I love ‘PPIPA in Practice’, it’s a great tool for me as a privacy professional”
“(I) have your guide it’s brilliant”
Anonymous comments on our 2017 customer feedback survey
Conducting Workplace Surveillance
Every employer in NSW, no matter how small, must comply with the NSW Workplace Surveillance Act.
As the leading experts in NSW privacy law, we have developed a practical, 40-page guide to your obligations. Conducting Workplace Surveillance includes:
- a clear and concise explanation of what you can and can’t do
- plain language definitions
- answers to 37 frequently asked questions
- tips and examples to illustrate how the law works in practice
- template forms
- a checklist and flowchart to guide you through every step along the way
Revised in 2020 to incorporate the impact of a recent unfair dismissal case involving workplace CCTV, Conducting Workplace Surveillance provides you with the advice you need: a clear, comprehensive, step-by-step guide to your obligations.
Click below to purchase Edition 5 of Conducting Workplace Surveillance.
Alternatively, this eBook can be included along with other resources in one of our value-packed Compliance Kits.
Questions? See our eBook FAQs.