What is Privacy?

Privacy is acknowledged as a fundamental human right. In Australia, the Privacy Act 1988 deals with your information privacy rights and how organisations and agencies must handle your personal information.

The Privacy Act

The Privacy Act 1988 was introduced to promote and protect the privacy of individuals and to regulate how Australian Government agencies and organisations with an annual turnover of more than $3 million, and some other organisations, handle personal information.

Since it's introduction, the Privacy Act has been continuedly updated and the latest privacy reform was submitted for approval September 2024. This reform focuses on privacy in relation to AI technology.

What is personal information?

Personal information includes a broad range of information, or an opinion, that could identify an individual. What is personal information will vary, depending on whether a person can be identified or is reasonably identifiable in the circumstances.

For example, personal information may include:

• an individual’s name, signature, address, phone number or date of birth
• sensitive information
• credit information
• employee record information
• photographs
• internet protocol (IP) addresses
• voice print and facial recognition biometrics (because they collect characteristics that make an individual’s voice or face unique)
• location information from a mobile device (because it can reveal user activity patterns and habits).

What is sensitive information?

Sensitive information is personal information that includes information or an opinion about an individual’s:

• racial or ethnic origin
• political opinions or associations
• religious or philosophical beliefs
• trade union membership or associations
• sexual orientation or practices
• criminal record
• health or genetic information
• some aspects of biometric information.

Generally, sensitive information has a higher level of privacy protection than other personal information.

Our privacy obligations

When collecting personal information about an individual:

• only collect personal information if it is required for business functions or activities.
• only collect personal information directly from the individual themselves, unless it is unreasonable or impracticable to do so.
• only collect sensitive personal information if the individual consents to the collection of the information
• where practical, give individuals the option of not identifying themselves, or of using a pseudonym.
• take reasonable steps to ensure that the personal information is accurate, up-to-date and complete.

Other privacy obligations:

• Implement appropriate technical and organisational measures to safeguard the confidentiality, integrity, and availability of personal information.
• Respect the rights of individuals to access, correct, delete, or restrict the processing of their personal information.
• Provide clear and transparent information about our privacy practices and choices to our customers, employees, and partners.
• Conduct regular privacy assessments and audits to ensure compliance with our policies and standards.
• Respond promptly and effectively to any privacy incidents or complaints and notify the relevant authorities and stakeholders as required.

Other privacy obligations: (continued)

Protect personal information from:

• misuse, interference and loss
• unauthorised access, modification or disclosure

Destroy or securely de-identify any personal information that is no longer required.

Immediately destroy or securely de-identify any personal information if it has:

• been received without being requested; and
• could not have been collected without breaching the policy requirements above.

Foster a culture of privacy awareness and accountability within our organisation.

Please watch the short video below:

What is Classification of Information?

Data classification is the process of organizing data into categories that make it easy to retrieve, sort and store for future use.

The reason we are deploying this system is:

• Confidentiality: A classification system safeguards highly sensitive data, such as customers' personally identifiable information (PII), including credit card numbers, Social Security numbers and other vulnerable data types. Establishing a classification system helps an organization focus on confidentiality and security policy requirements, such as user permissions and encryption.
• Data integrity: A system that focuses on data integrity will require more storage, user permissions and proper channels of access.
• Data availability: Addressing and ensuring information security and integrity makes it easier to know what data can be shared with specific users.

Classification Of Document:

Documents should be labelled according to the specifications outlined in the ICT SOP section 5.5.12.

In summary. Giuliano Group information can be classified under the following three headings:

• Confidential (Red)
• Internal (Yellow)
• Public (Green)

Classification Of Document (continued):

Confidential: This information has a greater impact if inadvertently released. Strict control over access to confidential information is required. Examples of confidential information include, but are not limited to:

• Business Development (CRM)
• Financial Information (ERP)
• Executive Communications (Restricted Folders)
• All Tendering information and documents

Classification Of Document (continued):

Internal: Strictly accessible to internal company personnel or internal employees who are granted access. Examples of internal information include, but are not limited to:

• P&C Information and Communications
• Management Systems Documents (GG HUB)
• Directories and Contact Lists

Classification Of Document (continued):

Public: Unclassified information is that information which has been deemed to be suitable for release outside the organisation (uncontrolled). Examples of unclassified information include, but are not limited to:

• Press Releases
• Newsletters
• Website content

How to you label your document?

It's easy. simply choose the level of sensitivity from the M365 ribbon.

Please see the screenshot below

For more information, please refer to this document: OPS-ICT-WF-00039 - Document and Email Classification