[plug] OT: New Privacy Legislation - impact on IT - securing of data, backups, IT responsibilities etc.

[Daniel]

Hi Plug, I wonder if anyone is a full bottle on the new legislation?  It 
seems to me that $3m turnover(as opposed to profit) may include quite a few 
'small' businesses right now, and anyhow the others have only 12 months to 
comply.
I thought I heard someone saying that this meant that forwarding on someone 
else's e-mail would contravene this act.
I wonder if it also means that historical backups need to be kept so 
businesses can prove what data they actually had at what time.
I also wonder 'where the buck stops' with responsibility with complying 
with these details [ie does the person responsible for IT end up viewed as 
responsible]
How could workstations running 'Doze' popular often not secured workstation 
o/s comply? Even if all the data is kept on a 'comparatively more secure' 
server surely the fact that it can be accessed from a client that is not 
secure then invalidates any concept of security?
What are the repercussions for the IT industry?  I look forward to any 
responses.
Daniel.
+++++++++++++++++++++++++++..snip....
http://www.privacy.gov.au/news/01_13.doc
(go to above url for full details) The new legislation takes effect as of 
21December for all organisations with a turnover of over $3million and all 
private sector health service providers.  Other small businesses covered by 
the Act  are required to comply by 21December 2002.
..snip....
NPP3: Data Quality & NPP4: Data Security  set standards for keeping 
personal information up-to-date, accurate and complete, as well as for 
protecting and securing it from loss, misuse and unauthorised access.
NPP5: Openness  requires organisations to be open about how they handle 
personal information, including the need to develop a document (such as a 
privacy policy) to clearly explain how they handle personal 
information.  ..snip....
+++++++++++++++++++++++++++