![]() ![]() It is not sufficient to draw solid boxes over the information, as this process can potentially be reversed by an individual. When providing electronic copies of documents, make sure that exempt personal information has been completely and irrevocably deleted from the document. If markers are the only option, provide a scanned or copied version of the document that has been marked on – make sure that the information underneath is not visible or legible. This is not a secure method to redact information, as there is a risk that the blacked-out information may be legible to a person who gains access to the document. If releasing a hardcopy, don’t use markers to redact personal information in that copy of the document. The following list includes some useful tips and reminders for officers going through the process of redaction: In line with this principle, officers must ensure that when preparing documents for release or publication, personal information is redacted where appropriate or necessary and in a proper manner, in order to avoid unauthorised disclosure and consequently, a breach of privacy. It states that an organisation must take reasonable steps to protect the personal information it holds from misuse and loss, and from unauthorised access, modification or disclosure. IPP 4 is particularly relevant in this instance. These principles set out the minimum standards for how Victorian public sector employees should handle personal information. When dealing with individuals’ personal information officers must always consider their privacy obligations under the Information Privacy Principles (IPPs), outlined in the Privacy and Data Protection Act 2014. Things to consider when redacting personal information In light of this, we would like to highlight the importance of redacting documents properly to avoid potential privacy breaches in the future. These examples highlight how easy it is for an inadvertent privacy breach to occur when agencies release or publish documents. Some of the more extreme (and well publicised) cases have involved published documents where personal information had not been redacted at all. We have come across some cases where an individual’s personal information was considered exempt under the Freedom of Information Act 1982 (Vic) and accordingly redacted – however in one or more instances throughout the document(s), that same individual’s information had not been redacted, simply by accident or oversight. Mistakes can also happen during the process of redacting information. Another example is drawing solid boxes over exempt personal information in electronic documents while this may seem like a safe and easy way to redact information, it is possible for the recipient to reverse this process and reveal the text underneath. One example of this is the use of markers to black out personal information in hardcopy documents, however the information underneath may still be legible to the person receiving the document. This can occur in a range of different circumstances – for example, where agencies publish documents such as public submissions, reports, and council meeting minutes. ![]() A few of these breaches have arisen from agencies inadvertently releasing or publishing documents containing personal information that has not been properly redacted, if at all. The Office of the Victorian Information Commissioner (OVIC) often receives notifications from agencies about privacy breaches (both actual and suspected). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |