Ming Ding | Information Security and
Privacy Group | Data61, CSIROWhat can you do as an organization?
•Do not ask “personal information” if not necessary
•Privacy is not an afterthought
–Privacy by Design
–Building privacy and data protection up front, into the design specifications and
architecture of information and communication systems and technologies, in order to
facilitate compliance with privacy and data protection principles
•Inform users what you collect and when you collect
•Inform users the purpose of collection
•Obtain user permission
•Protect what you collected
•Do not share what you collected if it is absolutely necessary
•Comply with regulations