2. The Privacy Act prohibits the disclosure of information from a system of records absent the written consent of
the subject individual, unless the disclosure is pursuant to one of twelve statutory exceptions.
The Act also provides individuals with a means by which to seek access to and amendment of their records, and
sets forth various agency record-keeping requirements.
The Privacy act identifies 12 principles in relation to Personally Identifiable information and Protected Health
Information.
Privacy Act
Software Outsourcing Companies in India
3. The Purpose of Collection of information
Information must be collected for a lawful purpose and must be necessary for that purpose
The source of personal information
Information about an individual is required to be obtained from that individual with limited number of
exceptions, where information is publically available and where an individual have its collection.
Privacy Act Principles
Software Outsourcing Companies in India
4. Collecting information from an individual
Information is collected from an individual, the individual must be made aware of several specific
matters including that the information is being collected for a specific purpose.
Manner of Collection of personal information
Information may not be collected unlawfully or in circumstances that are unfair or that include to an
unreasonable extent upon the personal affairs of the individuals.
Privacy Act Principles
Software Outsourcing Companies in India
5. Storage and Security of personal information
Information is stored with sufficient safeguard to protect against loss or unauthorized access.
Correction of personal information
When information is held about an individual, the individual is entitled to request for the correction of
that information.
There is obligation to ensure that information retained is accurate, up-to-date, complete and not
misleading.
Privacy Act Principles
Software Outsourcing Companies in India
6. Access to personal information
When information is held about an individual in a firm that can be readily retrieved, the individual
concern is entitled to obtain the confirmation that the information is held and he/she has access to that
information.
Accuracy of information
Information must be checked before it is used. The organization holding the information is not entitled
to use information until it has been checked and accurate, up-to-date, complete, relevant ad not
misleading..
Privacy Act Principles
Software Outsourcing Companies in India
7. Information not to be kept longer than necessary
Personal information must not be retained longer than is necessary for the purpose for which the
information is lawfully able to use.
Limit to use of personal information
An organization holding the information which is obtained for one purpose shall not use it for other
purposes except inn certain limited exceptions.
Privacy Act Principles
Software Outsourcing Companies in India
8. Unique Identifier
Organization holding the information are able to assign “ Unique Identifier” to individual if it’s
necessary to carry out their functions efficiently.
Limit to disclosure of personal information
An organization holding the information is not entitled to disclose that information to anyone except in
certain restricted circumstances.
Privacy Act Principles
Software Outsourcing Companies in India