ictict418 contribute to copyright, ethics and privacy in an ict … · 2017-02-17 · the code of...
TRANSCRIPT
ICTICT418
Contribute to copyright, ethics and privacy in
an ICT Environment
Learner Guide
© Copyright, 2016 by North Coast TAFEnow
Date last saved: 5 September 2016 by Smart, Rebecca Version: 1.0 # of Pages = 49
Content writer and course adviser Amanda Walker
TAFEnow Resource Development Team – Instructional and
graphic design
Copyright of this material is reserved to the Crown in the right of the State of New South Wales.
Reproduction or transmittal in whole, or in part, other than in accordance with the provisions of the Copyright Act, is
prohibited without written authority of North Coast TAFEnow.
Disclaimer: In compiling the information contained within, and accessed through, this document ("Information")
DET has used its best endeavours to ensure that the Information is correct and current at the time of publication but
takes no responsibility for any error, omission or defect therein. To the extent permitted by law, DET and its
employees, agents and consultants exclude all liability for any loss or damage (including indirect, special or
consequential loss or damage) arising from the use of, or reliance on, the Information whether or not caused by any
negligent act or omission. If any law prohibits the exclusion of such liability, DET limits its liability to the extent
permitted by law, to the re-supply of the Information.
Third party sites/links disclaimer: This document may contain website contains links to third party sites. DET is not
responsible for the condition or the content of those sites as they are not under DET's control. The link(s) are
provided solely for your convenience and do not indicate, expressly or impliedly, any endorsement of the site(s) or
the products or services provided there. You access those sites and use their products and services solely at your
own risk.
Contents Getting Started ................................................................................................................................. v
About this unit ................................................................................................................................................................... v
Elements and performance criteria ............................................................... Error! Bookmark not defined.
Icon Legends....................................................................................................................................................................... v
Topic 1 - Legislation .......................................................................................................................... 1
1.1 Legislation and Standards ...................................................................................................................................... 3
1.2 Policies ........................................................................................................................................................................... 5
Answers to Questions ...................................................................................................................................................... 6
Summary .............................................................................................................................................................................. 6
Topic 2 – Copyright ........................................................................................................................... 7
2.1 Understanding Copyright ....................................................................................................................................... 8
2.2 Copyright Legislation ............................................................................................................................................... 8
2.3 Copyright Policy .......................................................................................................................................................14
Summary ............................................................................................................................................................................16
Topic 3 – Privacy ............................................................................................................................. 17
3.1 Privacy in this context ............................................................................................................................................18
3.2 Privacy Legislation ...................................................................................................................................................18
3.3 Privacy policies and procedures .........................................................................................................................20
Answers to Activity 9 .....................................................................................................................................................23
Summary ............................................................................................................................................................................23
Topic 4 – Ethics ................................................................................................................................ 25
4.1 Codes of Ethics ..........................................................................................................................................................26
Answers to Activities ......................................................................................................................................................28
Summary ............................................................................................................................................................................28
Topic 5 – Implementing policies, procedures and codes ............................................................. 29
5.1 Investigating current policies, procedures and codes ...............................................................................29
5.2 Adhere to policies, procedures and codes .....................................................................................................30
5.3 Contributing to policies, procedures and codes ......................................................................................... 31
5.4 Reviewing Policies/Procedures/Codes .................................................................................................... 36
Answers to Activities ..................................................................................................................................................... 38
Summary ............................................................................................................................................................................ 39
Getting Started
About this unit
This unit describes the performance outcomes, skills and knowledge required to maintain
professional and ethical conduct, as well as to ensure that personal information of
stakeholders is handled in a confidential and professional manner when dealing with
stakeholders in an information and communications technology (ICT) environment.
Elements and performance criteria
Elements define the essential outcomes of a unit of competency. The Performance Criteria
specify the level of performance required to demonstrate achievement of the Element. They
are also called Essential Outcomes.
Follow this link to find the essential outcomes needed to demonstrate competency in this
Unit: http://training.gov.au/Training/Details/ICTICT418
Icon Legends
Learning Activities
Learning activities are the tasks and exercises that assist you in gaining a
clear understanding of the content in this workbook. It is important for you
to undertake these activities, as they will enhance your learning.
Activities can be used to prepare you for assessments. Refer to the
assessments before you commence so that you are aware which activities
will assist you in completing your assessments.
Case Studies
Case studies help you to develop advanced analytical and problem-solving
skills; they allow you to explore possible options and/or solutions to
complex issues and situations and to subsequently apply this knowledge
and these newly acquired skills to your workplace and life.
v | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
Discussions/Live chat
Whether you discuss your learning in an online forum or in a face-to-face
environment discussions allow you to create and consolidate new
meaningful knowledge.
Readings (Required and suggested)
The required reading is referred to throughout this Learner Guide. You will
need the required text for readings and activities.
The suggested reading is quoted in the Learner Guide, however you do not
need a copy of this text to complete the learning. The suggested reading
provides supplementary information that may assist you in completing the
unit.
Reference
A reference will refer you to a piece of information that will assist you with
understanding the information in the Learner Guide or required text.
References may be in the required text, another textbook on the internet.
Self-check
A self-check is an activity that allows you to assess your own learning
progress. It is an opportunity to determine the levels of your learning and to
identify areas for improvement.
Work Flow
Shows a logical series of processes for completing tasks.
vi | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
Topic 1 - Legislation Introduction
It is a good idea to read the assessment tasks first to get an idea of how you will be assessed.
Then you can undertake these readings and activities in order to prepare yourself for the
assessment.
Topic 1 will introduce you to legislation, standards and policy that relate to copyright, ethics
and privacy in an ICT environment.
By completing these 5 topics, you will learn to:
> Identify current legislation and standards relating to intellectual property and copyright
> Investigate current organisational copyright policy
> Adhere to organisational policy and current legislation in work practices
> Contribute to the creation or updating or the organisation’s copyright policy and
procedures to align with legislation and industry standards
1 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
> Distribute new or revised policy and procedures to stakeholders
> Identify and document the relevance of legislation and standards to outcomes
> Investigate and review organisational privacy policy and procedures
> Investigate and review organisational codes of ethics
> Determine the integrity, confidentiality, security and availability of information as
required by organisational policy
> Maintain confidentiality and proprietary rights of stakeholder interests
> Contribute to the creation or updating of the organisational privacy policy and
procedures to align with privacy legislation
> Distribute new or revised policy and procedures to stakeholders
> Implement new work procedures and collect feedback from stakeholders
> Ensure the integrity, confidentiality, security and availability of information as required by
organisational policy
> Review work practices to ensure application of privacy policy and procedures
> Maintain the integrity, confidentiality, and availability of information as required by
organisational privacy policy
> Review work practices to ensure system security according to organisational privacy
policy
> Assist in developing or updating a code of ethics to align with legislation and standards
for the organisation
> Distribute the new ethics code to stakeholders and collect feedback
> Implement new ethical work procedures and collect feedback
> Review ethical work practices and feedback to ensure application of the code
> Perform regular checks to ensure stakeholders understand and are continuing to apply
the code of ethics in the workplace
> Establish a review and grievance procedure to enable confidential reporting of any
ethical issues
> Interview and regularly follow up with stakeholders to ensure they are receiving
consistent and appropriate service in dealing with the code of ethics
2 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
1.1 Legislation and Standards
As an ICT professional your work is governed by Australian legislation and industry standards.
These may include:
> Australian Federal legislation
> Australian state and territory legislation
> legislation and standards that apply to the ICT industry
> legislation and standards that apply to the client’s core business
> international ICT and business standards
Federal legislation refers to the laws enacted by the Government or Australia, and to the
legislative documents that set out these laws. The legislation includes Acts of Parliament and
subordinate Regulations that are the law, and may be supported by Government policies and
guidelines. Some of this legislation covers all industries across Australia, while other
legislation is either industry specific. There is also legislation that is state based and this too
sets out laws in the state to which it applies.
The ICT industry is governed by various Federal and State legislation, including general
legislation such as privacy and copyright law, and legislation specifically enacted in response
to new technologies, such as anti-spam laws.
The legal framework
As shown in the diagram below, only Acts and Regulations are law. Policies, codes, standards
and guidelines are not law; however compliance may be mandatory as a condition of
employment or professional membership.
3 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
Compliance with the relevant legislation is mandatory, and may be controlled in the
workplace through documentation and certification requirements, and formally monitored
through processes such as audits and inspections.
Accessing legislation
The full range of federal and state legislation governing Australians and Australian business is
available online, and libraries and operational areas within the workplace may also keep print
copies of relevant legislation. Referring to the online version is preferable, as the legislation
may have been amended or repealed since a hardcopy was printed.
You can view current legislation online at:
> http://www.comlaw.gov.au/ for Commonwealth legislation
> http://www.legislation.nsw.gov.au for NSW State legislation
Some government agencies make important information more accessible by publishing
guidelines in ‘plain English’ and a range of other languages.
Navigating legislation websites to find information
At times, you may need to review current legislation or find specific information within an Act
or subordinate document. Learning every piece of relevant legislation would be an unrealistic
expectation, but it is a useful skill to be able to find and review the legislative documents
online.
4 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
How information is organised within the legislative document
The title, date version and other identifying information are shown on the first page of the
Act. The body of the Act is divided into parts, sections and subsections. Part 1 contains
preliminary information such as definitions.
LEARNING ACTIVITIES ACTIVITY 1
Take a few minutes to go to http://www.comlaw.gov.au/ and find the Spam Act 2003 (Cwlth) then
complete the following activities.
> What formats are you able to download this Act in?
> If you are physically present in Australia is it allowable to acquire address harvesting software?
> Complete the table to match each type of workplace legislation with its purpose. Choose from
the list of legislation types below:
Legislation types:
> Privacy > Equal opportunity
> Workplace health and safety > Anti-discrimination
> Copyright > Defamation
Legislation type Purpose
ensures equal rights regardless of gender, ability, religion or ethnicity
protects individuals from misuse of their personal information
protects the rights of owners of published and unpublished material
protects the good name and reputation of individuals and businesses
prevents accident, injuries and loss of life in the workplace
protects against abuse or inferior treatment based on real or perceived
difference
5 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
Plain English guides to legislation
While it’s important that you know how to access legislation and how information is laid out
within an Act or Regulation, you should not feel that you face the overwhelming task of
learning every law that you need to comply with, or that you need to be able to interpret the
‘legalese’ used to write the documents. Government and industry bodies develop guidelines
and explanations bodies set out the important issues in ‘plain English’, and these cover much
of what you need to know in your day-to-day work. In the case of common law, you probably
know the right thing to do without having to refer to legislation.
If you do need to refer to legislation, make sure it is up-to-date, and relevant to the state or
territory in which your business operates. Both Federal and state legislation is published
online, and this is a good place check the currency of legislation.
Finally, if you are not absolutely certain of your legal position, get advice from an expert.
Breaking the law, knowingly or through misunderstanding or negligence, puts you at risk of
serious penalties.
Legislation for ICT and other industries
Legislation relevant to ICT professionals in NSW in Australia includes the generic legislation
that applies to all industries, workplaces or individuals. Legislation that determines the rights
and obligations of employees and employers, service providers and customers includes:
> privacy
> copyright and intellectual property
> workplace health and safety
> equal opportunity and access and equity
> anti-discrimination
> fair trading
> industrial relations
> workers compensation and rehabilitation
> defamation
2 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
Industry-specific legislation and standards
ICT-related legislation
The rapid growth of the ICT industry has led to the introduction of legislation governing ICT-
related industries and digital content. In addition to the general Federal and state legislation
that apply to ICT and other industries, such as privacy and copyright law, ICT professionals
must comply with specific ICT-related legislation, in the areas, for example, of:
> anti-spam
> e-business
> telecommunications
> digital agenda amendments to copyright law
ICT professionals working within other industries may also be bound by specific legislation
that applies to that industry, and need to understand how this impacts on their ICT function.
Industry standards
Industry standards might be developed by Government bodies, or by international, national
or state industry organisations and professional associations. The standards are intended to
ensure that industry members conduct their business operations and provide services and
products to an acceptable professional standard. Industry standards are not necessarily legally
binding, but may be used to support legal argument.
Standards that have been adopted by the Australian ICT industry include:
> OECD standard
> ISO standards
> Australian Standards
> W3C accessibility standards
OECD standards - http://www.oecd.org/ (browse ‘By Country’ to Australia)
Australia is one of thirty four OECD (Organisation for Economic Co-operation and
Development) members. The OECD website has information and guidelines for range of ICT-
related topics, including Privacy.
3 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
ISO standards - http://www.iso.org
ISO refers to the voluntary standards for members of the International Organization for
Standardization, a non-government standards network based in Switzerland. ISO develops a
range of standards for the IT industry, including software development.
You may be familiar with the term ‘ISO 9001 compliant’. This refers to organisations that meet
the current ISO9001:2000 quality management certification.
Standards Australia - http://www.standards.org.au
Standards Australia is a developer of Australian Standards (AS), and is the Australian
representative for the International Organization for Standardization (ISO).
Standards are available for purchase, and most standards that apply to Australian business are
available from the SAI global online catalogue at: http://www.sai-global.com
W3C accessibility standards - http://www.w3c.org.au
The Australian W3C Office promotes World Wide Web Consortium Accessibility Standards
(WC3). These standards aim to ensure that web content is accessible to all users, including
those with disabilities. W3C provides for strategies and alternatives that present content and
navigation in the most accessible format.
LEARNING ACTIVITIES ACTIVITY 2
Explore some of the sites submitted at http://www.w3csites.com and look for information on how
the sites fared when tested for W3C compliance.
4 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
1.2 Policies
A policy is general statement of intention relating to legislation, standards or the values of an
organisation. Like the standards, a policy is not necessarily legally binding but may be used to
support legal argument. Policies are implemented in a workplace through formal and
informal work practices.
Government policy
Government policy is not law, but sets out in general terms the position of the government in
relation to the subject of the policy. The policy may govern the conduct of government
officials and organisations and agencies, or provide voluntary guidance material in matters
associated with legislation.
Industry policy
An industry policy provides guidance for industry members in relation to the subject of the
policy, and sets out in general terms the position industry members should maintain.
Workplace policy
A workplace policy will set out in general terms the position of the organisation in relation to
the subject of the policy. The policy should reflect legislation, industry policy, and the specific
values and operations of the business. The following policy example can be found on the
TAFE NSW website:
Use of TAFE NSW Internet and Intranet Services
The ‘Use of TAFE NSW Internet and Intranet Services’ document on
https://www.tafensw.edu.au/use-of-services outlines expected user behaviour for all staff and
students who make use of TAFE NSW Internet and Intranet services including email, email
lists, web browsing, website publication, chat and news groups (forums).
5 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
LEARNING ACTIVITIES ACTIVITY 3
1 Refer to the above TAFE NSW Internet and Intranet Services link. Take a look at this example of
an organisational or workplace policy and record below a summary of what the requirements
are with regard copyright for students using the TAFE Intranet and Internet facilities.
2 Take the time to research what the difference between a policy and a procedure is.
Answers to Questions
The following is the correct order for Activity 1
> Equal opportunity
> Privacy
> Copyright
> Defamation
> Occupational health and safety
> Anti-discrimination
Summary
There exists legislation both federally and in every state in Australia that places legal
obligations on organisations. These legislative requirements may be related to all
organisations, such as Workplace Health and Safety legislation, or may be industry specific.
Standards have been developed to aid organisations in meeting the expected professional
requirements of businesses, and again may be specific to a particular industry or even to a
function within a given industry.
Organisations need to ensure their compliance with legislation and also they may strive to
adhere to relevant standards. In order to formalise this intention and to make it clear what it
means to meet the organisations expected degree of compliance policies are created. These
policies are how individuals associated with the organisation know what is expected of them.
6 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
Topic 2 – Copyright Intellectual property is often referred to as IP and it can be a very valuable asset in the
Information Technology domain. Intellectual property is what is created through the use of
our intellect or our mind. It is the original ideas that we have and what we then develop using
those ideas. Intellectual property is protected using a number of different mechanisms
including copyright, patents and trademarks.
In order to effectively protect intellectual property it is important that a workplace ensures
compliance with legislation and standards and prudent that they create their own internal
policies to detail how the business will comply.
Copyright is something that most people have heard of. It is something most people do not
give much thought to, but it is something that we regularly encounter in our lives. Every time
that we read a book, a report or a poem, do an original drawing or prepare a diagram from
scratch we have created a copyright work. If you’ve ever copied a movie or music you may
7 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
well have breached the copyright of someone else.
Copyright is the exclusive right of the creator of material to reproduce, adapt, publish,
perform and communicate that material. Copyright is designed to reward and provide
incentives to creators of copyright material.
2.1 Understanding Copyright
The key principals associated with intellectual property are covered on the following site:
http://www.ipaustralia.gov.au/understanding-intellectual-property/
LEARNING ACTIVITIES ACTIVITY 4
Using this site as a reference answer the following questions:
1 What is the Government body that generally has responsibility for Intellectual Property in
Australia?
2 Which Government department is responsible for looking after copyright?
3 What is Copyright?
4 What is a Trade Secret?
Refer now to the following site and answer the following question:
http://www.ag.gov.au/RightsAndProtections/IntellectualProperty/Pages/default.aspx
1 What laws govern copyright in Australia?
2.2 Copyright Legislation
In order to copyright policy for an organisation you need to understand what copyright is and
8 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
understand how copyright is related to the operation of the organisation. Copyright and
intellectual property (IP) can be complex legal issues.
Copyright is granted by law and in Australia that law is the Australian Copyright Act 1968 (Act)
and its subsequent amendments. In Australia most copyright is automatic, although adding ©
Copyright logo with your name and the date can help to ensure that not only is it clear
internally that you did create the IP but also that third parties will be reminded it is your
copyright. There are instances where automatic copyright is not enough; that is where other
forms of IP protection such as Patents and Trademarks come into play.
Copyright work is generally protected by copyright law for the life of the author and a further
70 years.
The creator of a copyright work is usually, but not always, the first owner of copyright in that
work. The copyright in any material you produce in the course of your employment will
generally be owned by your employer. If that is not your intention you need to ensure that
there is a written agreement between you and your employer that clarifies this issue.
Table 1
Works Examples Subject matter other than works
Examples
Literary novels, poems, song lyrics, newspaper and journal articles, essays, reports, computer programs
Cinematograph
films
films, videos, DVDs, Flash animations
Dramatic screenplays, stage plays, choreography
Sound recordings CDs, audio cassettes
Musical songs, music as distinct from lyrics or recording of music
Broadcasts television and radio broadcasts
Artistic paintings, drawings, diagrams, cartoons, photos, maps, sculpture
Published editions books, magazines, newspapers
Copyright is something that has to adapt to changes in technology. There are many instances
where technology has impacted the interpretation and application of copyright laws.
Technology is changing at such a quick rate that it is not always possible for the legislation to
9 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
adapt at the same pace, so there are challenges from time to time that force the legal system
to clarify what the legislation should mean in new and evolving contexts.
For a more information about copyright you can refer to the Australian Copyright Council
Information Sheet G010v17 An introduction to Copyright in Australia at
http://copyright.org.au/
LEARNING ACTIVITIES ACTIVITY 5
Some issues resulting from the lag in technology change and legal changes can be observed in the
2011/2012 court cases associated with the AFL/NRL being pursued by Telstra against their
competitor Optus.
Optus relied on s 111 of the Copyright Act and claimed that because their TV Now feature provided
footage that was being delayed from the initial broadcast then under this section the person was
rightfully copying the material to access it at a more convenient time. The technology makes this
possible, but it is fair? Telstra paid over $100 million for the rights and Optus has access just
seconds later for free.
Take a look online to see what the current outcome of this case is and why the judgement has been
made. Consider how this decision might impact other uses of technology.
What rights are provided under copyright?
The owners of copyright in textual (literary), dramatic and musical works have the exclusive
right to:
> reproduce the work in a material form (photocopying, scanning, filming, recording)
> publish the work (making and distributing copies)
> communicate the work to the public (fax, email, broadcast or the Internet)
> perform the work in public (such as playing a song in a pub)
> adapt the work (as when making an English translation of a foreign language work).
The owners of copyright in artistic works have the exclusive right to:
> reproduce the work in a material form
10 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
> publish the work
> communicate the work to the public.
The owners of copyright in films, sound recordings, broadcasts and published editions have
the exclusive right to reproduce their material as well as there being rights relating to
communication, public performance and rebroadcasting.
Some owners of copyright also have an exclusive rental right. However, rental rights only
apply to computer programs, sound recordings and works on sound recordings.
Granting and seeking copyright permission
As a copyright owner you also have the exclusive right to authorise others to use your
copyright material in ways protected by copyright. As a professional author or creator you
may choose to do this through an agency such as the Copyright Agency Limited in Australia.
On the other hand, if you use copyright material in any way that is protected by copyright,
you must seek the permission of the copyright owner, explaining exactly how the material will
be used and what acknowledgement of it use will accompany the material. Table 2 below
summarises the scope of the various rights within copyright.
Table 2
Reproduction
Publishing
Comm
unication
Public perform
ance
Adaptation
Works Literary Yes Yes Yes Yes Yes
Dramatic Yes Yes Yes Yes Yes
Musical Yes Yes Yes Yes Yes
Artistic Yes Yes Yes No No
Subject matter other than
works
Cinematograph film Yes No Yes Yes No
Sound recording Yes No Yes Yes No
Broadcast Yes No Yes No No
11 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
Reproduction
Publishing
Comm
unication
Public perform
ance
Adaptation
Published editions Yes No No No No
Moral rights
Moral rights grant to the creators of copyright material the right to be acknowledged as the
creator and to have the integrity of their work respected. This means that creators should
always be given due credit and that any use that may affect the integrity of their reputation or
their work should be carefully considered and then, if possible, checked with the creator.
Irrespective of who owns the copyright, moral rights remain with the creator of the material,
or creator’s heirs, for the life of the copyright and cannot be traded. Moral rights cannot be
waived, but the creator of the copyright material can consent to certain acts or types of
treatment that may be reasonable.
Fair dealing, educational and non-commercial use
There are no general exemptions from copyright law for non-profit organisations or for
personal use.
The Copyright Act 1968 (Act) does permit a degree of use of copyright works without the
need of formal permission or payment, but with a requirement that the source of the material
is properly acknowledged. Uses permitted under the Act include any ‘fair dealing’ for the
purposes of study, research, criticism or review (such as quotes or extracts, etc.).
Educational use
Under the Act, some copying for educational purposes is also permitted if the institution has
license arrangements with the Copyright Agency Limited (explained more below and in a
later topic).
Non-commercial use
12 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
Most institutions holding archives of images allow students or individuals to use images for
study of personal use (in files downloaded) if the source of the image is properly
acknowledged. (Formal copyright permission and the payment of user fees are required for
any commercial use of images.)
How long does copyright last?
As mentioned above, copyright protection doesn’t last forever, after copyright expires works
are in the public domain. Nor is there a standard duration that applies to all copyright
material—it varies according to the type of material and other factors, such as the date of
creation or the first publication.
Until 1 January 2005, copyright generally lasted for the life of the relevant creator plus 50
years (with various exceptions to this rule).
Under the Free Trade Agreement with the United States, Australia agreed to extend the
general duration of copyright. As a result, the general rule now is that copyright lasts for the
life of the creator plus 70 years (or, where duration depends on year of publication, until 70
years after it is first published).
However, the Free Trade Agreement did not include any obligation to revive copyright if
copyright had already expired. This means that if, under the old rules, copyright had already
expired by 1 January 2005, it stays expired, and the material can be used freely (at least within
Australia).
Example 1: Copyright of works created now
Let’s assume today is your fortieth birthday and you have written yourself a poem in commiseration. The poem will be protected from the date of creation and will remain in copyright for 70 years after the year in which you die. Of course you can’t benefit much from your copyright from the other side, but your heirs and successors can because copyright is property and can be willed and passed on.
Example 2: Copyright before and after 2005
Liese wants to use an image for the web site she is developing for her organisation of people disembarking from a migrant ship. She has found two images in the National Archives on the web.
13 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
One image was taken in 1954 of a ship docking in Melbourne and the other, also in Melbourne, is of a ship docking in 1956. In contacting the National Archives for permission to use the images, she learns that the copyright of the first image related to the date of its creation, in 1954, and that its copyright elapsed in 2004 (the older 50-year ruling). It is therefore out of copyright (although a fee will need to be paid to the National Archives for the supply of the high-resolution image she needs).
The other image is copyrighted from the date of its creation in 1956, and therefore, because Australia has from January 2005 extended the duration of copyright to 70 years for works still in copyright, the image will remain in copyright until the year 2026. Liese would need to seek formal permission from the copyright holders to use the image and her company may have to pay additional fees.
For a more detailed listing of copyright durations you can refer to the Australian Copyright
Council Information Sheet G23 Duration of Copyright at http://copyright.org.au/
2.3 Copyright Policy
Any organisation that creates original works or that interacts with the original works of others
should have a copyright policy.
TAFE NSW has a policy covering intellectual property which incorporates copyright. Refer to
this link Intellectual Property Policy - TAFE NSW to see this policy document.
LEARNING ACTIVITIES ACTIVITY 6
Imagine you have been employed by TAFE NSW. Look at the above policy document and answer
the following question.
1 If you are an employee of TAFE NSW and you develop some material to deliver training to
students who, according to the policy, owns the IP and therefore holds the copyright on
written materials assuming there is no separate written agreement?
14 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
Where can I go for copyright advice?
Table 3 Organsiations that offer copyright advice to clients
Organisation Clients Web address
The Australian Copyright
Council (ACC)
Provides information, advice and
training about copyright in Australia
to the general public and industry
http://www.copyright.org.au
Australasian Performing
Right Association (APRA)
Australasian Mechanical
Copyright Owners Society
(AMCOS)
Represents music composers, song
writers and music publishers
APRA also manages the reproduction
rights business of AMCOS, which
represents most music publishers in
Australia and New Zealand and,
through reciprocal arrangements,
most of the world’s composers,
writers and music publishers
http://apraamcos.com.au/
Copyright Agency Ltd (CAL) An Australian copyright management
company whose role is to provide a
bridge between creators and users of
copyright material
http://www.copyright.com.au
National Association for the
Visual Arts (NAVA)
Represents visual artists http://www.visualarts.net.au
Australian Writers Guild
(AWG)
The professional association for all
performance writers, that is, writers
for film, television, radio, theatre,
video and new media
http://www.awg.com.au
Australian Society of Authors
(ASA)
Represents literary creators such as
book authors and writers
http://www.asauthors.org
Media, Entertainment and
Arts Alliance (MEAA)
A professional organisation for
people working in the areas of media,
communications, entertainment, arts,
and sport
https://www.alliance.org.au
15 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
Organisation Clients Web address
Audio Visual Copyright
Society (Screenrights)
Screenrights administers provisions
in the Copyright Act 1968 that let
schools, TAFEs and universities copy
from TV and radio for teaching,
provided they pay a fee
http://www.screen.org
Summary
When you have rights associated with your intellectual property you need to monitor your
environment, including for example customers and competitors, to ensure that they are not
infringing your intellectual property rights. If you do discover that they are you should take
action to address the infringement. In the first instance this may be simply raising the matter
with your manager or contacting the other party to ask them to cease, perhaps they are not
aware that what they are doing is wrong. You may though need to seek the assistance of
either a Government department or lawyer to protect your rights.
It is also important that you do not infringe the rights of others.
Organisations should develop internal policies that outline how you will comply with their
obligations. Quality processes then need to be implemented in order to ensure that they
comply with the policies that are put in place.
16 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
Topic 3 – Privacy The nature of information technology is that there is data or information being managed,
manipulated or stored. Frequently this does not belong to the person who is handling the
information, for example many businesses will capture personal details associated with their
customers. These details are the customers contact details and they need to be protected
from unauthorised access to avoid use for purposes other than that for which they were
captured.
Privacy is a very significant issue given the continued growth of databases, online
transactions, high speed communication etc. Where previously information was difficult to
distribute or access without physical means (e.g. breaking into the office where a document
was held) we now have a society where remote access to personal information is readily able
to be achieved.
17 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
3.1 Privacy in this context
Put simply privacy is about respecting the rights of an individual. It is about their right to have
their personal information collected, kept and maintained appropriately. Generally this
means in a way that ensures it is:
> kept only if required
> maintained so as to be accurate
> accessible only to those persons who have a legitimate need to access the information
and where they are authorised to do so.
Personal information is anything that can be used to identify you and it might include:
> Name
> Address
> Bank details
> Medical records
> Digital images
If you breach the law and do not protect privacy you may be required to apologise publically,
you may be made to change how you do things, you could be made to address the matter
and this could include paying compensation to someone who was damaged by your failure to
secure their privacy.
3.2 Privacy Legislation
The current legislation that is the principal reference with regards privacy is a Federal
legislation named the Privacy Act 1988.
From March 12 2014 there was a number of significant changes made to the Privacy Act 1988,
if you were familiar with the Act prior to that date please visit the OAIC website to see what
changes were made.
The Privacy Act 1988 contains 13 Australian Privacy Principles (APPs), these relate to
organisation and government.
18 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
The Australian Privacy Principles cover the following topics:
> APP 1 – open and transparent management of personal information
> APP 2 – anonymity and pseudonymity
> APP 3 – collection of solicited personal information
> APP 4 – dealing with unsolicited personal information
> APP 5 – notification of the collection of personal information
> APP 6 – use or disclosure of personal information
> APP 7 – direct marketing
> APP 8 – cross-border disclosure of personal information
> APP 9 – adoption, use or disclosure of government related identifiers
> APP 10 – quality of personal information
> APP 11 - security of personal information
> APP 12 - access to personal information
> APP 13 - correction of personal information
More information about the National Privacy Principles can be found in Schedule 1, at the end
of the Privacy Act 1988.
More details about the APP can also be found in this Fact Sheet
http://www.oaic.gov.au/images/documents/privacy/privacy-resources/privacy-fact-
sheets/privacy-fact-sheet-17-australian-privacy-principles_2.pdf
LEARNING ACTIVITIES ACTIVITY 7
The following questions relate to the APP. Use the link above to reference materials to assist you
with completing the following activities. For each provide a yes or no answer and a reason for that
answer. Answers to these questions are contained at the end of this reading material.
1 Is it appropriate for an organisation to capture details that they may require for some future
purpose, but which are not currently required for any function or activity it performs?
2 If an individual to whom the personal information consents, by way of checking a box on a
form that clearly states the information will be released would that mean that the information
19 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
can then be released to a marketing company for direct marketing?
3 If an organisation no longer needs the information it collected is it acceptable for it to be kept
in the database to save effort in destroying it or just in case it is needed in future?
4 May a medical doctor who is treating an individual capture Sensitive Information about that
individual in their secure medical records system?
5 If you are undertaking a survey of customers and you need only the statistics, not the specifics
of which customer provided the information is it appropriate to have a web form that
automatically fills in their customer number and name from your online entry point and which
does not allow the customer to clear or opt out of providing that information?
3.3 Privacy policies and procedures
Privacy is an important issue for most people, and one that should be reflected throughout IT
workplace policies and procedures, as staff often have easy access to others’ personal
information. A privacy policy provides specific details about how a business or individual will
handle issues surrounding the privacy of third party information.
APP 1 specifically deals with the need for an organisation to have a Privacy Policy. It also
specifies who must have a Privacy Policy; there are some exemptions that you should take the
time to identify. Note that you may need to follow some links to definitions within the Privacy
Act 1988 to fully understand who is and isn’t required to have a Privacy Policy. You might also
like to visit https://www.oaic.gov.au/agencies-and-organisations/business-resources/privacy-
business-resource-10 which outlines who is and who is not required to have a Privacy Policy.
Where a business is required to have a Privacy Policy the policy must state clearly the
following as a minimum:
> What information is collected
> How the information is collected
> Why the information is collected
> How a user can access and update their personal information
> Complaints about breaches of the APP or registered APP Code
20 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
> Disclosure to overseas recipients, including which countries
In this context ‘collected’ should be taken to mean collected, stored, used, accessed etc.
Further details should be obtained from reading the Privacy Act 1988.
Privacy policies also contain general statements about compliance with the Privacy Act 1988.
Many include a description of their security and storage measures and practices.
LEARNING ACTIVITIES ACTIVITY 8
The best way to get a feel for these policies is to look at some real privacy policies, follow the links
below to have a look at some privacy policies that are available online:
http://www.telstra.com.au/privacy/privacy_statement.html
http://www.dec.nsw.gov.au/footer/privacy
http://pages.ebay.com.au/help/policies/privacy-policy.html?_trksid=m40
When you look at each of these examples consider the APPs are they all addressed for each of these
organisations – if not consider why not:
Table 4
APP Telstra TAFE NSW EBay
APP 1 – open and transparent
management of personal information
APP 2 – anonymity and pseudonymity
APP 3 – collection of solicited personal
information
APP 4 – dealing with unsolicited personal
information
APP 5 – notification of the collection of
personal information
21 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
APP 6 – use or disclosure of personal
information
APP 7 – direct marketing
APP 8 – cross-border disclosure of
personal information
APP 9 – adoption, use or disclosure of
government related identifiers
APP 10 – quality of personal information
APP 11 - security of personal information
APP 12 - access to personal information
APP 13 – correction of personal
information
If you are responsible for creating a privacy policy there are online privacy policy generators
available to make policy creation easier. These generators will create a base policy based on
supplied information:
Privacy Policy Generator - http://www.p3pwiz.com/
REFERENCE REFERENCE 1
The following are some additional references that may assist you with your understanding of
Privacy in Australia:
> Office of the National Privacy Commissioner's website which can be found at
http://www.privacy.gov.au
> Federal privacy law can be found at http://www.oaic.gov.au/privacy/privacy-act/the-privacy-
act
> Allens Arthur Robinson provide a comprehensive list of privacy information and links at:
http://www.allens.com.au/pubs/priv/index.htm
> Information relating to privacy in the international Internet economy is also available from:
http://www.oecd.org/sti/interneteconomy/informationsecurityandprivacy.htm
22 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
Answers to Activity 8
1 No - APP 3.1/3.2 requires that an organisation must capture the information only if it is
required for one of its functions or activities.
2 Yes - APP 6/7 Use and disclosure would allow this as there is consent assuming there has
been no request not to receive direct marketing communications
3 No – APP 11.2 - Data Security are both of significance. The data is no longer needed and
therefore needs to be destroyed or de-identified.
4 Yes – APP 3 – Sensitive Information allows for the capture of sensitive information if it is
necessary to provide a health service to the individual
5 No – APP 2 – Anonymity states that an individual must have the option of not identifying
themselves where it is lawful and practicable.
Summary
In our modern society where there it is possible to capture, store and communicate personal
information so efficiently it is increasingly important that measures are put in place to protect
that information. The Privacy Act 1988 includes the Australian Privacy Principals which spell
out the requirements associated with personal information management.
It is the responsibility of all those who work with individuals personal information to use and
protect that information appropriately.
23 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
Topic 4 – Ethics Most organisations or workplaces expect a certain standard of behaviour from their
employees. In small organisations these may be unwritten rules, but larger organisations will
develop an ethics code or statement to ensure that their employees know the standard of
conduct that is expected of them. Creating ethical policies and procedures is about ensuring
that business operations reflect ethics and moral values, as well as the legislation and
standards that apply.
It is important that ICT professionals understand the ethics and values of their organisation,
and their obligation to meet both employer and client expectations of ethical conduct.
While there is no one piece of legislation that outlines the ethical requirements of business in
Australia there are references to ethical conduct in a wide variety of legislations that apply to
the ICT industry.
25 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
4.1 Codes of Ethics
Many industry bodies and associations publish codes and standards that govern the ethical
conduct of their members. These codes and standards are aimed at promoting the reputation
of the industry by ensuring members maintain professional and ethical conduct. The
standards are not necessarily legally binding, but may be used to support legal argument.
A Code of Ethics may be described as a Code of Conduct, Ethics Statement or similar. Codes of
Ethics published by industry bodies include:
Australian Computer Society (ACS). To access this code online, go to
http://www.acs.org.au/__data/assets/pdf_file/0005/7835/Code-of-Ethics.pdf
System Administrators Guild of Australia (SAGE-AU). The SAGE-AU Code of Ethics is published
online at http://sage-au.org.au/about-us#Ethics
You may be aware of other organisations that produce standards and codes for their
members.
There are some detailed Code of Ethics Case Studies on the Australian Computer Society
website. Follow the link below and have a read of the case studies provided.
https://www.acs.org.au/__data/assets/pdf_file/0004/30964/ACS_Ethics_Case_Studies_v2.1.p
df
LEARNING ACTIVITIES ACTIVITY 9
Look at the NSW Department of Education and Communities Code of Conduct at
https://www.det.nsw.edu.au/policies/staff/ethical_behav/conduct/PD20040020.shtml and answer
the following questions.
Note also the references to legislation contained within this Code.
1 Does this policy apply to TAFE teachers?
2 Who is responsible for monitoring compliance with the Code?
26 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
The Code of Conduct Procedures
(https://www.det.nsw.edu.au/policies/staff/ethical_behav/conduct/Code_guide.pdf) provides
more details about how the Code is to be implemented.
3 Referring to this document what does the Department expect of staff when providing ‘advice
or service’?
4 A workmate gave you the source code for a shareware product she developed in her spare
time. After you’ve made a few changes and put it on your website a software developer offers
good money for the right to develop the product commercially. What should you do?
LEARNING ACTIVITIES ACTIVITY 10
Complete the table by filling in the ethical issue that each situation relates to. Choose an ethical
issue from the following:
Value for money Reliability Confidentiality Security
Conflict of interest Proprietary rights
Situation Ethical issue
1 After a system failure, a faulty backup drive was discovered and lost
data cannot be restored.
2 A sensitive report is dropped into a website folder, making it
accessible to search engines.
3 A small business is sold an expensive database system designed for
large organisations.
4 IT support staff loudly discuss their organisation’s network security
problem on a crowded train.
5 A contractor includes circuit design developed for a previous
employer in his new product.
6 You are a consultant asked by two rival businesses to provide them
with quotes for the same tender.
27 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
Answers to Activities
Note that answers are only provided where the answer is not directly contained in material
provided or referenced from this reading.
Activity 9
1 Yes it does
2 Section 4.1 of the Code outlines this responsibility which lies with ‘The Director-General of
Education and Training and Managing Director of TAFE NSW, senior executives, senior
officers, principals, managers and supervisors’
3 Staff are expected to ‘act honestly and in good faith’ when providing advice or service
4 You must explain that the product is not your work, and discuss the offer with your
workmate. As the creator she has copyright for the product, although your contribution
should be acknowledged.
Activity 10
1 Reliability
2 Security
3 Value for money
4 Confidentiality
5 Proprietary rights
6 Conflict of interest
Summary
In Topic 4 you examined the requirements for developing ethical policy and procedures in the
IT industry. Specifically we looked at how a Code of Ethics may be developed by
organisations so that their staff and other stakeholders are aware of what is expected of them.
We also looked at how procedures may be developed to address how the code will be applied
in the workplace.
28 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
Topic 5 – Implementing policies, procedures and codes In this topic we will consider what your role might be in respect of copyright, ethics and
privacy in an organisation. This may vary considerably depending on your role in the
organisation. We will be considering what you may be responsible for and what you would
need to do in order to undertake your responsibilities.
5.1 Investigating current policies, procedures and codes
When you join a new workplace you should enquire as to the location of their internal
policies, if you are not directed to them when you first start. Many organisations will include
an induction that will direct you to the main policies of the organisation and which will also
enable you to locate other policies that may exist.
29 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
Workplace policies and procedures are two different types of document that provide
guidance for employees as they go about their work:
> A workplace policy is a general statement of intention relating to legislation, standards or
the values of the organisation.
> A workplace procedure contains practical information and directions on how work is to
be carried out to an acceptable standard.
As an example, a Safe Workplace Policy may outline the commitment to a safe workplace in
line with WHS legislation. A hazard reporting procedure might then be developed that
describes the method and documentation required for reporting and managing hazards.
In addition to policies and procedures businesses may have codes, such as the Codes of Ethics.
These are similar to standards but they are enforced by the organisation.
Note also that there are enforceable codes under some legislation e.g. the Privacy Act 1988
(APP Codes and CR Codes). If you did not notice these codes while you completed Topic 3 on
Privacy a look at the Privacy Act 1988 again to get an understanding of when and how these
codes are applied.
LEARNING ACTIVITIES ACTIVITY 11
Find out where the policies are kept for your employer. If you are not currently employed enquire
about the location of policies in a workplace that a friend or family member works in.
5.2 Adhere to policies, procedures and codes
An ICT professional may be responsible for adherence to the organisations
policies/procedures/codes. Legislation, policies and standards will guide you in in meeting
your obligations in ensuring you do not breach the rights of others. As we have seen, this
includes adherence to various different requirements such as:
> privacy legislation
> copyright and intellectual property laws
> government, industry and workplace policies
30 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
Federal and state governments have enacted new legislation in response to the growth of
ICT-related communication. Examples of this include:
> Spam Act 2003 (Cwlth)
> Electronic Transactions Act 1999 (Cwlth).
Many of the requirements will be common sense, however you should be familiar with your
organisational policies and be prepared to seek further information from other sources if your
obligations are unclear.
If the organisation has specific policies that outline requirements that affect your work
practices but they do not have any procedures documented it is prudent to consider
incorporating specific checks into your work for yourself. For example you may have a
physical checklist associated with the transfer of certain files to third parties or associated with
the packaging of software releases or you may have audits or inspections at critical points in
key processes to check for any policies that may not have been complied with.
LEARNING ACTIVITIES ACTIVITY 12
Processes are often put in place to ensure compliance with organisational policies. Consider three
processes that you believe might be implemented in order to support compliance with copyright
policies in a workplace?
5.3 Contributing to policies, procedures and codes
The following are the steps that might apply to creating any policy, procedures or code for an
organisation:
1 Consideration of legal, organisational, client and community requirements and
expectations
2 Examination of existing policies/procedures/code either internally or from industry bodies
and similar organisations
31 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
3 Preparation of a draft policies/procedures/code for review
4 Consultation with stakeholders and integration feedback
5 Approval and finalisation policies/procedures/code
6 Publication of the policies/procedures/code
The relevant legislation and standards need to be reviewed in light of your organisations
specific purpose, activities etc. in order to identify the elements that are relevant. Note that
the relevant legislation may not just be specific legislation such as the Privacy Act 1988, it may
also be legislation associated with other business functions such as work health and safety
(WHS) legislation which includes requirements that need to be covered in the organisational
policies.
Before you commence work on any policy, procedure or code you need to gain a very detailed
understanding of what the business does, what data they hold, what exposure there could be
(worst case scenario) and from there you are able to then work on formulation of appropriate
policies and procedures. Depending on the policies/procedures/code you are contributing to
consider things like:
> Do you publish materials that are created by your organisation?
> Do you have access or make use of materials created by others?
> Do you capture personal information?
> What do you expect of your employees?
> Who will be responsible for monitoring how you comply with policies? How will they do
that?
You do not need to cover things that are included in the legislation within your
policies/procedures/code if they have no relevance to your business function. Creating a
simple procedure may involve writing a number of dot points explaining, for example, how to
use a piece of equipment correctly.
For more complex procedures, like setting out how to conduct an interview or report
workplace harassment, you might need to include references to forms that must be
completed during the procedure, legislation or standards that apply, and people who need to
be advised of the activity. For example look at this DEC site to see how policies and
procedures are linked.
32 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
Distribution of new policies, procedures and codes
Whenever there is a new or updated policy/procedure/code made available you need to
ensure that you consider the appropriate methods for communicating with stakeholders.
Stakeholders may be employees, but there may be other parties such as contractors, visitors
and customers who need to be aware of the change. It is also important that you address
issues around access by stakeholders.
Once policies and/or procedures are prepared and have been reviewed by appropriate
persons to ensure that they are well presented, accurate, complete and suited to the audience
they will need to be distributed to the stakeholders.
Many businesses will now have intranet sites that provide access to policies and procedures
for all staff. Even if there is not an intranet site there will often be a single central repository,
perhaps a printed folder contains a Policy and Procedures manual, maybe there is a dedicated
network drive or perhaps even an application (e.g. a document management system)
accessible by some or all staff.
Before reading on consider what methods you might use to ensure that stakeholders are
aware of the new or updated copyright policy and/or procedures.
Once the central repository is updated you need to consider how to communicate with
others. Communication may be undertaken in-person or electronically:
> Emails – instant “mass-mailout”
> Memo – more formal announcement for major changes
> Newsletters – regular information dissemination
> Presentations – to raise awareness and explain decisions and the implications
> Group and individual meetings – to allow two-way communications, these may apply to
a subset of stakeholders in addition to other methods (e.g. managers may be involved in
meetings as well as receiving notification in the monthly newsletter)
> Workshops and training for the staff – particularly where the changes are central to their
role
> Websites, journals and the intranet – for on-going reference to the new policies,
procedures, forms, etc.
In choosing the appropriate method/s you need to be sure that the stakeholders will be able
to access, understand and reference the documents in future. Consider things like:
33 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
> Whether the staff have access to a computer in the workplace
> Whether the stakeholders are at a single site or distributed geographically or otherwise
(e.g. separate shifts)
> Whether there is an existing method that might be used (e.g. there may be a procedure
that applies to the distribution of new policies and procedures)
> Whether the stakeholders might require interpreters and translators – ensuring that all
stakeholders can understand the content of the materials
LEARNING ACTIVITIES ACTIVITY 13
The business you are working for is a software development company, developing systems to
capture data about WH&S incidents in workplaces. There are four core functional sections of the
business:
> Sales and Marketing
> Project Management
> Technical Staff – Design, Development, Testing and Hosting
> Administration and Financial Services
Considering the above scenario for each core functional section how you might best direct a new
copyright policy update to the stakeholders in the section. Think about why it might be better to
consider different methods for some of the sections.
1 Sales and Marketing
2 Project Management
3 Technical Staff
4 Administration and Financial Services
34 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
Implementing new work procedures
A workplace procedure contains practical information and directions on how an activity is to
be carried out to an acceptable standard. An ethical procedure is one that is fair and equitable,
is appropriate in terms of privacy and confidentiality, and complies with relevant standards
and legislation.
Once the stakeholders are aware of the new work procedures it is important that there is a
timeframe set with regards to the change, this is particularly true if there is a legislative
requirement. If you do not set a date then some stakeholders may change while others do
not.
If it is your responsibility to implement the change ensure that you talk to relevant
stakeholders when setting a timeframe for change. If the changes are large there may need to
be a phased approach or period of transition. This may for example mean that existing
projects or systems are changed over within a window of perhaps 6 months while all new
work will be required to comply with the changes immediately.
Be sure to have contact details included with all communications with stakeholders so that
they know who to contact regarding any issues or to seek clarifications. This should be a very
open process that invites feedback to reduce the risk that the new procedures will not be
implemented correctly.
If there is a significant amount of feedback, for example in larger organisations or where the
changes are controversial, it is wise to maintain a register of the feedback, including details
about:
> who will action the item
> when action is due
> when action has been completed
> what action was taken
> who took the action (e.g. if delegated)
35 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
LEARNING ACTIVITIES ACTIVITY 14
Consider the following scenario.
A colleague was on leave when a new log sheet was introduced. No one thought to tell him of the
change and he is very upset when everyone hears the boss criticise him for not complying.
What would you suggest to avoid problems like this future?
5.4 Reviewing Policies/Procedures/Codes
Reviewing policies/procedures/codes is simply an auditing process and can be presented as a
table of questions and answers. Depending on the policies/procedures/code that is being
reviewed you will have different source documents (e.g. legislation) that need to be used as
the basis of your audit.
By way of example the best way to start a privacy audit is to audit the Policy, does it comply
with APP 1 as a minimum? Other factors can also be considered.
Some questions to consider are:
1 Is there a Privacy Policy?
2 Is the Policy easy to find?
3 Does it identify type of personal information collected?
4 Does it identify how personal information is used, disclosed and to who?
5 Does it explain how a user can access and update their personal information?
6 Does it describe how the information is stored?
Auditing the Privacy Policy alone is not enough for a complete privacy audit. The procedures
and processes need to exist. It is not in the scope of a privacy audit to check the actual
procedures and processes (this is part of a broader security audit), only the existence.
Some questions to consider are:
36 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
> Is the information collected in a secure manner?
> Is the information stored in a secure manner?
> Where is the information stored?
> Are there backups, and are they secure?
> Are there measures to prevent unauthorized access?
> Who else has access to the information?
> Is the information as accurate and up to date as practical?
> What is done with old and unused information?
A privacy audit can easily be presented as a table of questions and answers. Reference to each
APP would make analysis and recommendations easier.
When you undertake a review of a policy/procedure/code it is always important to check with
stakeholders whether their experience is as expected. You should record all feedback and
action it appropriately. There should also be a process to support reporting ad hoc feedback,
whether positive or negative, associated with policies/procedures/codes to ensure that
changes are made if appropriate but also to enable additional training, audit or other such
action as is necessary to enable and/or ensure compliance.
LEARNING ACTIVITIES ACTIVITY 15
The best way to get a feel for how this works is to look at a real privacy policy audits, follow the link
below to have a look at an audit that is available online:
http://www.oaic.gov.au/privacy/applying-privacy-law/list-of-privacy-audits/australian-federal-
police-act-policing-branch-audit-report
Reviewing work practices to ensure compliance
Once implemented successfully, compliance may be managed through regular monitoring
processes. A range of formal and informal strategies can help ensure standards are
maintained. These could include:
> Formal processes such as documentation of tasks, performance reviews, audits,
inspections, quality control processes and staff
37 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w
> Informal channels such as team meetings and individual discussion to communicate the
expectations of ethical conduct.
These are just some of the activities an organisation may perform to ensure that staff
members understand their legal obligations, and follow the policies and procedures. Other
monitoring activities might include:
> consultation with clients to ensure their needs are met
> monitoring of client relations, business activities and work procedures ensure all
personnel are following the code of ethics.
Answers to Activities
Possible answers to Activity 13 – note that these are examples only other methods may be
suitable.
> Sales and Marketing – given that this department will specifically have responsibility for
creating marketing materials which will have direct copyright implications it would be
important to ensure that they are well versed with the policy. Something like a meeting
would be beneficial for this group.
> Project Management – Given that these employees will be responsible for managing
most of the staff in the company they too would benefit from a meeting to discuss the
policy. It may well be incorporated into a regular meeting scheduled for the group.
> Technical Staff – Design, Development, Testing and Hosting – this group is supervised by
the Project Managers. An email directing them to the new policy and pointing out any
key points, for example use of images from the internet might be relevant to them. The
email should advise them to seek further information from their Project Manager if
required.
> Administration and Financial Services – These employees are least likely to require any
specific advice. Again an email would be suitable. The administration staff may be
involved in producing the document for distribution via other means, e.g. if it is kept in a
printed format, if this is the case the relevant person should also be provided instruction
regarding the updates required.
38 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . d o c x T A F E n o w
Summary
All employees are responsible to a lesser or greater extent for the organisations compliance
with copyright, ethics and privacy requirements. It is always best to be informed about the
organisations expectations of you as an employee and this means becoming familiar with
relevant policies, procedures and codes. Often this will be part of an induction process, but if
not you should seek these out yourself.
If you are responsible for maintaining policies, procedures and codes it is important that once
you obtain the relevant information from sources such as legislation and standards that you
then compile this in a plain English format that can be accessed and understood by the
relevant stakeholders.
You also need to implement appropriate methods of distributing new and updated policies,
procedures and codes to those stakeholders so they are able to reference it and play their
part.
Once policies, procedures and codes are in place it is not sufficient to assume that they will
result in compliance. The organisation will need to implement methods of review and ways in
which the stakeholders can provide feedback if they encounter issues or have positive
comment about compliance by either them or others.
39 | P a g e I C T I C T 4 1 8 _ L G _ V 1 . 1 . D O C X
T A F E n o w