Identify Australian IT-Related Legislation and Standards

Reading: Identify Australian IT related legislation and standards Identify Australian IT-related legislation and standards

Inside this reading Relevant legislation and standards 2 Commonwealth Government legislation 2 The legal framework 3 Accessing legislation 3 How Acts are referenced in other documents 4 Legislation for IT and other industries 5 Industry-specific standards, policy and legislation 8 Summary 12 Feedback to activities 13

04ced4b4aa2e65082360ec581bd6ca44.doc © State of New South Wales, Department of Education and Training 2006 1 Reading: Identify Australian IT related legislation and standards

Relevant legislation and standards As an IT professional your work is governed by Australian legislation and industry standards. These may include:  Australian Commonwealth legislation  Australian state and territory legislation  legislation and standards that apply to the IT industry  legislation and standards that apply to the client’s core business  international IT and business standards.

Commonwealth Government legislation Commonwealth Government legislation refers to the laws enacted by the Government, and to the legislative documents that set out these laws. The legislation includes Acts of Parliament and subordinate Regulations that are the law, and may be supported by Government policies and guidelines. Some of this legislation covers all industries across Australia, while other legislation is either industry- or state- specific.

The IT industry is governed by various Commonwealth and State legislation, including general legislation such as privacy and copyright law, and legislation specifically enacted in response to new technologies, such as recent anti-spam laws.

04ced4b4aa2e65082360ec581bd6ca44.doc © State of New South Wales, Department of Education and Training 2006 2 Reading: Identify Australian IT related legislation and standards The legal framework As shown in the diagram below, only Acts and Regulations are law. Policies, codes, standards and guidelines are not law; however compliance may be mandatory as a condition of employment or professional membership.

Compliance with the relevant legislation is mandatory, and may be controlled in the workplace through documentation and certification requirements, and formally monitored through processes such as audits and inspections.

Accessing legislation The full range of Commonwealth and state legislation governing Australians and Australian business is available online, and libraries and operational areas within the workplace may also keep print copies of relevant legislation. Referring to the online version is preferable, as the legislation may have been amended or repealed since a hardcopy was printed.

You can view current legislation online at:  http://www.comlaw.gov.au/ for Commonwealth legislation  http://www.legislation.nsw.gov.au for NSW State legislation

Some government agencies make important information more accessible by publishing guidelines in ‘plain English’ and a range of other languages.

04ced4b4aa2e65082360ec581bd6ca44.doc © State of New South Wales, Department of Education and Training 2006 3 Reading: Identify Australian IT related legislation and standards Navigating legislation websites to find information

At times, you may need to review current legislation or find specific information within an Act or subordinate document. Learning every piece of relevant legislation would be an unrealistic expectation, but it is a useful skill to be able to find and review the legislative documents online.

How information is organised within the legislative document

The title, date version and other identifying information are shown on the first page of the Act. The body of the Act is divided into parts, sections and subsections. Part 1 contains preliminary information such as definitions.

How Acts are referenced in other documents Generally, references to legislative documents give the title of the legislation, the year it was enacted, and the section number where the specific information can be found. It may also specify whether the legislation is state or Commonwealth; for example:

Your obligations as an employee are set out under the Occupational Health and Safety Act 2000 (NSW) s 20. Here is how you would find the information online: 1 Go to the NSW legislation site: http://www.legislation.nsw.gov.au. 2 From the top navigation, choose ‘Search in force’ (searches for legislation that is currently in place). 3 Search for the exact phrase ‘Occupational Health and Safety Act’. 4 Choose the document ‘Occupational Health and Safety Act 2000 No40’. 5 From the ‘content’ menu of this document, select ‘20 Duties of Employees’.

Activity 1

Access to Commonwealth legislation is similar process as that shown above. Take a few minutes to go to http://www.comlaw.gov.au/ and find the Spam Act 2003 (Cwlth). What document formats are available for downloading this Act?

Check your answers against the feedback provided at the end of this document.

Plain English guides to legislation

While it’s important that you know how to access legislation and how information is laid out within an Act or Regulation, you should not feel that you face the overwhelming task of learning every law that you need to comply with, or that you need to be able to interpret the ‘legalese’ used to write the documents. Government and industry bodies develop guidelines and explanations bodies set out the important issues in ‘plain English’, and these cover much of what you need to know in your day-to-day work. In the case of common law, you probably know the right thing to do without having to refer to legislation.

If you do need to refer to legislation, make sure it is up-to-date, and relevant to the state or territory in which your business operates. Both Commonwealth and state legislation is published online, and this is a good place check the currency of legislation.

Finally, if you are not absolutely certain of your legal position, get advice from an expert. Breaking the law, knowingly or through misunderstanding or negligence, puts you at risk of serious penalties.

Legislation for IT and other industries Legislation relevant to IT professionals in NSW in Australia includes the generic legislation that applies to all industries, workplaces or individuals. Legislation that determines the rights and obligations of employees and employers, service providers and customers includes:  privacy  copyright and intellectual property  occupational health and safety  equal opportunity and access and equity

04ced4b4aa2e65082360ec581bd6ca44.doc © State of New South Wales, Department of Education and Training 2006 5 Reading: Identify Australian IT related legislation and standards  anti-discrimination  fair trading  industrial relations  workers compensation and rehabilitation.

Tip: To see a range of general and IT-related legislation that could apply to the IT industry across Australia, check out the Primary Legislation section of the Oz NetLaw site at: http://www.oznetlaw.net/home.asp

Occupational health and safety legislation

Occupational health and safety legislation is one example of legislation that is relevant to all industries, including the IT industry. The legislation is intended to protect workers and others from workplace-related accident or injury. Each Australian state and territory is responsible for making and enforcing their OHS laws, and the National Occupational Health and Safety Commission (NOHSC) sets standards for some industries that are not law, but may be adopted as law by the state or territory.

Under OHS law both employers and employees have obligations, also known as a ‘duty of care’ to maintain a safe workplace.

Activity 2

What are the responsibilities in the following situation?

As you are leaving work you step over an extension cord. The plugs are connected in the centre of the walkway, and the cord to the connected equipment is damaged.

Find out more about your legal obligation to ensure workplace health and safety:  Workcover New South Wales provides comprehensive workplace health and safety information and links at: http://www.workcover.nsw.gov.au/default.htm  Occupational Health and Safety Act 2000 (NSW)

04ced4b4aa2e65082360ec581bd6ca44.doc © State of New South Wales, Department of Education and Training 2006 6 Reading: Identify Australian IT related legislation and standards Equal opportunity, access and equity

Equal opportunity and anti-discrimination laws are intended to prevent unfair treatment on the basis of personal attributes such as disability, race, gender and other social or physical difference. The Commonwealth laws that protect against discrimination include:  Disability Discrimination Act 1992 (Cwlth)  Racial Discrimination Act 1975 (Cwlth)  Sex Discrimination Act 1984 (Cwlth)

Privacy laws

Privacy laws are an important example of how the IT profession is governed by legislation. Privacy concerns the personal information, and is different to confidentiality, which generally concerns business and operational information.

As an IT professional you might have administrator access to personal information through your organisation’s electronic records and communications. This type of information is protected by privacy legislation, and administrative access does not give you the right to view, use or pass on others’ personal information without their consent.

Personal information can include:  Name, address and contact details  Birth date or age  Marital status  Gender and sexual preference  Private details such as medical records or criminal history

Commonwealth and state governments have enacted privacy legislation to protect individuals from misuse of their personal information. As a rule of thumb, Commonwealth legislation governs how Australian public sector departments and agencies can use client information, while state legislation applies to the private sector businesses in that state.

Activity 3

Which of the following situations involve a breach of privacy legislation? (a) Personal client information is disclosed on a public website. (b) A customer database is onsold to a telephone marketing company. (c) Sensitive tender details are emailed to business rival business.

Find out more about privacy legislation at:  Office of the Federal Privacy Commissioner http://www.privacy.gov.au/index.asp is a good source of information on privacy legislation, and has specific information on IT and Internet Issues, and privacy information sheets for business.  Office of the NSW Privacy Commissioner privacy information is published online on the Lawlink NSW site: http://www.lawlink.nsw.gov.au/privacynsw  Allens Arthur Robinson provide a comprehensive list of privacy information and links at: http://www.aar.com.au/privacy/index.htm

Industry-specific standards, policy and legislation

IT-related legislation

The rapid growth of the IT industry has led to the introduction of legislation governing IT-related industries and digital content. In addition to the general Commonwealth and state legislation that apply to IT and other industries, such as privacy and copyright law, IT professionals must comply with specific IT-related legislation, in the areas, for example, of:  anti-spam  e-business  telecommunications  digital agenda amendments to copyright law.

04ced4b4aa2e65082360ec581bd6ca44.doc © State of New South Wales, Department of Education and Training 2006 8 Reading: Identify Australian IT related legislation and standards IT professionals working within other industries may also be bound by specific legislation that applies to that industry, and need to understand how this impacts on their IT function.

Tip: To see a range of general and IT-related legislation that could apply to the IT industry across Australia, check out the Primary Legislation section of the Oz NetLaw site at: http://www.oznetlaw.net/home.asp

Industry standards

Industry standards might be developed by Government bodies, or by international, national or state industry organisations and professional associations. The standards are intended to ensure that industry members conduct their business operations and provide services and products to an acceptable professional standard. Industry standards are not necessarily legally binding, but may be used to support legal argument.

Standards that have been adopted by the Australian IT industry include:  OECD standard  ISO standards  Australian Standards  W3C accessibility standards.

OECD standards

http://www.oecd.org/ (browse ‘By Country’ to Australia)

Australia is one of thirty OECD (Organisation for Economic Co-operation and Development) members. The OECD website has information and guidelines for range of IT-related topics, including Privacy.

IS0 standards

http://www.iso.org

ISO refers to the voluntary standards for members of the International Organization for Standardization, a non-government standards network based in Switzerland. ISO develops a range of standards for the IT industry, including software development.

You may be familiar with the term ‘ISO 9001 compliant’. This refers to organisations that meet the current ISO9001:2000 quality management certification.

04ced4b4aa2e65082360ec581bd6ca44.doc © State of New South Wales, Department of Education and Training 2006 9 Reading: Identify Australian IT related legislation and standards Standards Australia

http://www.standards.org.au

Standards Australia is a developer of Australian Standards (AS), and is the Australian representative for the International Organization for Standardization (ISO).

W3C accessibility standards

http://www.w3c.org.au

The Australian W3C Office promotes World Wide Web Consortium Accessibility Standards (WC3). These standards aim to ensure that web content is accessible to all users, including those with disabilities. W3C provides for strategies and alternatives that present content and navigation in the most accessible format.

Activity 4

Explore some of the sites submitted at http://www.w3csites.com and look for information on how the sites fared when tested for W3C compliance.

Policies

A policy is general statement of intention relating to legislation, standards or the values of an organisation. Like the standards, a policy is not necessarily legally binding but may be used to support legal argument.

Government policy

Government policy is not law, but sets out in general terms the position of the government in relation to the subject of the policy. The policy may govern the conduct of government officials and organisations and agencies, or provide voluntary guidance material in matters associated with legislation.

04ced4b4aa2e65082360ec581bd6ca44.doc © State of New South Wales, Department of Education and Training 2006 10 Reading: Identify Australian IT related legislation and standards Industry policy

An industry policy provides guidance for industry members in relation to the subject of the policy, and sets out in general terms the position industry members should maintain.

Workplace policy

A workplace policy will set out in general terms the position of the organisation in relation to the subject of the policy. The policy should reflect legislation, industry policy, and the specific values and operations of the business. The following policy example can be found on the TAFE NSW website:

Use of TAFE NSW Internet and Intranet Services

The ‘Use of TAFE NSW Internet and Intranet Services’ document on http://www.tafensw.edu.au/legal/useofservices.htm outlines expected user behaviour for all staff and students who make use of TAFE NSW Internet and Intranet services including email, email lists, web browsing, website publication, chat and news groups (forums).

Ensure the integrity and security of others’ information

An IT professional may be responsible for others’ personal or confidential data, or other data and software critical to business operations. To ensure the integrity and security of information means to make sure that it is not lost, corrupted or damaged in any way, and is adequately protected from unauthorised access and use.

Legislation, policies and standards will guide you in maintaining the integrity and security of information. As we have seen, this includes:  privacy legislation  copyright and intellectual property laws  government, industry and workplace policies.

Commonwealth and state governments have enacted new legislation in response to the growth of IT-related communication. Examples of this include:  Spam Act 2003 (Cwlth) This Act is aimed at limiting unwanted electronic communications, such as advertising material in emails.  Electronic Transactions Act 1999 (Cwlth).

04ced4b4aa2e65082360ec581bd6ca44.doc © State of New South Wales, Department of Education and Training 2006 11 Reading: Identify Australian IT related legislation and standards Maintain and work to industry and international standards

Standards organisations such as ISO, Standards Australia and OECD have developed a range of standards that apply to the information technology industry and IT professionals in Australia.

The standards are available for purchase, and most standards that apply to Australian business are available from the SAI global online catalogue at: http://www.sai-global.com

Activity 5

Take some time to examine the range of standards your organisation uses and how these are accessed. Who is responsible for the ensuring that standards are obtained and followed?

Summary This reading introduced the legal, professional and ethical responsibilities of the IT professional, including:  Reviewing industry standards, policies and legislations  Ensuring the integrity of and security of others information as required by company policies, legislation and national standards  Maintaining and working to industry standards

In this reading you examined a range of IT-related legislation and standards and how these applied to your work as an IT professional.

Feedback to activities

Activity 1

Commonwealth legislation is available in .doc, .html, .pdf and .rtf formats. If you could not locate the Spam Act, try using the site’s search feature.

Activity 2

Both you and your employer have an obligation to workplace health and safety. Once you have identified a hazard you are required to take appropriate action. You might move the cord if you can do so safely, and you must report the faulty equipment immediately as an OHS hazard. Your workplace may have a designated OHS officer, and workplace procedures that must be followed, such as tagging-out faulty equipment.

Activity 3 (a) This is a definitely a breach of privacy. Personal information should not be accessible to unauthorised viewers. (b) This could be a breach of privacy, unless all the customers involved understood that their data was to be used in this way, and knowingly gave their consent. (c) This is not a breach of privacy, as it does not involve personal information. It does, however breach guidelines for confidentiality.

Activity 4

You might have noticed that not all the submitted sites are W3C compliant. If you follow the links beneath the website titles, you will find reports on compliance and validation issues.

Activity 5

Your organisation may use a range of IT related standards. Ensuring that these standards are maintained may be the responsibility of a quality management officer or other designated person, or they may be the responsibility of operational areas. The standards may be available for reference in hardcopy, PDF or via online subscription.