Assessment Coversheet Student Name CIT Number Competency Title, Code and Banner Code CRN Competency: Contribute to copyright, ethics and privacy in an ICT environment National ID: ICTICT418 Banner Code: INFT 707 CRN: 70522 Assessment Type ☒ Written ☐ Case Study ☐ Project ☐ Presentation ☐ Other Assessment Name Assignment 1 Assessment Date Student Statement: This assessment is my own work. Any ideas and comments made by other people have been acknowledged. I understand that by emailing or submitting this assessment electronically, I agree to this statement. Student Signature Date PRIVACY DISCLAIMER: CIT is collecting your personal information for assessment purposes. The information will only be used in accordance with the CIT Privacy Policy. Assessor Feedback Student will receive feedback via eLearn.  Student provided with feedback Attempt 1 ☐ Satisfactory ☐ Not Yet Satisfactory Date / / Attempt 2 ☐ Satisfactory ☐ Not Yet Satisfactory Date / / Assessor Name Assessor Signature Note to Assessor: Please record any reasonable adjustment that has occurred for this assessment. Information for Students: You may have two (2) attempts for this assessment. • If your first attempt is not successful, your teacher will discuss your results with you and will arrange a second attempt. • If your second attempt is not successful, you will be required to re-enroll in this unit. Only one re-assessment attempt will be granted for each assessment item. Due date: 31-03-17 Assessment Criteria: To achieve a Satisfactory result, your assessor will be looking for your ability to demonstrate the key skills/tasks/knowledge detailed in the Assessment Task to industry standard. You must answer all the questions for Part A and B. Your answers should include • Your decision. • The reasons for your decision (which need to be supportable from evidence gathered by your research). • A bibliography that shows where you took your supporting evidence from ASSIGNMENT 1 Procedure: This assessment task is split into two parts, Part A and Part B. You are required to answer all tasks included in Part A and Part B. PART A Information Technology Development team of CIT has just celebrated their 30 years of operations. The core of their business is to develop software, deal with data and provide IT support across the different campuses. John Citizen who just recently joined the team as software and web developer, and his supervisor Tim Campbell advised him to know copyright and intellectual property, and how it applies to CIT staffs and students. He looked at the CIT library website http://libguides.cit.edu.au/copyrightbasics. Tim informed him that CIT Intellectual Property policy that provides a framework for the encouragement and acknowledgement of invention and creative work; the responsible and legal management of CIT intellectual property (IP); and the responsible and legal use of other’s intellectual property and compliance with intellectual property laws and related agreements. This can be found in Appendix A, which is not complete at this moment. John searched internet to know more about the copyright and intellectual property. John found the information available and checked the website of Australian Copyright Council and Short Guide to Copyright by Attorney-General's Department were helpful. Task 1. Write down the name of current legislation and standards relating to intellectual property, copyright and WHS John should find out, particularly the Australian government ACT that is relevant to them in Australia. Answer: Task 2. In CIT where any issues arise in relation to the ownership of intellectual property, who must be consulted? a. WHS officer b. Librarian c. CIT Copyright Officer Answer: Task 3 (a): Tim asked John to complete the attached CIT copyright policy. Appendix A. Tim also advised John to check the policies whether he think they are adhering to current Australian legislation. Also John has any suggestion to improve the policies. You need to complete following the policies (answer the questions/ fill in the gaps) 1. Who should own intellectual property in both written and electronic form as provided for by the Copyright Act 1968 (Cth), except as otherwise agreed in writing between the staff member and delegate? 2. Should student own the intellectual property when they create in the course of their studies and/or research at CIT, except as otherwise agreed in writing? 3. Where issues arise in relation to the ownership of intellectual property ------------------------------------ (who?) must be consulted. 4. All CIT intellectual property will include a CIT copyright notice, and be stored and be retrievable from the approved CIT systems. Is this correct? 5. CIT acknowledges moral rights granted to creators under the -------------------(Act name). The creators of works in which CIT owns copyright will be attributed, unless: (a) the creator requests CIT not to attribute: (b) the creator agrees with CIT that it is not appropriate to be attributed: or (c) CIT considers that it is not reasonable to attribute the creator, as outlined in the -------------------(Act name). 6. Generally copyright lasts in a work for ------------------- (how many years?) after the death of the creator, or ------------------- (how many years?) after its first publication. If copyright expired before 1 January 2005, it was not revived, even if it was less than (how many years?). 7. Although computer programs are defined under the Copyright Act as literary works, they are expressly excluded from the statutory licences for copying for educational use. The Act permits the owner of a legitimate copy of a computer program to make a back-up copy of the program, for the sole purpose of using it in place of the purchased copy if this is lost, destroyed or rendered unusable. The back-up copy may not be made if the copyright owner makes an express direction to that effect at or before the time of purchase, for example on the package. Is this correct? 8. Use of third party intellectual property by CIT staff is authorised by agreement/ licence, by exclusions within the Copyright Act (1968) or by a Statutory licence. CIT staff must acknowledge the use of third party intellectual property with the appropriate citations. All CIT staff are responsible for ensuring that CIT is not infringing upon the intellectual property rights of others in the reproduction, adaptation and use of the material. Do you agree? 9. Development of intellectual property prepared for commercial sale or delivery that relies on the use of, or builds on third party intellectual property, must address in a written agreement the ownership of, and rights to use the third party intellectual property. Why? 10. All agreements relating to intellectual property must be in writing and address IP ownership including rights to pre-existing intellectual property, and that created as part of the agreement. The written agreement must be lodged with the appropriate Delegate. Why? Task 3 (b): Describe how John should be able to distribute the revised policy and procedures to stakeholders? Answer: Task 4. Last week CIT Copyright Officer noticed a student was photocopying an entire chapter out of a book on business law for use in a course on technical communication. Is it allowed to according intellectual property and copyright laws? Answer: Task 5. John started working in developing Apprenticeship Management Systems and the relevant webpages. He developed a new searching algorithm technique, which is executes faster and more efficiently than the existing techniques. According to CIT policy who owns the intellectual property of the algorithm? Answer: PART B Below is a list of privacy policies for a set of ICT organizations. • OPTUS Privacy policy • Dell Australia • Symantec.com Privacy policy • Telstra Privacy Statement • Privacy at Microsoft • Cisco Online Privacy Statement • Privacy Policy for PayPal Services Task Description: You may select any of their privacy policy or any Australian ICT organization’s websites that have privacy policies. Your task is to use the Australian Privacy Principle (APP) privacy policy checklist given below (this check is developed by Office of the Australian Information Commissioner) and review an organization’s privacy policies. State whether you think they adhere to current Australian legislations. This checklist will allow you to identify the relevance of legislation and standards to organizational outcomes, review organizational privacy policy and procedures, determine the integrity, confidentiality, security and availability of information as required by organizational policy, and review how they maintain confidentiality and proprietary rights of stakeholder interests. Name of the Organisation: [name] Source of the privacy policy: [website url] APP 1.3 — The organization must have a clearly expressed and up-to-date APP privacy policy about how the organization manages personal information Issue Yes/No Comments Management of personal information Does the policy explain how the organization manage personal information? For example, the policy: • covers the required topics under APP 1.4 • covers any other matters necessary in order to adequately describe how the organization manages personal information (some additional matters are described in the section on Other Matters below). Relevant Does the policy only include information that is relevant to how the organization manage personal information? For example, make sure the only terms and conditions that are included relate to privacy. Easy to understand Is the policy clearly expressed and understandable? For example: • a 14 year old would understand it • it does not use • legalistic terminology • jargon • acronyms • in-house terms • it uses short sentences and text broken up into paragraphs • it meets external readability standards. Easy to find Is the policy easy to navigate so that people can find information that is relevant to them? For example, it: • has a summary notice that outlines the key points people will want to know about, with links to the full privacy policy (if online) • uses headings to make information easier to find. Specific Is the policy tailored to reflect the organization’s specific functions, activities and personal information handling practices? For example: • it is as specific as possible and does not use words such as ‘may’ • it is not simply based on a generalised template used by a different entity • it does not just repeat language in the APPs without providing further details. If the organization have distinct organizational areas that handle personal information differently, does the organisation have a set of policies to cover the different personal information handled or the different practices? Tailored Is the policy directed to the specific audiences who may be reading it? For example, if the organization handle personal information differently for particular classes of people or segments of the community, such as young people, people with a disability, staff or applicants for employment, the policy: • uses headings to separate out information relevant to those particular audiences • uses language appropriate to the target audience • explains the different information handling practices relevant to the particular group. Review Has the policy been reviewed recently, to ensure that it reflects current information handling practices? The policy could include a version number and date. APP 1.4 — What information the organization’s APP privacy policy must cover Issue Yes/No Comments The kinds of personal information that the organization collect and hold. For example, the policy: • gives enough detail about the personal information that is collected and held • lists sensitive information separately, and gives more detail about the circumstances in which it is collected and held. How the organization collect personal information. For example, the policy describes: • the personal information that it usually collected directly and by what means (this can be in general terms) • the information collected indirectly and by what means (this could be in more detail, as people may not be aware of this collection and holding, for example collection by purchase from list brokers, competitions or referrals). How the organization hold personal information. For example, in relation to storage, the policy explains, if applicable: • if the organization store personal information with a third party storage provider • if the organization do or do not combine or link other personal information held about an individual. For example, in relation to security, the policy explains: • Organization’s approach to security and risk management • in broad terms, the measures the organization have in place to manage those risks, such as audit and monitoring of internal staff access to personal information. The purposes for which the organization collect, hold, use and disclose personal information. For example, the policy: • covers each of these topics for each of the organization’s key functions and activities involving personal information • focuses in most detail on the particular uses or disclosures that individuals are most likely to be concerned about or interested in, such as key disclosures to related companies • indicates the functions or activities for which the organization use contractors. The policy is not expected to describe normal internal operational or business practices such as billing, financial auditing or planning. How an individual may access their personal information and seek correction of it. For example, the policy: • states that individuals have a right to request access to personal information the organization hold about them • states that individuals have a right to request personal information to be corrected • gives contact details for individuals to make such requests which include: o position title of the contact person o a generic telephone number o postal address o a generic email address • includes information about any procedure that the organization wish an individual to follow in requesting access or correction (although the organization can’t require the individual to follow that procedure). The policy of an agency could refer to processes for access and correction under the Freedom of Information Act 1982. How an individual may complain if the organization or a contractor breaches the APPs or a binding registered APP code. For example, the policy: • describes the process the organization use to handle complaints • describes the contact details for making a complaint • indicates that the organisation are bound by a registered APP code, if applicable • outlines the process for complaining to an external complaint body, such as a recognised external dispute resolution scheme, if applicable • describes the different stages in the complaint-handling process: that the complaint must be made directly to the organisation first, that the complaint may then be taken to a recognised external dispute resolution scheme (if applicable), and lastly, that the complaint may be taken to the OAIC. Whether the organization is likely to disclose personal information to overseas recipients (including a related body corporate), and the likely countries that information may be sent. For example, the policy: • lists the specific countries the organization is, or are likely to disclose personal information to (unless it is impractical to specify those countries in the policy) • where impractical to list countries in the policy: o lists countries in an appendix or in another document to which the policy has a link, or o lists general regions, for example, the European Union. Other matters under APP 1.3 The list of matters that must be included in an APP privacy policy, as discussed above, is not exhaustive. In order to comply with APP 1.3, the organization’s policy should include enough information to describe how the organisation manage personal information. This may mean that organization’s privacy policy should cover additional topics. Issue Yes/No Comments If the organization’s functions or activities could have a major impact on an individual’s privacy, but are exempt from some or all of the Privacy Act, the policy could outline: • the particular functions or activities that are exempt • the protections the organisation have in place to protect the privacy of personal information, as related to those functions or activities. Whether the organization retain a record of personal information about all individuals (or categories of persons) with whom it deals. For example, if the organisation do not collect any personal information from some of the individuals the organisation deal with, or only anonymous information, the policy could outline these circumstances. If the organization hold information about individuals that is often accessed by people other than the individual themselves, for example, carers, or parents, or a law enforcement agency, the policy could outline: • the basis on which the organisation will allow such access • the process to be followed for such access. If organization’s information handling practices change frequently in ways that will importantly affect individuals, the policy could: • describe organization’s process or schedule for updating organization’s privacy policy • describe how the changes will be publicised. If the organisation interact with and collect personal information about a vulnerable segment of the community (such as children), the policy could highlight: • the purpose of such collection • the specific circumstances in which the organisation will collect, use and disclose such information • the procedures the organisation follow in collecting, holding, using and disclosing the information. Particularly where it is possible for individuals to interact with the organisation anonymously or pseudonymously, or where individuals may often ask not to be identified, the policy could describe: • the situations in which it is possible to be anonymous or pseudonymous • the situations in which it is not possible to be anonymous or pseudonymous and why. Particularly where the organization holds personal information of a sensitive nature or personal information that is likely to quickly go out of date, the policy could describe: • the specific practices the organisation adopt to ensure the quality of the personal information • the destruction or de-identification period or approach to archiving of that personal information. APP 1.5 — You must take reasonable steps to make the APP privacy policy available free of charge and in an appropriate form Issue Yes/No Comments Is the privacy policy available for free? Is the privacy policy available in an appropriate form? For example: • is it available on your website? • if you don’t have a website, or have a significant group of customers who do not have access to the internet, do you: o display your policy at the entrance to your premises o include details about how to get a copy of the policy on your correspondence o provide a print out of the full policy on request o tell individuals via telephone message how they can access the policy when they call? If the privacy policy is published on your website, it is in a form appropriate for website publication? For example, it is: • easy to download • accessible, including to people with a disability: for agencies, in compliance with the Government website accessibility requirements at . APP 1.6 — You must take reasonable steps to provide the APP privacy policy in the form requested Issue Yes/No Comments Do you have steps in place to respond in a timely manner to requests for your privacy policy to be provided in a different format? Appendix A (This section is for reference only). Policy Name Copyright and Intellectual Property Policy Policy Group Educational Policies > Teaching and Learning > Teaching and Learning Provision Policy Reference Number X22 Purpose The policy provides a framework for: • the encouragement and acknowledgement of invention and creative work; • the responsible and legal management of CIT intellectual property (IP); and • the responsible and legal use of other’s intellectual property and compliance with intellectual property laws and related agreements. • reducing staff and CIT exposure to the risks associated with the use of third party copyright material; • assisting staff to make full legal use of the materials at their disposal by clearly identifying responsibilities; and • promoting copyright compliance. Scope This policy covers all CIT and CIT Solutions staff, students and third parties who are engaged in work or study at CIT. Definitions CIT Use of the term CIT in this policy refers to both CIT and CIT Solutions. Copyright Copyright is a form of intellectual property that provides the owner of the copyright with the exclusive right to copy, digitise, publish, publicly perform, broadcast and adapt (reproduce and communicate) the material. Material is protected by copyright from the time it is first written down, painted or drawn, filmed or recorded. Copyright material is also protected under the laws of other countries who are signatories to the international treaties. Copyright works include material such as: literary works (text, short stories, poems), artistic works (maps, graphic art, illustrations, drawings, paintings, photographs), anthologies (books of readings, collections of works), dramatic works (plays, scripts) and musical works (sheet music). Creator A creator is defined as a person who contributed substantially to the creation/authorship of the intellectual property. Delegate Delegate means CIT Chief Executive or CIT Solutions General Manager. Intellectual property Intellectual property represents the property of someone’s mind or intellect. In business terms, this also means proprietary knowledge. Types of intellectual property include patents, trademarks, designs, copyright, circuit layout rights, plant breeder’s rights, and trade secrets. Institute Intellectual Property Institute intellectual property is intellectual property created by staff members in the course of their employment with CIT and CIT Solutions and includes, without limitation: lecture notes; curriculum programs; module or subject outlines; course programs or plans; lesson plans; photographs and images; digital and audio-visual material; courses; and the like. It also includes any invention (patentable or not), research, design (including industrial design) and methodology. Moral Rights Moral rights are the rights individual creators have in the works they have created as opposed to the economic rights of the copyright owner. The creator of a work who holds moral rights is not necessarily the copyright owner. Creators have the right to be attributed or credited for the work, not to have their work falsely attributed and not to have their work treated in a derogatory way. Staff Member Staff member means all academic and general employees of CIT and CIT Solutions, whether employed full-time, part-time or casual, and includes consultants engaged on contract. Student Student means any person currently enrolled, either part-time or full-time, in one or more courses offered by CIT or CIT Solutions. Third Party Third party means an organisation or individual who is not a staff member and has not assigned their intellectual property to CIT or CIT Solutions. Principles 1. Who should own intellectual property in both written and electronic form as provided for by the Copyright Act 1968 (Cth), except as otherwise agreed in writing between the staff member and delegate. 2. Should student own the intellectual property when they create in the course of their studies and/or research at CIT, except as otherwise agreed in writing? 3. Where issues arise in relation to the ownership of intellectual property ------------------------------------ (who?) must be consulted. 4. All CIT intellectual property will include a CIT copyright notice, and be stored and be retrievable from the approved CIT systems. See CIT IP Procedures. 5. CIT acknowledges moral rights granted to creators under the -------------------(Act name). The creators of works in which CIT owns copyright will be attributed, unless: (a) the creator requests CIT not to attribute: (b) the creator agrees with CIT that it is not appropriate to be attributed: or (c) CIT considers that it is not reasonable to attribute the creator, as outlined in the -------------------(Act name). 6. Generally copyright lasts in a work for ---- years after the death of the creator, or --- years after its first publication. If copyright expired before 1 January 2005, it was not revived, even if it was less than ____ years. 7. Although computer programs are defined under the Copyright Act as literary works, they are expressly excluded from the statutory licences for copying for educational use. The Act permits the owner of a legitimate copy of a computer program to make a back-up copy of the program, for the sole purpose of using it in place of the purchased copy if this is lost, destroyed or rendered unusable. The back-up copy may not be made if the copyright owner makes an express direction to that effect at or before the time of purchase, for example on the package. 8. Use of third party intellectual property by CIT staff is authorised by agreement/ licence, by exclusions within the Copyright Act (1968) or by a Statutory licence. CIT staff must acknowledge the use of third party intellectual property with the appropriate citations. All CIT staff are responsible for ensuring that CIT is not infringing upon the intellectual property rights of others in the reproduction, adaptation and use of the material. 9. Development of intellectual property prepared for commercial sale or delivery that relies on the use of, or builds on third party intellectual property, must address in a written agreement the ownership of, and rights to use the third party intellectual property. 10. All agreements relating to intellectual property must be in writing and address IP ownership including rights to pre-existing intellectual property, and that created as part of the agreement. The written agreement must be lodged with the appropriate Delegate. Delegations Delegation Manual Delegation Number Delegation Delegate Nil Review Date This Policy is due for review July 2018 or when changes to work practices or the Authority Source noted below render the policy out of date. Minor amendments do not alter the review date. Documentation Authority Source Canberra Institute of Technology Act 1987 Related Documents 1. Commonwealth Copyright Act 1968 2. Commonwealth Copyright regulations 3. Student copyright and plagiarism information is available in the CIT Student Information Book 4. CIT Educational Policies • CIT Archive Policy 5. CIT Staff Resources • CIT Corporate Style Guide Supporting Guide 6. CIT Staff Support > Copyright Information Copyright and Plagiarism information for CIT students on LibGuides Copyright for Teachers information for CIT teachers on LibGuides Australian Copyright Council Information Sheets Smartcopying – Official Guide for Copyright issues in the Australian School and TAFE Sector