Professional Documents
Culture Documents
Instructions for the This is a project-based assessment and will be assessing the student on
trainer and assessor their knowledge and performance of the unit.
Assessment Feedback.
Part 1
Part 2
Part 3
o Email to client
o Email to supervisor
result.
The assessment feedback page must be signed by both the student and
the assessor so the student displays that they have received,
understood and accepted the feedback.
Complete the assessment feedback to the student and ensure you have
taken a copy of the assessment prior to it being returned to the
student.
Ensure the student’s name appears on the bottom of each page of the
submitted assessment.
About this marking All tasks and activities must responded to correctly in order to
guide satisfactorily complete this assessment event.
Rules of Evidence:
o Validity – does the answer address the assessment
question and does the evidence reflect the four
dimensions of competency?
o Sufficiency – is the answer sufficient in terms of length
and depth?
o Currency – has the work been done so recently as to
be current?
o Authenticity – is this work the student’s own authentic
work?
Principles of Assessment:
o Fairness – individual student’s needs are considered in
the assessment process
o Flexibility – assessment is flexible to the individual
student
Assessment Assessment conditions for Parts 2 and 3.1 should replicate the
conditions workplace, including noise levels, production flow, interruptions and
time variances.
Student must provide USB drive or other storage method to save work to, with at
least 500KB free space.
Three hours.
Parts 2 and 3.2 will be completed in class, or, for online students, via an
Assessment location online meeting with the assessor.
1. First, the copyright statement needs to be expanded into a copyright policy covering the
whole organisation. Write a clause for the copyright policy dealing specifically with the
responsibility of DataTrust employees towards copyright and intellectual property within the
organisation. The clause must align with legislation and industry standards (list the relevant
legislation and industry standards).
2. Outline the procedures (in point form) that DataTrust employees must follow in order to
apply the copyright policy, ensuring that they’re ethical.
3. Previously you looked at how well DataTrust’s privacy policy covers APP 11. What
amendments can you suggest to the privacy policy regarding storage and security of personal
information, to make sure it aligns with privacy legislation? (List the relevant legislation).
4. Outline the physical and operating system security procedures and features (in point form)
as recommendations to be implemented or enhanced, to complement your privacy policy
amendments.
5. DataTrust doesn’t have a code of ethics so you’ll need to develop one. Write at least two
points for a code of ethics that align to legislation and industry standards (list the relevant
legislation and industry standards).
6. Along with the new code of ethics, management needs a grievance procedure (this should
include a review process) to enable confidential reporting of any ethical issues. Write a
procedure (in point form) that could be followed for this.
7. Develop an implementation and review plan that DataTrust could use to ensure that the
policies will be effectively employed by its staff members, including regular checks and
reviews of work practices. This must include the following:
o Outline three appropriate methods and processes to communicate the policies and
procedures to staff members and clients (the stakeholders).
Hold an initial meeting to inform the staff, then hold regular monthly
meetings to check that the procedures are being maintained and obtain
feedback
Send out documents by email initially, then use email to report on the
monthly meetings
Include an article in the client newsletter announcing the new policies and
procedures, emphasising DataTrust’s commitment to them. Include
information in the article about how to contact with any feedback.
(Other methods may include intranet, posters within the workplace, training
etc.)
o Provide training
o Stakeholder workshops
For face-to-face students, your assessor will observe the role play.
For online students, make an appointment with your assessor for an online meeting.
Assessors are to observe and ask questions the student’s role play via an online meeting such
as Skype or Adobe Connect.
You must articulate your ideas and requirements clearly and appropriately for your audience
(staff members).
You must use appropriate listening and questioning techniques to elicit feedback and ideas.
Staff members – arrange for two other people to participate as staff members
1. Distribute your policies and procedures either electronically, for example, as a PowerPoint
presentation using the DataTrust PowerPoint template (DT_Powerpoint.potx), or as a printed
document using the DataTrust report template (DT_Report.dotx), as appropriate.
2. Explain your clause for the Copyright Policy, including the procedures that employees will
need to follow.
3. Explain your amendments for the Privacy Policy, including the system security procedures
that employees will need to follow.
4. Explain your two points for the Code of Ethics.
5. Explain your grievance procedure.
6. Outline the implementation plan.
7. Ask your audience for feedback on the policies and procedures. If no one has any general
feedback, you must ask specific questions.
8. Your assessor will ask you additional questions relevant to the scenario.
Requirements have also been established under the Privacy Act for entities in responding to data
breaches, known as the Notifiable Data Breaches (NDB) scheme, which DataTrust is obliged to abide
by.
You’ve been asked to monitor the implementation of DataTrust’s Privacy Policy and Code of Ethics by
following up with two clients who have been affected by data breaches, as well as report to your
supervisor on the outcome of your review.
1. The CIO, Mark Thrift received a complaint from a client, Tricia Portman. Tricia called the Accounts
section to query an invoice and spoke to Brian Cotswald. Brian went on to disclose her personal
information without having verified her identify.
Tricia sees this as a breach of privacy and is very upset that the DataTrust Privacy Policy has not
been adhered to by Brian.
You’ve been asked to follow up with Tricia, so you’ll need to review the DataTrust Privacy Policy
(Privacy Policy.pdf).
Write an email to Tricia, using the email template (DT_Email.dotx), as follows (minimum 75 and
maximum 200 words):
o Thank Tricia for her feedback, explaining how it will be used to assist the organisation
o Outline DataTrust’s requirements that should have been followed, according to the
Privacy Policy, to ensure good customer service.
Thank you for your feedback on the incident with one of our staff members regarding the disclosure
of your personal information without verification.
This information will assist us to improve our policies and procedures, which I’ll be looking into.
According to our privacy policy, our staff members are not allowed to give out any client information
on the telephone to anyone who isn’t authorised. Unfortunately, this procedure wasn’t followed in
this instance. We will endeavour to assist this staff member to follow the correct procedure in the
future.
Thanks
John Doe
After this incident, management would like you to verbally interview the affected clients to make
sure that they’re receiving appropriate service from staff members, according to the newly
implemented Code of Ethics (your suggestions from Part 1).
Participate in a role play (minimum two and maximum five minutes, including assessor
questions) to verbally interview a client ensuring you meet assessment conditions.
For face-to-face students, your assessor will observe the role play.
For online students, make an appointment with your assessor for an online meeting.
Assessors are to observe the student’s role play via an online meeting such as Skype or
Adobe Connect.
You must articulate your ideas and requirements clearly and appropriately for your
audience (staff members).
You must use appropriate listening and questioning techniques to elicit feedback and
ideas.
1. Explain to the client the reason for the interview, referring to your obligations under the
NDB scheme
2. Outline DataTrust’s requirements for ethical customer service (i.e. your two points for
the code of ethics)
o Summarise the feedback you received from the staff members (Part 2) and clients
(Part 3)
o Identify and list the section of the Privacy Policy that wasn’t adhered to by Brian
o Suggest two procedures that could be implemented to avoid this situation in the
future, including one that relates to system security.
Feedback from the client in 3.1 is that she believes that there has been a breach of privacy and the
policy hasn’t been adhered to.
Feedback from the client in 3.2 will vary, should be according to the role play.
The section from the Privacy Policy that wasn’t adhered to by Brian is under the heading “How do we
protect the information we store?” as follows:
DataTrust staff or sub-contractors may not give out any information regarding our clients via the
telephone to non-authorised parties, unless directly related to a current business activity for a
client.
This implies that the person on the phone should have been verified to ascertain whether they were
an authorised party.
TASK/STEP Instructions
S U/S Assessor Comments
#
TASK/STEP Instructions
S U/S Assessor Comments
#
Part 2.2 Explains their clause for the copyright This should reflect their
policy answers for Part 1
Part 2.2 Explains the employee procedures for This should reflect their
Part 2.3 Explains their amendments for the This should reflect their
privacy policy answers for Part 1
Part 2.4 Explains their points for the Code of This should reflect their
Ethics answers for Part 1
Part 2.5 Explains their grievance procedure This should reflect their
answers for Part 1
Part 2.6 Outlines their implementation plan This should reflect their
answers for Part 1
Suggested answer
2. How is privacy
legislation relevant to
ICT organisations?
Suggested answer
Privacy legislation is
relevant to ICT
organisations because
they will be the ones
responsible for
implementing privacy
procedures on websites
and in systems and so
must be aware of the
requirements.
Suggested answer
My code of ethics is
relevant to DataTrust
because we provide
customer service, we are
a security company so
should be held to a
higher standard (etc. as
relevant to their
particular points).
TASK/STEP Instructions
S U/S Assessor Comments
#
Part 3.2 Effectively undertakes role play Student should remain calm,
despite noise and distractions may take action such as moving
away from the noise
Part 3.2 Uses appropriate listening and This may include active listening
questioning techniques to elicit techniques (nodding, making eye
feedback and ideas contact, reflecting etc.)