Privacy Law & Lawyers

Privacy Law & Lawyers News

News, updates and further information - Privacy Law & Lawyers

On 1 November 2010 the Office of the Privacy Commissioner was integrated into the Office of the Australian Information Commissioner (OAIC).

The federal Privacy Act does not regulate state or territory agencies, except for the Australian Capital Territory (ACT). For information on privacy regulations in the states and territories please refer to the appropriate state or territory section below.

If you need legal help regarding privacy law, then please complete your free legal enquiry form on the right, or click here.

Australian Capital Territory

The federal Privacy Act in a slightly amended version applies to Australian Capital Territory government agencies and is administered by the Privacy Commissioner on behalf of the ACT government. The Health Records (Privacy and Access) Act 1997 (Health Records Act) covers health records held in the public sector in the ACT and also seeks to apply to acts or practices in the private sector not covered by the Privacy Act. The Health Records Act contains privacy principles based on the federal legislation but modified to suit the requirements of health records. The Human Rights Commission handles health record privacy complaints.

The ACT has also enacted the Human Rights Act 2004 which incorporates a right for an individual not to have their privacy, family, home or correspondence interfered with unlawfully or arbitrarily.

Relevant Australian Capital Territory laws include:

•Privacy Act (1988)
•Australian Capital Territory Government Service (Consequential Provisions) Act 1994
•Health Records (Privacy and Access) Act 1997
•Human Rights Act 2004
•Freedom of Information Act 1989
•Territory Records Act 2002 (public records)
•Human Rights Act 2004 (right to privacy)
•Spent Convictions Act 2000
•Listening Devices Act 1992

Northern Territory

The Information Commissioner for the Northern Territory is the independent authority responsible for overseeing the Freedom of Information (FOI) and privacy provisions of the Northern Territory Information Act 2002 (Information Act).

The Information Act which covers the protection of personal information, record keeping and archive management of information held in the public sector was passed in October 2002 and commenced 1 July 2003. The Information Act incorporates FOI, privacy principles and record and archive management.

Relevant Northern Territory laws include:

•Information Act 2002 (privacy, FOI and public records)
•Criminal Records (Spent Convictions) Act 1992
•Surveillance Devices Act 2007
•Telecommunications (Interception) Northern Territory Act 2001

New South Wales

The Privacy and Personal Information Protection Act 1998 (PPIP Act) deals with how all New South Wales public sector agencies manage personal information. It also sets out the role of the Office of the New South Wales Privacy Commissioner.

While the PPIP Act applies primarily to the New South Wale public sector, it gives the New South Wales Privacy Commissioner the power to investigate and conciliate privacy breaches by organisations and individuals who are not public sector agencies.

The Health Records and Information Privacy Act 2002 (HRIP Act) came into effect on 1 September 2004. It governs the handling of health information in the public sector, and it also seeks to regulate the handling of health information in the private sector in New South Wales. In December 2004 Privacy NSW developed four statutory guidelines under the HRIP Act. These guidelines are legally binding documents that define the scope of particular exemptions in the health privacy principles.

Relevant New South Wales laws include:

•Privacy and Personal Information Protection Act 1998
•Health Records and Information Privacy Act 2002
•Freedom of Information Act 1989
•State Records Act 1998
•Criminal Records Act 1991 (Spent Convictions)
•Listening Devices Act 1984
•Workplace Surveillance Act 2005
•Telecommunications (Interception and Access) (New South Wales) Act 1987
•Access to Neighbouring Land Act 2000, esp. s.16 and s.26.
•Crimes (Forensic Procedures) Act 2000

If you need legal help regarding privacy law, then please complete your free legal enquiry form on the right, or click here.

Queensland

The Information Privacy Act 2009 regulates the handling of personal information by Queensland government agencies. It contains 11 Information Privacy Principles which set out the way that all Queensland government agencies except Queensland Health are to handle personal information. It also contains nine National Privacy Principles which set out the way that Queensland Health is to handle personal information. Note that some provisions of this legislation are yet to commence. For further information, see the Queensland Office of the Information Commissioner’s website.

Before the commencement of the Information Privacy Act 2009, a privacy scheme applied to Queensland government agencies and most statutory government-owned corporations. The regime, based on the federal Information Privacy Principles, included Information Standards and Privacy Guidelines. To ensure a nationally consistent approach between the Queensland public health sector and private health sectors, the scheme required Queensland Health to comply with principles which were the same as the 10 federal NPPs.

The Queensland Health Quality and Complaints Commission provides an enquiry service and a health complaint system, including privacy-related complaints involving the State public health sector.

Other relevant Queensland laws include:

•Right to Information Act 2009
•Public Records Act 2002
•Criminal Law (Rehabilitation of Offenders) Act 1986 (spent convictions)
•Invasion of Privacy Act 1971 (listening devices, invasion of privacy of the home)
•Whistleblowers Protection Act 1994
•Police Powers and Responsibilities Act 2000 (Chapter 4 deals with covert evidence-gathering powers)
•Private Employment Agents (Code of Conduct) Regulation 2005 (provisions 14 and 15 deal with work seekers' information and the need to ensure it is not disclosed or improperly used).
Relevant Queensland case law

•Grosse v Purvis [2003] QDC 151 (16 June 2003).

South Australia

South Australia has issued an administrative instruction requiring its government agencies to generally comply with a set of Information Privacy Principles and has established a privacy committee.

South Australia also has a Code of Fair Information Practice based on the National Privacy Principles. This Code applies to the South Australian Department of Health and its funded service providers and to others with access to the Department’s personal information.

Relevant South Australian laws include:

•Freedom of Information Act 1991
•State Records Act 1997
•Listening and Surveillance Devices Act 1972
•Telecommunications (Interception) Act 1988

Tasmania

In 1997 Tasmania issued Information Privacy Principles based on the federal Privacy Act and recommended the principles to Tasmanian government agencies. These Information Privacy Principles have been superseded by the Personal Information and Protection Act 2004 which came into effect on 5 September 2005. It applies to the public and local government sectors and the University of Tasmania. The Act is administered by the Department of Justice and complaints may be made to the Tasmanian Ombudsman. General information on the Act is hosted on the Department of Premier and Cabinet web site.

Relevant Tasmanian laws include:

•Personal Information Protection Act 2004
•Freedom of Information Act 1991
•Archives Act 1983
•Annulled Convictions Act 2003 (spent convictions)
•Listening Devices Act 1991
•Telecommunications (Interception) Tasmania Act 1999

Victoria

The Victorian Information Privacy Act 2000 (VIP Act) came into effect on 1 September 2002. The VIP Act covers the handling of all personal information except health information in the public sector in Victoria. This Act adopts ten Information Privacy Principles which are similar to the NPPs set out in the federal Privacy Act. The Office of the Victorian Privacy Commissioner has more information.

The Victorian Health Records Act 2001 (Health Records Act) came into effect from 1 July 2002. This Act covers the handling of all personal information held by health service providers in the State public sector and also seeks to govern acts or practices in the Victorian private health sector. The Health Records Act contains a set of principles adapted from the National Privacy Principles. The Office of the Health Services Commissioner provides more information.

The Charter of Human Rights and Responsibilities Act 2006 commenced on 1 January 2007 and became fully operational on 1 January 2008. The Charter incorporates a general right to privacy for individuals in addition to other rights, and is administered by the Victorian Equal Opportunity and Human Rights Commission.

Relevant Victorian laws include:

•Information Privacy Act 2000
•Health Records Act 2000
•Charter of Human Rights and Responsibilities Act 2006
•Freedom of Information Act 1982
•Public Records Act 1973
•Surveillance Devices Act 1999
•Telecommunications (Interception) (State Provisions) Act 1988
Relevant Victorian case law:

•Jane Doe v Australian Broadcasting Corporation [2007] VCC 281 (3 April 2007)

Western Australia

The State public sector in Western Australia does not currently have a legislative privacy regime. Various confidentiality provisions cover government agencies and some of the privacy principles are provided for in the Freedom of Information Act 1992. On 28 March 2007 the Information Privacy Bill 2007 was introduced to the WA Parliament.

If enacted, it will establish a set of Information Privacy Principles and regulate the handling of personal information by the public sector and the handling of health information by the public and private sectors. It will also establish an Information and Privacy Commissioner (encompassing the current Information Commissioner) and provide for that Office to be amalgamated with the Office of the Western Australian Ombudsman.

Relevant Western Australian laws include:

•Freedom of Information Act 1992
•Health Services (Conciliation and Review) Act 1995
•State Records Act 2000
•Spent Convictions Act 1988
•Surveillance Devices Act 1998
•Telecommunications (Interception) Western Australia Act 1996

The eleven Information Privacy Principlesas extracted from Section 14 of the Privacy Act 1988 (Cth):

Principle 1 - Manner and purpose of collection of personal information
1. Personal information shall not be collected by a collector for inclusion in a record or in a generally available publication unless:

(a) the information is collected for a purpose that is a lawful purpose directly related to a function or activity of the collector; and

(b) the collection of the information is necessary for or directly related to that purpose.

2. Personal information shall not be collected by a collector by unlawful or unfair means.

Principle 2 - Solicitation of personal information from individual concerned
Where:

(a) a collector collects personal information for inclusion in a record or in a generally available publication; and

(b) the information is solicited by the collector from the individual concerned;

the collector shall take such steps (if any) as are, in the circumstances, reasonable to ensure that, before the information is collected or, if that is not practicable, as soon as practicable after the information is collected, the individual concerned is generally aware of:

(c) the purpose for which the information is being collected;

(d) if the collection of the information is authorised or required by or under law - the fact that the collection of the information is so authorised or required; and

(e) any person to whom, or any body or agency to which, it is the collector's usual practice to disclose personal information of the kind so collected, and (if known by the collector) any person to whom, or any body or agency to which, it is the usual practice of that first mentioned person, body or agency to pass on that information.

Principle 3 - Solicitation of personal information generally
Where:

(a) a collector collects personal information for inclusion in a record or in a generally available publication; and

(b) the information is solicited by the collector:

the collector shall take such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is collected:

(c) the information collected is relevant to that purpose and is up to date and complete; and

(d) the collection of the information does not intrude to an unreasonable extent upon the personal affairs of the individual concerned.

Principle 4 - Storage and security of personal information
A record-keeper who has possession or control of a record that contains personal information shall ensure:

(a) that the record is protected, by such security safeguards as it is reasonable in the circumstances to take, against loss, against unauthorised access, use, modification or disclosure, and against other misuse; and

(b) that if it is necessary for the record to be given to a person in connection with the provision of a service to the record-keeper, everything reasonably within the power of the record-keeper is done to prevent unauthorised use or disclosure of information contained in the record.

Principle 5 - Information relating to records kept by record-keeper
1. A record-keeper who has possession or control of records that contain personal information shall, subject to clause 2 of this Principle, take such steps as are, in the circumstances, reasonable to enable any person to ascertain:

(a) whether the record-keeper has possession or control of any records that contain personal information; and

(b) if the record-keeper has possession or control of a record that contains such information:

(i) the nature of that information;

(ii) the main purposes for which that information is used; and

(iii) the steps that the person should take if the person wishes to obtain access to the record.

2. A record-keeper is not required under clause 1 of this Principle to give a person information if the record-keeper is required or authorised to refuse to give that information to the person under the applicable provisions of any law of the Commonwealth that provides for access by persons to documents.

3. A record-keeper shall maintain a record setting out:

(a) the nature of the records of personal information kept by or on behalf of the record-keeper;

(b) the purpose for which each type of record is kept;

(c) the classes of individuals about whom records are kept;

(d) the period for which each type of record is kept;

(e) the persons who are entitled to have access to personal information contained in the records and the conditions under which they are entitled to have that access; and

(f) the steps that should be taken by persons wishing to obtain access to that information.

4. A record-keeper shall:

(a) make the record maintained under clause 3 of this Principle available for inspection by members of the public; and

(b) give the Commissioner, in the month of June in each year, a copy of the record so maintained.

Principle 6 - Access to records containing personal information
Where a record-keeper has possession or control of a record that contains personal information, the individual concerned shall be entitled to have access to that record, except to the extent that the record-keeper is required or authorised to refuse to provide the individual with access to that record under the applicable provisions of any law of the Commonwealth that provides for access by persons to documents.

Principle 7 - Alteration of records containing personal information
1. A record-keeper who has possession or control of a record that contains personal information shall take such steps (if any), by way of making appropriate corrections, deletions and additions as are, in the circumstances, reasonable to ensure that the record:

(a) is accurate; and

(b) is, having regard to the purpose for which the information was collected or is to be used and to any purpose that is directly related to that purpose, relevant, up to date, complete and not misleading.

2. The obligation imposed on a record-keeper by clause 1 is subject to any applicable limitation in a law of the Commonwealth that provides a right to require the correction or amendment of documents.

3. Where:

(a) the record-keeper of a record containing personal information is not willing to amend that record, by making a correction, deletion or addition, in accordance with a request by the individual concerned; and

(b) no decision or recommendation to the effect that the record should be amended wholly or partly in accordance with that request has been made under the applicable provisions of a law of the Commonwealth;

the record-keeper shall, if so requested by the individual concerned, take such steps (if any) as are reasonable in the circumstances to attach to the record any statement provided by that individual of the correction, deletion or addition sought.

Principle 8 - Record-keeper to check accuracy etc of personal information before use
A record-keeper who has possession or control of a record that contains personal information shall not use that information without taking such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is proposed to be used, the information is accurate, up to date and complete.

Principle 9 - Personal information to be used only for relevant purposes
A record-keeper who has possession or control of a record that contains personal information shall not use the information except for a purpose to which the information is relevant.

Principle 10 - Limits on use of personal information
1. A record-keeper who has possession or control of a record that contains personal information that was obtained for a particular purpose shall not use the information for any other purpose unless:

(a) the individual concerned has consented to use of the information for that other purpose;

(b) the record-keeper believes on reasonable grounds that use of the information for that other purpose is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or another person;

(c) use of the information for that other purpose is required or authorised by or under law;

(d) use of the information for that other purpose is reasonably necessary for enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue; or

(e) the purpose for which the information is used is directly related to the purpose for which the information was obtained.

2. Where personal information is used for enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue, the record-keeper shall include in the record containing that information a note of that use.

Principle 11 - Limits on disclosure of personal information
1. A record-keeper who has possession or control of a record that contains personal information shall not disclose the information to a person, body or agency (other than the individual concerned) unless:

(a) the individual concerned is reasonably likely to have been aware, or made aware under Principle 2, that information of that kind is usually passed to that person, body or agency;

(b) the individual concerned has consented to the disclosure;

(c) the record-keeper believes on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or of another person;

(d) the disclosure is required or authorised by or under law; or

(e) the disclosure is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue.

2. Where personal information is disclosed for the purposes of enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the purpose of the protection of the public revenue, the record-keeper shall include in the record containing that information a note of the disclosure.

3. A person, body or agency to whom personal information is disclosed under clause 1 of this Principle shall not use or disclose the information for a purpose other than the purpose for which the information was given to the person, body or agency.

If you need legal advice regarding Privacy Law, then please complete your free legal enquiry form on the right, and we will put you in touch with a Privacy Law lawyer nearest you, who can help you with Privacy Law.

Our free legal enquiry service for Privacy Law extends to all suburbs throughout Australia.

News, updates and further information - Privacy Law & Lawyers

On 1 November 2010 the Office of the Privacy Commissioner was integrated into the Office of the Australian Information Commissioner (OAIC).

The federal Privacy Act does not regulate state or territory agencies, except for the Australian Capital Territory (ACT). For information on privacy regulations in the states and territories please refer to the appropriate state or territory section below.

If you need legal help regarding privacy law, then please complete your free legal enquiry form on the right, or click here.

Australian Capital Territory

The federal Privacy Act in a slightly amended version applies to Australian Capital Territory government agencies and is administered by the Privacy Commissioner on behalf of the ACT government. The Health Records (Privacy and Access) Act 1997 (Health Records Act) covers health records held in the public sector in the ACT and also seeks to apply to acts or practices in the private sector not covered by the Privacy Act. The Health Records Act contains privacy principles based on the federal legislation but modified to suit the requirements of health records. The Human Rights Commission handles health record privacy complaints.

The ACT has also enacted the Human Rights Act 2004 which incorporates a right for an individual not to have their privacy, family, home or correspondence interfered with unlawfully or arbitrarily.

Relevant Australian Capital Territory laws include:

•Privacy Act (1988)
•Australian Capital Territory Government Service (Consequential Provisions) Act 1994
•Health Records (Privacy and Access) Act 1997
•Human Rights Act 2004
•Freedom of Information Act 1989
•Territory Records Act 2002 (public records)
•Human Rights Act 2004 (right to privacy)
•Spent Convictions Act 2000
•Listening Devices Act 1992

Northern Territory

The Information Commissioner for the Northern Territory is the independent authority responsible for overseeing the Freedom of Information (FOI) and privacy provisions of the Northern Territory Information Act 2002 (Information Act).

The Information Act which covers the protection of personal information, record keeping and archive management of information held in the public sector was passed in October 2002 and commenced 1 July 2003. The Information Act incorporates FOI, privacy principles and record and archive management.

Relevant Northern Territory laws include:

•Information Act 2002 (privacy, FOI and public records)
•Criminal Records (Spent Convictions) Act 1992
•Surveillance Devices Act 2007
•Telecommunications (Interception) Northern Territory Act 2001

New South Wales

The Privacy and Personal Information Protection Act 1998 (PPIP Act) deals with how all New South Wales public sector agencies manage personal information. It also sets out the role of the Office of the New South Wales Privacy Commissioner.

While the PPIP Act applies primarily to the New South Wale public sector, it gives the New South Wales Privacy Commissioner the power to investigate and conciliate privacy breaches by organisations and individuals who are not public sector agencies.

The Health Records and Information Privacy Act 2002 (HRIP Act) came into effect on 1 September 2004. It governs the handling of health information in the public sector, and it also seeks to regulate the handling of health information in the private sector in New South Wales. In December 2004 Privacy NSW developed four statutory guidelines under the HRIP Act. These guidelines are legally binding documents that define the scope of particular exemptions in the health privacy principles.

Relevant New South Wales laws include:

•Privacy and Personal Information Protection Act 1998
•Health Records and Information Privacy Act 2002
•Freedom of Information Act 1989
•State Records Act 1998
•Criminal Records Act 1991 (Spent Convictions)
•Listening Devices Act 1984
•Workplace Surveillance Act 2005
•Telecommunications (Interception and Access) (New South Wales) Act 1987
•Access to Neighbouring Land Act 2000, esp. s.16 and s.26.
•Crimes (Forensic Procedures) Act 2000

If you need legal help regarding privacy law, then please complete your free legal enquiry form on the right, or click here.

Queensland

The Information Privacy Act 2009 regulates the handling of personal information by Queensland government agencies. It contains 11 Information Privacy Principles which set out the way that all Queensland government agencies except Queensland Health are to handle personal information. It also contains nine National Privacy Principles which set out the way that Queensland Health is to handle personal information. Note that some provisions of this legislation are yet to commence. For further information, see the Queensland Office of the Information Commissioner’s website.

Before the commencement of the Information Privacy Act 2009, a privacy scheme applied to Queensland government agencies and most statutory government-owned corporations. The regime, based on the federal Information Privacy Principles, included Information Standards and Privacy Guidelines. To ensure a nationally consistent approach between the Queensland public health sector and private health sectors, the scheme required Queensland Health to comply with principles which were the same as the 10 federal NPPs.

The Queensland Health Quality and Complaints Commission provides an enquiry service and a health complaint system, including privacy-related complaints involving the State public health sector.

Other relevant Queensland laws include:

•Right to Information Act 2009
•Public Records Act 2002
•Criminal Law (Rehabilitation of Offenders) Act 1986 (spent convictions)
•Invasion of Privacy Act 1971 (listening devices, invasion of privacy of the home)
•Whistleblowers Protection Act 1994
•Police Powers and Responsibilities Act 2000 (Chapter 4 deals with covert evidence-gathering powers)
•Private Employment Agents (Code of Conduct) Regulation 2005 (provisions 14 and 15 deal with work seekers' information and the need to ensure it is not disclosed or improperly used).
Relevant Queensland case law

•Grosse v Purvis [2003] QDC 151 (16 June 2003).

South Australia

South Australia has issued an administrative instruction requiring its government agencies to generally comply with a set of Information Privacy Principles and has established a privacy committee.

South Australia also has a Code of Fair Information Practice based on the National Privacy Principles. This Code applies to the South Australian Department of Health and its funded service providers and to others with access to the Department’s personal information.

Relevant South Australian laws include:

•Freedom of Information Act 1991
•State Records Act 1997
•Listening and Surveillance Devices Act 1972
•Telecommunications (Interception) Act 1988

Tasmania

In 1997 Tasmania issued Information Privacy Principles based on the federal Privacy Act and recommended the principles to Tasmanian government agencies. These Information Privacy Principles have been superseded by the Personal Information and Protection Act 2004 which came into effect on 5 September 2005. It applies to the public and local government sectors and the University of Tasmania. The Act is administered by the Department of Justice and complaints may be made to the Tasmanian Ombudsman. General information on the Act is hosted on the Department of Premier and Cabinet web site.

Relevant Tasmanian laws include:

•Personal Information Protection Act 2004
•Freedom of Information Act 1991
•Archives Act 1983
•Annulled Convictions Act 2003 (spent convictions)
•Listening Devices Act 1991
•Telecommunications (Interception) Tasmania Act 1999

Victoria

The Victorian Information Privacy Act 2000 (VIP Act) came into effect on 1 September 2002. The VIP Act covers the handling of all personal information except health information in the public sector in Victoria. This Act adopts ten Information Privacy Principles which are similar to the NPPs set out in the federal Privacy Act. The Office of the Victorian Privacy Commissioner has more information.

The Victorian Health Records Act 2001 (Health Records Act) came into effect from 1 July 2002. This Act covers the handling of all personal information held by health service providers in the State public sector and also seeks to govern acts or practices in the Victorian private health sector. The Health Records Act contains a set of principles adapted from the National Privacy Principles. The Office of the Health Services Commissioner provides more information.

The Charter of Human Rights and Responsibilities Act 2006 commenced on 1 January 2007 and became fully operational on 1 January 2008. The Charter incorporates a general right to privacy for individuals in addition to other rights, and is administered by the Victorian Equal Opportunity and Human Rights Commission.

Relevant Victorian laws include:

•Information Privacy Act 2000
•Health Records Act 2000
•Charter of Human Rights and Responsibilities Act 2006
•Freedom of Information Act 1982
•Public Records Act 1973
•Surveillance Devices Act 1999
•Telecommunications (Interception) (State Provisions) Act 1988
Relevant Victorian case law:

•Jane Doe v Australian Broadcasting Corporation [2007] VCC 281 (3 April 2007)

Western Australia

The State public sector in Western Australia does not currently have a legislative privacy regime. Various confidentiality provisions cover government agencies and some of the privacy principles are provided for in the Freedom of Information Act 1992. On 28 March 2007 the Information Privacy Bill 2007 was introduced to the WA Parliament.

If enacted, it will establish a set of Information Privacy Principles and regulate the handling of personal information by the public sector and the handling of health information by the public and private sectors. It will also establish an Information and Privacy Commissioner (encompassing the current Information Commissioner) and provide for that Office to be amalgamated with the Office of the Western Australian Ombudsman.

Relevant Western Australian laws include:

•Freedom of Information Act 1992
•Health Services (Conciliation and Review) Act 1995
•State Records Act 2000
•Spent Convictions Act 1988
•Surveillance Devices Act 1998
•Telecommunications (Interception) Western Australia Act 1996

The eleven Information Privacy Principlesas extracted from Section 14 of the Privacy Act 1988 (Cth):

Principle 1 - Manner and purpose of collection of personal information
1. Personal information shall not be collected by a collector for inclusion in a record or in a generally available publication unless:

(a) the information is collected for a purpose that is a lawful purpose directly related to a function or activity of the collector; and

(b) the collection of the information is necessary for or directly related to that purpose.

2. Personal information shall not be collected by a collector by unlawful or unfair means.

Principle 2 - Solicitation of personal information from individual concerned
Where:

(a) a collector collects personal information for inclusion in a record or in a generally available publication; and

(b) the information is solicited by the collector from the individual concerned;

the collector shall take such steps (if any) as are, in the circumstances, reasonable to ensure that, before the information is collected or, if that is not practicable, as soon as practicable after the information is collected, the individual concerned is generally aware of:

(c) the purpose for which the information is being collected;

(d) if the collection of the information is authorised or required by or under law - the fact that the collection of the information is so authorised or required; and

(e) any person to whom, or any body or agency to which, it is the collector's usual practice to disclose personal information of the kind so collected, and (if known by the collector) any person to whom, or any body or agency to which, it is the usual practice of that first mentioned person, body or agency to pass on that information.

Principle 3 - Solicitation of personal information generally
Where:

(a) a collector collects personal information for inclusion in a record or in a generally available publication; and

(b) the information is solicited by the collector:

the collector shall take such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is collected:

(c) the information collected is relevant to that purpose and is up to date and complete; and

(d) the collection of the information does not intrude to an unreasonable extent upon the personal affairs of the individual concerned.

Principle 4 - Storage and security of personal information
A record-keeper who has possession or control of a record that contains personal information shall ensure:

(a) that the record is protected, by such security safeguards as it is reasonable in the circumstances to take, against loss, against unauthorised access, use, modification or disclosure, and against other misuse; and

(b) that if it is necessary for the record to be given to a person in connection with the provision of a service to the record-keeper, everything reasonably within the power of the record-keeper is done to prevent unauthorised use or disclosure of information contained in the record.

Principle 5 - Information relating to records kept by record-keeper
1. A record-keeper who has possession or control of records that contain personal information shall, subject to clause 2 of this Principle, take such steps as are, in the circumstances, reasonable to enable any person to ascertain:

(a) whether the record-keeper has possession or control of any records that contain personal information; and

(b) if the record-keeper has possession or control of a record that contains such information:

(i) the nature of that information;

(ii) the main purposes for which that information is used; and

(iii) the steps that the person should take if the person wishes to obtain access to the record.

2. A record-keeper is not required under clause 1 of this Principle to give a person information if the record-keeper is required or authorised to refuse to give that information to the person under the applicable provisions of any law of the Commonwealth that provides for access by persons to documents.

3. A record-keeper shall maintain a record setting out:

(a) the nature of the records of personal information kept by or on behalf of the record-keeper;

(b) the purpose for which each type of record is kept;

(c) the classes of individuals about whom records are kept;

(d) the period for which each type of record is kept;

(e) the persons who are entitled to have access to personal information contained in the records and the conditions under which they are entitled to have that access; and

(f) the steps that should be taken by persons wishing to obtain access to that information.

4. A record-keeper shall:

(a) make the record maintained under clause 3 of this Principle available for inspection by members of the public; and

(b) give the Commissioner, in the month of June in each year, a copy of the record so maintained.

Principle 6 - Access to records containing personal information
Where a record-keeper has possession or control of a record that contains personal information, the individual concerned shall be entitled to have access to that record, except to the extent that the record-keeper is required or authorised to refuse to provide the individual with access to that record under the applicable provisions of any law of the Commonwealth that provides for access by persons to documents.

Principle 7 - Alteration of records containing personal information
1. A record-keeper who has possession or control of a record that contains personal information shall take such steps (if any), by way of making appropriate corrections, deletions and additions as are, in the circumstances, reasonable to ensure that the record:

(a) is accurate; and

(b) is, having regard to the purpose for which the information was collected or is to be used and to any purpose that is directly related to that purpose, relevant, up to date, complete and not misleading.

2. The obligation imposed on a record-keeper by clause 1 is subject to any applicable limitation in a law of the Commonwealth that provides a right to require the correction or amendment of documents.

3. Where:

(a) the record-keeper of a record containing personal information is not willing to amend that record, by making a correction, deletion or addition, in accordance with a request by the individual concerned; and

(b) no decision or recommendation to the effect that the record should be amended wholly or partly in accordance with that request has been made under the applicable provisions of a law of the Commonwealth;

the record-keeper shall, if so requested by the individual concerned, take such steps (if any) as are reasonable in the circumstances to attach to the record any statement provided by that individual of the correction, deletion or addition sought.

Principle 8 - Record-keeper to check accuracy etc of personal information before use
A record-keeper who has possession or control of a record that contains personal information shall not use that information without taking such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is proposed to be used, the information is accurate, up to date and complete.

Principle 9 - Personal information to be used only for relevant purposes
A record-keeper who has possession or control of a record that contains personal information shall not use the information except for a purpose to which the information is relevant.

Principle 10 - Limits on use of personal information
1. A record-keeper who has possession or control of a record that contains personal information that was obtained for a particular purpose shall not use the information for any other purpose unless:

(a) the individual concerned has consented to use of the information for that other purpose;

(b) the record-keeper believes on reasonable grounds that use of the information for that other purpose is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or another person;

(c) use of the information for that other purpose is required or authorised by or under law;

(d) use of the information for that other purpose is reasonably necessary for enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue; or

(e) the purpose for which the information is used is directly related to the purpose for which the information was obtained.

2. Where personal information is used for enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue, the record-keeper shall include in the record containing that information a note of that use.

Principle 11 - Limits on disclosure of personal information
1. A record-keeper who has possession or control of a record that contains personal information shall not disclose the information to a person, body or agency (other than the individual concerned) unless:

(a) the individual concerned is reasonably likely to have been aware, or made aware under Principle 2, that information of that kind is usually passed to that person, body or agency;

(b) the individual concerned has consented to the disclosure;

(c) the record-keeper believes on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or of another person;

(d) the disclosure is required or authorised by or under law; or

(e) the disclosure is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue.

2. Where personal information is disclosed for the purposes of enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the purpose of the protection of the public revenue, the record-keeper shall include in the record containing that information a note of the disclosure.

3. A person, body or agency to whom personal information is disclosed under clause 1 of this Principle shall not use or disclose the information for a purpose other than the purpose for which the information was given to the person, body or agency.

If you need legal advice regarding Privacy Law, then please complete your free legal enquiry form on the right, and we will put you in touch with a Privacy Law lawyer nearest you, who can help you with Privacy Law.

Our free legal enquiry service for Privacy Law extends to all suburbs and locations throughout Australia.

Privacy Law & Lawyers Updates

These news come from