Privacy

The Information Act 2002 recognises that it is often necessary to find a balance between the privacy interests of the person whose information is collected or handled and the legitimate interests of good government and other people.

The IPPs set out general rules for organisations to apply. But those rules are subject to qualifications and exceptions that recognise those other interests.

Examples of those qualifications and exceptions are:

• IPP 1.4 requires that information about a person only be collected from that person, so long as that is reasonable and practicable. This recognises that there can be cases where obtaining information directly from the individual would be unreasonable, eg., where it might prejudice a covert police operation.
• IPP 2.1 prohibits use and disclosure of information for a purpose other than the purpose it was collected for, but then sets out a number of exceptions. This recognises that it can be in the public interest to use or disclose information that was originally collected for one purpose for other purposes, for example, for law enforcement purposes.
• IPP 6.1 provides a general right of access by an individual to his or her personal information. But it also lists cases in which access to particular information can be refused, eg., if providing access would unreasonably interfere with the privacy of another person.
• Sections 69-71 of the Information Act provide for exclusion or variation from the IPPs in relation to some functions, including court proceedings, law enforcement activities and research (see the Special rules for some information and organisations page for more).

Information Privacy Principles

Collection (IPPs 1, 7, 8, 10)

Personal information about you-

• can only be collected if it is necessary for the activities of the organisation;
• must be collected in a lawful, fair and not unreasonably intrusive way;
• must be collected from you, if that is reasonable and practicable.
• There are special limits on collection of sensitive information, identifying information and unique identifying codes (eg., driver's licence numbers).

Use and Disclosure (IPPs 2, 7, 9)

Personal information can be used or disclosed for the purpose for which it was collected. The IPPs limit the other purposes (secondary purposes) for which personal information can be used or disclosed within the organisation or outside the organisation. Use or disclosure for secondary purposes is allowed-

• if you consent;
• if it is required or authorised by law;
• for some purposes related to the primary purpose
• for some law enforcement and health and safety purposes.

There are also limits on transferring information outside the Territory and on use and disclosure of unique identifying codes (eg., driver's licence numbers).

Management (IPPs 3, 4)

Each organisation must take reasonable steps to -

• ensure that personal information is accurate, complete and up to date;
• protect personal information from misuse and loss and from unauthorised access, modification or disclosure;
• destroy or permanently de-identify personal information if it is no longer needed for any purpose.

Openness (IPPs 1, 5 and 6)

Each organisation must-

• make available to you on request its privacy policies and details about personal information held by it;
• take reasonable steps to ensure that you are aware of certain information at the time your personal information is collected (eg., the purpose for collection);
• allow you to seek access to your personal information;
• allow you to seek correction of inaccurate, incomplete or out-of-date information.

If you want to complain about a breach of privacy, obtain information, or you are concerned about why or how your information has been collected or handled, you should contact the organisation concerned.

If you have trouble contacting the right person in the organisation, you can contact us for further assistance.

For events that happen after 1 July 2004, you will be able to complain to the Information Commissioner about a breach of the IPPs or other interference with your privacy, so long as you have requested the organisation to take action and you have not received a satisfactory response.

For more information, visit Privacy Making an Inquiry or Complaint.

There is no fee for making a complaint about a breach of privacy either to the organisation or to the Information Commissioner.

IPP 6 says that, if a fee is charged for the cost of providing access to personal information, it must not be excessive.

Limited cover for some organisations.

The IPPs don't apply to:

• proceedings before a court or tribunal;
• courts, in relation to their judicial functions;
• tribunals, in relation to their decision-making functions;
• a coroner, in relation to an inquest or inquiry;
• a magistrate or justice, in relation to a preliminary examination.
• Local authorities
  • The IPPs will only apply to local authorities from 1 July 2005.
• Publicly available information:
  • The IPPs do not apply to most publicly available information.

The Information Act 2002 does not apply to Commonwealth agencies or private organisations. There is a Commonwealth Privacy scheme that applies to Commonwealth government agencies and some private businesses. You can contact the agency or business concerned, or the Federal Privacy Commissioner to see whether they are covered by a Privacy scheme.

The website of the Privacy Victoria has a lot of useful information. The NT Privacy Principles are very similar to the Victorian privacy principles but you should always remember that there are some differences.

The websites of the Federal Privacy Commissioner and the New South Wales Privacy Commissioner also have a lot of useful information. But it is important to remember that the wording of the privacy principles for the Commonwealth and New South Wales differs from the NT principles in a number of ways.