IPPs 2, 7 and 9 control the use and disclosure of personal information.
IPP 2 limits the purposes for which an organisation can use or disclose information internally or disclose it to someone else.
IPP 7 limits the assignment, adoption, use and disclosure of unique identifiers (codes or numbers that identify a person, eg. a drivers licence number).
IPP 9 limits the transfer of personal information outside the Territory.
Under IPP 2, use and disclosure is limited to the primary purpose for collection unless -
This limit applies to use and disclosure within the organisation as well as disclosure outside the organisation. Personal information collected by one business unit of an organisation for a particular purpose is not automatically available for all functions of the organisation.
In each case, an organisation must judge whether use or disclosure for the particular secondary purpose is allowed by the person or otherwise under the Act.
The primary purpose for collection is the reason why the information was collected.
For information collected after 1 July 2003, this should have been identified in the process of confirming that collection was necessary for the functions or activities of the organisation, and notifying the person of the purpose for collection.
Information that can help in establishing the primary purpose may include -
The primary purpose should not be described too broadly. For example, describing the primary purpose as collection for the purpose of "administering the functions of the agency" or for the purpose of administering a particular Act, are likely to be too broad.
It appears that it is possible for there to have been more than one primary purpose for collection of information.
An organisation can use or disclose personal information if it is required or authorised by law.
Something will be required by law when there is a specific provision that places a duty on the organisation or staff member to use or disclose the information, or the law requires action to be taken which cannot be taken without the information being used or disclosed in that way.
A finding that use or disclosure is required by law is not likely to be based on a general description of a function in an Act. It will usually be linked to a specific requirement for use or disclosure in a law or a specific requirement that necessitates use or disclosure.
Use or disclosure will be authorised by law when it is allowed or permitted by the law even if it is not required.
Again, a finding that use or disclosure is authorised by law is not likely to be based on a general description of a function in an Act. It will usually be linked to a specific authorisation for use or disclosure.
Consent by the person should be relied on when the organisation is satisfied that the consent is informed and voluntary.
Consent can be expressly given by the person or it can be implied from the circumstances. If it is reasonable and practicable, it is preferable to obtain express consent.
Use or disclosure for a secondary purpose is allowed if-
For this exception to apply, there should be a relatively close relationship between the primary purpose and the secondary purpose. A remote or tenuous relationship would not be sufficient.
For sensitive information, the requirement that the secondary purpose be directly related requires a substantially closer relationship.
The test for reasonable expectation would appear to be an objective one based on the circumstances of the case. The test does not involve deciding on the particular expectations of an individual. But it is open to argument that the particular circumstances of the class of people involved may be relevant.
IPP 2 recognises that there are cases in which the interests of health, safety and security can justify use or disclosure. They relate to:
Section 70 of the Information Act also allows non-compliance with the IPPs by law enforcement agencies if that is necessary for specified functions.
A 'unique identifier' is a code that is assigned by a public sector organisation to identify a person for the purposes of the operations of the organisation. It includes things like a driver's licence number.
IPP 7 is designed to address concerns about people being reduced to a number in the system, and concerns about collection and cross-checking of information about an individual from different sources. It limits when an organisation can -
An organisation can only assign a unique identifier to a person if it is necessary to enable the organisation to perform its functions efficiently.
An organisation can adopt a unique identifier that has been assigned by another organisation if:
An organisation can use or disclose a unique identifier assigned by another organisation if:
IPP 7 does not spell out the relationship between the 'adoption' restriction and the 'use or disclosure' restriction. It appears that IPP 7.2 and 7.3 operate independently so that, even in a case where a unique identifier has been lawfully adopted by an organisation, its use or disclosure by the adopting organisation is only allowed in the situations set out in IPP 7.3.
If that is the correct interpretation, use or disclosure of the adopted identifier would not be justified on the grounds that it is necessary to enable the organisation to perform its functions efficiently. Something more would be required, whether that be authorisation by a law, consent by the person, or another exception in IPP 7.3.
Under IPP 9, an organisation cannot transfer personal information outside the Territory unless one of the following exceptions applies.