Commonwealth Numbered Acts
[Index]
[Table]
[Search]
[Search this Act]
[Notes]
[Noteup]
[Previous]
[Next]
[Download]
[Help]
PRIVACY ACT 1988 No. 119, 1988 - SECT 14
Information Privacy Principles
14. The Information Privacy Principles are as follows:
INFORMATION PRIVACY PRINCIPLES
Principle 1
Manner and purpose of collection of personal information
1. Personal information shall not be collected by a collector for inclusion in
a record or in a generally available publication unless:
(a) the information is collected for a purpose that is a lawful purpose
directly related to a function or activity of the collector; and
(b) the collection of the information is necessary for or directly related
to that purpose.
2. Personal information shall not be collected by a collector by unlawful or
unfair means.
Principle 2
Solicitation of personal information from individual concerned
Where:
(a) a collector collects personal information for inclusion in a record or
in a generally available publication; and
(b) the information is solicited by the collector from the individual
concerned; the collector shall take such steps (if any) as are, in the
circumstances, reasonable to ensure that, before the information is
collected or, if that is not practicable, as soon as practicable after
the information is collected, the individual concerned is generally
aware of:
(c) the purpose for which the information is being collected;
(d) if the collection of the information is authorised or required by or
under law-the fact that the collection of the information is so
authorised or required; and
(e) any person to whom, or any body or agency to which, it is the
collector's usual practice to disclose personal information of the
kind so collected, and (if known by the collector) any person to whom,
or any body or agency to which, it is the usual practice of that
first-mentioned person, body or agency to pass on that information.
Principle 3
Solicitation of personal information generally
Where:
(a) a collector collects personal information for inclusion in a record or
in a generally available publication; and
(b) the information is solicited by the collector; the collector shall
take such steps (if any) as are, in the circumstances, reasonable to
ensure that, having regard to the purpose for which the
Principle 4
Storage and security of personal information information is collected:
(c) the information collected is relevant to that purpose and is up to
date and complete; and
(d) the collection of the information does not intrude to an unreasonable
extent upon the personal affairs of the individual concerned.
A record-keeper who has possession or control of a record that contains
personal information shall ensure:
(a) that the record is protected, by such security safeguards as it is
reasonable in the circumstances to take, against loss, against
unauthorised access, use, modification or disclosure, and against
other misuse; and
(b) that if it is necessary for the record to be given to a person in
connection with the provision of a service to the record-keeper,
everything
Principle 5
Information relating to records kept by record-keeper reasonably within the
power of the record-keeper is done to prevent
unauthorised use or disclosure of information contained in the record. 1. A
record-keeper who has possession or control of records that contain
personal information shall, subject to clause 2 of this Principle, take such
steps as are, in the circumstances, reasonable to enable any person to
ascertain:
(a) whether the record-keeper has possession or control of any records
that contain personal information; and
(b) if the record-keeper has possession or control of a record that
contains such information:
(i) the nature of that information;
(ii) the main purposes for which that information is used; and
(iii) the steps that the person should take if the person wishes to
obtain access to the record.
2. A record-keeper is not required under clause 1 of this Principle to give a
person information if the record-keeper is required or authorised to refuse to
give that information to the person under the applicable provisions of any law
of the Commonwealth that provides for access by persons to documents.
3. A record-keeper shall maintain a record setting out:
(a) the nature of the records of personal information kept by or on behalf
of the record-keeper;
(b) the purpose for which each type of record is kept;
(c) the classes of individuals about whom records are kept;
(d) the period for which each type of record is kept;
(e) the persons who are entitled to have access to personal information
contained in the records and the conditions under which they are
entitled to have that access; and
(f) the steps that should be taken by persons wishing to obtain access to
that information.
4. A record-keeper shall:
(a) make the record maintained under clause 3 of this Principle available
for inspection by members of the public; and
(b) give the Commissioner, in the month of June in each year, a copy of
the record so maintained.
Principle 6
Access to records containing personal information
Where a record-keeper has possession or control of a record that contains
personal information, the individual concerned shall be entitled to have
access to that record, except to the extent that the record-keeper is required
or authorised to refuse to provide the individual with access to that record
under the applicable provisions of any law of the Commonwealth that provides
for access by persons to documents.
Principle 7
Alteration of records containing personal information
1. A record-keeper who has possession or control of a record that contains
personal information shall take such steps (if any), by way of making
appropriate corrections, deletions and additions as are, in the circumstances,
reasonable to ensure that the record:
(a) is accurate; and
(b) is, having regard to the purpose for which the information was
collected or is to be used and to any purpose that is directly related
to that purpose, relevant, up to date, complete and not misleading.
2. The obligation imposed on a record-keeper by clause 1 is subject to any
applicable limitation in a law of the Commonwealth that provides a right to
require the correction or amendment of documents.
3. Where:
(a) the record-keeper of a record containing personal information is not
willing to amend that record, by making a correction, deletion or
addition, in accordance with a request by the individual concerned;
and
(b) no decision or recommendation to the effect that the record should be
amended wholly or partly in accordance with that request has been made
under the applicable provisions of a law of the Commonwealth; the
record-keeper shall, if so requested by the individual concerned, take
such steps (if any) as are reasonable in the circumstances to attach
to the record any statement provided by that individual of the
correction, deletion or addition sought.
Principle 8
Record-keeper to check accuracy etc. of personal information before use
A record-keeper who has possession or control of a record that contains
personal information shall not use that information without taking such steps
(if any) as are, in the circumstances, reasonable to ensure that, having
regard to the purpose for which the information is proposed to be used, the
information is accurate, up to date and complete.
Principle 9
Personal information to be used only for relevant purposes
Principle 10
Limits on use of personal information
A record-keeper who has possession or control of a record that contains
personal information shall not use the information except for a purpose to
which the information is relevant. 1. A record-keeper who has possession or
control of a record that contains personal information that was obtained for a
particular purpose shall not use the information for any other purpose unless:
(a) the individual concerned has consented to use of the information for
that other purpose;
(b) the record-keeper believes on reasonable grounds that use of the
information for that other purpose is necessary to prevent or lessen a
serious and imminent threat to the life or health of the individual
concerned or another person;
(c) use of the information for that other purpose is required or
authorised by or under law;
(d) use of the information for that other purpose is reasonably necessary
for enforcement of the criminal law or of a law imposing a pecuniary
penalty, or for the protection of the public revenue; or
(e) the purpose for which the information is used is directly related to
the purpose for which the information was obtained.
2. Where personal information is used for enforcement of the criminal law or
of a law imposing a pecuniary penalty, or for the protection of the public
revenue, the record-keeper shall include in the record containing that
information a note of that use.
Principle 11
Limits on disclosure of personal information
1. A record-keeper who has possession or control of a record that contains
personal information shall not disclose the information to a person, body or
agency (other than the individual concerned) unless:
(a) the individual concerned is reasonably likely to have been aware, or
made aware under Principle 2, that information of that kind is usually
passed to that person, body or agency;
(b) the individual concerned has consented to the disclosure;
(c) the record-keeper believes on reasonable grounds that the disclosure
is necessary to prevent or lessen a serious and imminent threat to the
life or health of the individual concerned or of another person;
(d) the disclosure is required or authorised by or under law; or
(e) the disclosure is reasonably necessary for the enforcement of the
criminal law or of a law imposing a pecuniary penalty, or for the
protection of the public revenue.
2. Where personal information is disclosed for the purposes of enforcement of
the criminal law or of a law imposing a pecuniary penalty, or for the purpose
of the protection of the public revenue, the record-keeper shall include in
the record containing that information a note of the disclosure.
3. A person, body or agency to whom personal information is disclosed under
clause 1 of this Principle shall not use or disclose the information for a
purpose other than the purpose for which the information was given to the
person, body or agency.
AustLII: Copyright Policy
| Disclaimers
| Privacy Policy
| Feedback