The Privacy Act 1988 provides a framework for the protection of personal information that may have been collected by a Commonwealth entity and specifies the minimum legal requirements for collecting, using and protecting a record of such information.
The Act establishes the Office of the Federal Privacy Commissioner, and is the primary Commonwealth legislation providing protection of personal information in the Commonwealth public sector and in the private sector, and regulates the handling of personal information.
Section 14 of the Act contains 11 Information Privacy Principles (IPPs) applicable to the public sector which require that any personal information held in a record or file is:
• accurate, up-to-date, complete and not misleading (IPP7);
• used only for a purpose to which the information is relevant (IPP9) and only for the purpose for which it was obtained, unless an exception is applicable (IPP10); and
• not disclosed to another person, body or agency, unless an exception is applicable (IPP11).
The IPPs also impose on Australian Government entities the obligation to keep personal information secure, maintain its accuracy, and ensure that it is used only if it is complete, and relevant to the issue in relation to which it is used.
Amendments to the Privacy Act 1988, which came into effect in December 2001, extended coverage of the Act to the private sector. Under those amendments, Australian Government entities have obligations in relation to the personal information handling activities of their contractors. Schedule 3 to the Act contains 10 National Privacy Principles (NPPs) applicable to private sector organisations.
The IPPs and NPPs deal with all stages of the processing of personal information, and establish standards for the collection, use, disclosure, quality and security of personal information. They also establish rights of access to, and correction of, the information by the individuals concerned.21
__________________________________________________________________________________
21 Office of the Privacy Commissioner: Information Sheet (Public Sector) 1 - Information Privacy Principles under the Privacy Act 1988, <http://www.privacy.gov.au>; Office of the Privacy Commissioner: Information Sheet (Private Sector) 12 - 2001 Coverage of and Exemptions from the Private Sector Provisions [updated 27 November 2007], <http://www.privacy.gov.au/>; Office of the Privacy Commissioner: Guidelines to the National Privacy Principles, <http://www.privacy.gov.au/publications/nppgl_01.html>; Office of the Privacy Commissioner: Information Sheet (Private Sector) 14-2001 - Privacy Obligations for Commonwealth Contracts.