PRIVACY RIGHTS

Information Privacy Principles (IPPs)

Personal information held by Commonwealth government and ACT agencies: The 11 IPPs are set out in section 14 of the PA 1988. They cover the collection, storage, use and disclosure of personal information by Commonwealth government and ACT agencies. A list of the IPPs are briefly set out below, however the full text should be consulted before attempting to apply them, or before making a complaint about a possible infringement of privacy.

Collection of personal information

Storage and security

Access

Use

Disclosure

Guidelines to the Information Privacy Principles

HIV/AIDS guidelines

These guidelines require stricter controls on sensitive HIV/AIDS-related personal information handling. The Guidelines are voluntary and assist in the application of the IPPs in this context by Commonwealth and ACT agencies.

National Privacy Principles (NPPs)

Personal information held by private sector organisations: The NPPs are set out in Schedule 3 of the PA 1988. There are 10 NPPs that cover the collection, storage, use and disclosure of personal information, as well as the transfer of personal information overseas.

It is recommended that the full text of the NPPs be consulted when seeking either to apply the legislation or to make a complaint about possible infringement of privacy.

The federal Privacy Commissioner has published advisory guidelines and information sheets. These guidelines are available on the Office of the Privacy Commissioner's website at www.privacy.gov.au

Application of the NPPs

Certain organisations and types of activities are exempt from the application of the NPPs, as follows:

Individuals acting in a non-business capacity and personal information collected for personal and household affairs;

Small business exemption;

Employee records exemption;

Media exemption; and

Political exemption.

Credit reporting agencies keep credit history records on individuals, for use by credit providers in assessing credit applications. The PA 1988 provides safeguards for individuals in relation to consumer credit reporting and regulates the handling of information about the credit-worthiness of individuals by credit reporting agencies and credit providers.

The main credit reporting provisions are contained in Part IIIA of the PA 1988.

Credit reporting code of conduct

The federal Privacy Commissioner has issued a legally binding Credit Reporting Code of Conduct. The Code explains in greater detail the requirements of Part IIIA of the PA 1988, and sets out procedures for complying with those requirements, including provisions for resolving credit reporting disputes.

Tax file numbers (TFNs) are unique numbers issued by the Australian Taxation Office (Tax Office) to individuals. The enhanced TFN Scheme allows the Tax Office to identify those who lodge income tax returns, and to match information provided in tax returns with other sources of information. .

Under the Data-Matching Program (Assistance and Tax) Act 1990 (Cth), the TFN is used for the matching of records between the Tax Office and the assistance agencies and is subject to strict controls and safeguards monitored by the federal Privacy Commissioner. Certain uses of the TFN in relation to superannuation administration are now also authorised by law.

The TFN guidelines

The handling of TFNs is regulated by legally binding Tax File Number Guidelines, issued by the federal Privacy Commissioner under section 17 of the PA 1988, and by tax laws. The Guidelines prohibit its use as an identifier in any circumstances other than as authorised by taxation or assistance agency law and for limited purposes under superannuation administration law.

No person or organisation may require an individual to provide their TFN. However, the financial consequences of not providing a TFN can be severe.

It is a criminal offence under tax law to make an unauthorised request, record, use or disclosure of another person's TFN.

Section 95 guidelines

Guidelines under Section 95 of the Privacy Act 1988 (the "Section 95 Guidelines"), were issued by the National Health & Medical Research Council (NHMRC). These guidelines apply to medical and epidemiological research that involves personal information held by a Commonwealth agency.

Section 95A guidelines

Guidelines Approved Under Section 95A of the Privacy Act 1988 (the "Section 95A Guidelines"), which are conceptually similar to the Section 95 Guidelines and were issued by the NHMRC in December 2001. These guidelines apply to the collection, use or disclosure of health information (without the consent of data subjects) by organisations in the private sector.

Under Part VIIC of the Crimes Act 1914 (Cth), a person is able to disregard some old criminal convictions, and is protected against unauthorised use and disclosure of this information. This is known as the Commonwealth Spent Convictions Scheme.

A "spent" conviction is a conviction that satisfies the following conditions:

The telecommunications sector is regulated by both the PA 1988 and specific obligations set out in the Telecommunications Act 1997 (Cth) ("the Telecommunications Act") and the Telecommunications (Interception and Access) Act 1979 (Cth). Those specific obligations include prohibition on the disclosure of personal information by a telecommunications provider, subject to limited exemptions.

Complaints, or requests for more information, may be made to:

The Information Privacy Act 2000 (Vic) (“IPA”) sets standards for the collection and handling of personal information by Victorian public sector organisations. These standards are contained in the ten Information Privacy Principles (IPPs) located in Schedule 1 of the IPA.

Victorian privacy Commissioner

The Victorian Privacy Commissioner’s functions include receiving complaints, conducting investigations and facilitating conciliation in accordance with the IPA relating to alleged breaches of the IPPs.

Information materials

Privacy Victoria has a number of publications on privacy. All publications are available free from Privacy Victoria and from the office’s website at www.privacy.vic.gov.au. Case notes are also regularly published on the privacy law library on the World Legal Information Institute’s website at www.worldlii.org.

Complaints and conciliation

Individuals can complain to the Commissioner about an act or practice that may breach an IPP or interfere with the privacy of the individual. Where appropriate, complaints will be referred to the Victorian Ombudsman, the Health Services Commissioner, the Federal Privacy Commissioner or the Disability Services Commissioner.

Remedies

If the Commissioner declines a complaint, or conciliation of the complaint is not reasonably possible or has been attempted but has failed, a complainant may, in writing, direct the Commissioner to refer their complaint to the Victorian Civil and Administrative Tribunal (VCAT).

The Health Records Act 2001 (Vic) ("HRA") establishes a framework to protect the privacy of individuals' health information that is held by both the public and private sectors in Victoria. It also provides individuals with an enforceable right of access to their health information held in the private sector.

Charter of Human Rights and Responsibilities 2006

The Charter of Human Rights and Responsibilities 2006 (Vic) ("the Charter") provides individuals with the right to not to have their privacy, family, home or correspondence unlawfully or arbitrarily interfered with (s.13). The Charter imposes an obligation on all Victorian public sector organisations to act in a way that is compatible with the human rights protected by the Charter.