Act No. 119 of 1988 as amended
This compilation was prepared on 4 October 2007
taking into account amendments up to Act No. 158 of 2007
The text of any of those amendments not in force
on that date is appended in the Notes section
The operation of amendments that have been incorporated may
be
affected by application provisions that are set out in the Notes section
Prepared by the Office of Legislative Drafting and
Publishing,
Attorney‑General’s Department, Canberra
Contents
Part I—Preliminary 1
1............ Short title [see Note 1]....................................................................... 1
2............ Commencement [see Note 1].............................................................. 1
3............ Saving of certain State and Territory laws.......................................... 1
3A......... Application of the Criminal Code...................................................... 2
4............ Act to bind the Crown........................................................................ 2
5............ Interpretation of Information Privacy Principles............................... 2
5A......... Extension to external Territories......................................................... 2
5B......... Extra‑territorial operation of Act........................................................ 3
Part II—Interpretation 5
6............ Interpretation...................................................................................... 5
6A......... Breach of a National Privacy Principle............................................. 20
6B......... Breach of an approved privacy code................................................ 21
6C......... Organisations.................................................................................... 22
6D......... Small business and small business operators.................................... 25
6DA...... What is the annual turnover of a business?..................................... 27
6E.......... Small business operator treated as organisation............................... 28
6EA....... Small business operators choosing to be treated as organisations.... 29
6F.......... State instrumentalities etc. treated as organisations......................... 30
7............ Acts and practices of agencies, organisations etc............................. 31
7A......... Acts of certain agencies treated as acts of organisation.................... 34
7B......... Exempt acts and exempt practices of organisations......................... 35
7C......... Political acts and practices are exempt............................................. 37
8............ Acts and practices of, and disclosure of information to, staff of agency, organisation etc. 39
9............ Collectors.......................................................................................... 40
10.......... Record‑keepers................................................................................. 41
11.......... File number recipients...................................................................... 42
11A....... Credit reporting agencies.................................................................. 43
11B....... Credit providers................................................................................ 43
12.......... Application of Information Privacy Principles to agency in possession 46
12A....... Act not to apply in relation to State banking or insurance within that State 46
12B....... Severability: additional effect of Act in relation to organisations..... 46
Part III—Information privacy 48
Division 1—Interferences with privacy 48
13.......... Interferences with privacy................................................................ 48
13A....... Interferences with privacy by organisations.................................... 49
13B....... Related bodies corporate.................................................................. 50
13C....... Change in partnership because of change in partners....................... 51
13D....... Overseas act required by foreign law................................................ 52
13E........ Effect on section 13 of sections 13B, 13C and 13D......................... 52
13F........ Act or practice not covered by section 13 or section 13A is not an interference with privacy 52
Division 2—Information Privacy Principles 53
14.......... Information Privacy Principles......................................................... 53
15.......... Application of Information Privacy Principles................................ 59
16.......... Agencies to comply with Information Privacy Principles............... 59
Division 3—Approved privacy codes and the National Privacy Principles 60
16A....... Organisations to comply with approved privacy codes or National Privacy Principles 60
16B....... Personal information in records........................................................ 60
16C....... Application of National Privacy Principles..................................... 61
16D....... Delayed application of National Privacy Principles to small business 61
16E........ Personal, family or household affairs............................................... 62
16F........ Information under Commonwealth contract not to be used for direct marketing 63
Division 4—Tax file number information 64
17.......... Guidelines relating to tax file number information............................ 64
18.......... File number recipients to comply with guidelines............................ 64
Division 5—Credit information 65
18A....... Code of Conduct relating to credit information files and credit reports 65
18B....... Credit reporting agencies and credit providers to comply with Code of Conduct 65
Part IIIAA—Privacy codes 66
18BA.... Application for approval of privacy code........................................ 66
18BAA. Privacy codes may cover exempt acts or practices.......................... 66
18BB..... Commissioner may approve privacy code....................................... 66
18BC..... When approval takes effect.............................................................. 69
18BD.... Varying an approved privacy code................................................... 69
18BE..... Revoking the approval of an approved privacy code....................... 70
18BF..... Guidelines about privacy codes........................................................ 70
18BG.... Register of approved privacy codes................................................. 71
18BH.... Review of operation of approved privacy code............................... 71
18BI...... Review of adjudicator’s decision under approved privacy code...... 72
Part IIIA—Credit reporting 73
18C....... Certain credit reporting only to be undertaken by corporations...... 73
18D....... Personal information not to be given to certain persons carrying on credit reporting 73
18E........ Permitted contents of credit information files.................................. 74
18F........ Deletion of information from credit information files...................... 77
18G....... Accuracy and security of credit information files and credit reports 79
18H....... Access to credit information files and credit reports........................ 80
18J........ Alteration of credit information files and credit reports................... 80
18K....... Limits on disclosure of personal information by credit reporting agencies 81
18L........ Limits on use by credit providers of personal information contained in credit reports etc. 85
18M...... Information to be given if an individual’s application for credit is refused 88
18N....... Limits on disclosure by credit providers of personal information contained in reports relating to credit worthiness etc........................................................................................................... 89
18NA.... Disclosure by credit providers to certain persons who gave indemnities 97
18P........ Limits on use or disclosure by mortgage insurers or trade insurers of personal information contained in credit reports.......................................................................................................... 97
18Q....... Limits on use by certain persons of personal information obtained from credit providers 99
18R....... False or misleading credit reports................................................... 101
18S........ Unauthorised access to credit information files or credit reports... 102
18T....... Obtaining access to credit information files or credit reports by false pretences 102
18U....... Application of section 4B of Crimes Act....................................... 102
18V....... Application of this Part.................................................................. 103
Part IV—Office of the Privacy Commissioner 104
Division 1—Office of the Privacy Commissioner 104
19.......... Establishment of the Office of the Privacy Commissioner............ 104
19A....... Privacy Commissioner.................................................................... 104
20.......... Terms and conditions of appointment........................................... 104
21.......... Remuneration of Commissioner..................................................... 104
22.......... Leave of absence............................................................................. 105
23.......... Outside employment...................................................................... 105
24.......... Resignation..................................................................................... 105
25.......... Termination of appointment.......................................................... 105
26.......... Acting Commissioner..................................................................... 106
26A....... Staff and consultants...................................................................... 106
Division 2—Functions of Commissioner 107
27.......... Functions of Commissioner in relation to interferences with privacy 107
28.......... Functions of Commissioner in relation to tax file numbers............ 110
28A....... Functions of Commissioner in relation to credit reporting............. 111
29.......... Commissioner to have regard to certain matters............................. 112
Division 3—Reports by Commissioner 114
30.......... Reports following investigation of act or practice.......................... 114
31.......... Report following examination of proposed enactment................... 116
32.......... Report following monitoring of certain activities........................... 116
33.......... Exclusion of certain matters from reports...................................... 117
Division 4—Miscellaneous 119
34.......... Provisions relating to documents exempt under the Freedom of Information Act 1982 119
35.......... Direction where refusal or failure to amend exempt document...... 119
Part V—Investigations 121
Division 1—Investigation of complaints and investigations on the Commissioner’s initiative 121
36.......... Complaints..................................................................................... 121
37.......... Principal executive of agency.......................................................... 122
38.......... Conditions for making a representative complaint......................... 123
38A....... Commissioner may determine that a complaint is not to continue as a representative complaint 124
38B....... Additional rules applying to the determination of representative complaints 125
38C....... Amendment of representative complaints...................................... 125
39.......... Class member for representative complaint not entitled to lodge individual complaint 125
40.......... Investigations.................................................................................. 125
40A....... Referring complaint about act under Commonwealth contract...... 126
41.......... Circumstances in which Commissioner may decide not to investigate or may defer investigation 127
42.......... Preliminary inquiries....................................................................... 128
43.......... Conduct of investigations............................................................... 128
44.......... Power to obtain information and documents.................................. 130
45.......... Power to examine witnesses........................................................... 131
46.......... Directions to persons to attend compulsory conference................ 131
47.......... Conduct of compulsory conference................................................ 132
48.......... Complainant and certain other persons to be informed of various matters 133
49.......... Investigation under section 40 to cease if certain offences may have been committed 133
50.......... Reference of matters to other authorities [see Note 2]................... 134
50A....... Substitution of respondent to complaint........................................ 136
51.......... Effect of investigation by Auditor‑General.................................... 137
Division 2—Determinations following investigation of complaints 138
52.......... Determination of the Commissioner............................................... 138
53.......... Determination must identify the class members who are to be affected by the determination 140
53A....... Notice to be given to outsourcing agency....................................... 140
53B....... Substituting respondent to determination...................................... 141
Division 3—Enforcement 142
54.......... Application of Division.................................................................. 142
55.......... Obligations of respondent organisation.......................................... 142
55A....... Proceedings in the Federal Court or Federal Magistrates Court to enforce a determination 143
55B....... Evidentiary certificate..................................................................... 144
Division 4—Review and enforcement of determinations involving Commonwealth agencies 146
57.......... Application of Division.................................................................. 146
58.......... Obligations of respondent agency.................................................. 146
59.......... Obligations of principal executive of agency.................................. 146
60.......... Compensation and expenses........................................................... 147
61.......... Review of determinations regarding compensation and expenses.. 147
62.......... Enforcement of determination against an agency............................ 147
Division 5—Miscellaneous 149
63.......... Legal assistance............................................................................... 149
64.......... Commissioner etc. not to be sued................................................... 150
65.......... Failure to attend etc. before Commissioner.................................... 150
66.......... Failure to give information etc........................................................ 151
67.......... Protection from civil actions........................................................... 154
68.......... Power to enter premises................................................................. 154
68A....... Identity cards.................................................................................. 155
69.......... Restrictions on Commissioner obtaining personal information and documents 156
70.......... Certain documents and information not required to be disclosed... 158
70A....... Application of Part to organisations that are not legal persons..... 159
70B....... Application of this Part to former organisations............................ 159
Part VI—Public interest determinations and temporary public interest determinations 161
Division 1—Public interest determinations 161
71.......... Interpretation.................................................................................. 161
72.......... Power to make, and effect of, determinations................................ 161
73.......... Application by agency or organisation........................................... 162
74.......... Publication of application............................................................... 163
75.......... Draft determination........................................................................ 163
76.......... Conference...................................................................................... 164
77.......... Conduct of conference.................................................................... 164
78.......... Determination of application.......................................................... 165
79.......... Making of determination................................................................ 165
80.......... Determinations disallowable........................................................... 165
Division 2—Temporary public interest determinations 166
80A....... Temporary public interest determinations..................................... 166
80B....... Effect of temporary public interest determination......................... 166
80C....... Determinations disallowable........................................................... 167
80D....... Commissioner may continue to consider application..................... 167
Division 3—Register of determinations 168
80E........ Register of determinations.............................................................. 168
Part VIA—Dealing with personal information in emergencies and disasters 169
Division 1—Object and interpretation 169
80F........ Object............................................................................................. 169
80G....... Interpretation.................................................................................. 169
80H....... Meaning of permitted purpose........................................................ 170
Division 2—Declaration of emergency 171
80J........ Declaration of emergency—events of national significance............ 171
80K....... Declaration of emergency—events outside Australia..................... 171
80L........ Form of declarations....................................................................... 172
80M...... When declarations take effect......................................................... 172
80N....... When declarations cease to have effect........................................... 172
Division 3—Provisions dealing with the use and disclosure of personal information 173
80P........ Authorisation of collection, use and disclosure of personal information 173
Division 4—Other matters 176
80Q....... Disclosure of information—offence............................................... 176
80R....... Operation of Part............................................................................ 177
80S........ Severability—additional effect of Part........................................... 177
80T....... Compensation for acquisition of property—constitutional safety net 178
Part VII—Privacy Advisory Committee 180
81.......... Interpretation.................................................................................. 180
82.......... Establishment and membership...................................................... 180
83.......... Functions........................................................................................ 181
84.......... Leave of absence............................................................................. 181
85.......... Removal and resignation of members............................................. 182
86.......... Disclosure of interests of members................................................ 182
87.......... Meetings of Advisory Committee.................................................. 182
88.......... Travel allowance............................................................................. 183
Part VIII—Obligations of confidence 184
89.......... Obligations of confidence to which Part applies............................ 184
90.......... Application of Part......................................................................... 184
91.......... Effect of Part on other laws............................................................ 184
92.......... Extension of certain obligations of confidence................................ 185
93.......... Relief for breach etc. of certain obligations of confidence.............. 185
94.......... Jurisdiction of courts...................................................................... 185
Part IX—Miscellaneous 186
95.......... Medical research guidelines............................................................ 186
95A....... Guidelines for National Privacy Principles about health information 186
95AA.... Guidelines for National Privacy Principles about genetic information 188
95B....... Requirements for Commonwealth contracts.................................. 188
95C....... Disclosure of certain provisions of Commonwealth contracts....... 189
96.......... Non‑disclosure of private information........................................... 189
97.......... Annual report................................................................................. 191
98.......... Injunctions...................................................................................... 191
99.......... Delegation....................................................................................... 193
99A....... Conduct of directors, employees and agents.................................. 193
100........ Regulations..................................................................................... 195
Part X—Amendments of other Acts 197
101........ Amendments of other Acts............................................................ 197
Schedule 1—Amendments of other Acts 198
Schedule 2—Interim guidelines concerning the collection, storage, use and security of tax file number information 199
Introduction................................................................................................... 199
1............ General............................................................................................ 199
2............ Collection of tax file number information....................................... 200
3............ Storage and security of tax file number information....................... 200
4............ Use and disclosure of tax file number information......................... 201
5............ Publicity......................................................................................... 201
6............ Cessation of employment and investment..................................... 201
7............ Meaning of terms in interim guidelines........................................... 202
Schedule 3—National Privacy Principles 203
1............ Collection........................................................................................ 203
2............ Use and disclosure.......................................................................... 204
3............ Data quality.................................................................................... 208
4............ Data security.................................................................................. 208
5............ Openness........................................................................................ 208
6............ Access and correction..................................................................... 208
7............ Identifiers........................................................................................ 210
8............ Anonymity..................................................................................... 211
9............ Transborder data flows................................................................... 211
10.......... Sensitive information...................................................................... 212
Notes 215
An Act to make provision to protect the privacy of individuals, and for related purposes
WHEREAS Australia is a party to the International Covenant on Civil and Political Rights, the English text of which is set out in Schedule 2 to the Human Rights and Equal Opportunity Commission Act 1986:
AND WHEREAS, by that Covenant, Australia has undertaken to adopt such legislative measures as may be necessary to give effect to the right of persons not to be subjected to arbitrary or unlawful interference with their privacy, family, home or correspondence:
AND WHEREAS Australia is a member of the Organisation for Economic Co‑operation and Development:
AND WHEREAS the Council of that Organisation has recommended that member countries take into account in their domestic legislation the principles concerning the protection of privacy and individual liberties set forth in Guidelines annexed to the recommendation:
AND WHEREAS Australia has informed that Organisation that it will participate in the recommendation concerning those Guidelines:
BE IT THEREFORE ENACTED by the Queen, and the Senate and the House of Representatives of the Commonwealth of Australia, as follows:
1 Short title [see Note 1]
This Act may be cited as the Privacy Act 1988.
2 Commencement [see Note 1]
This Act commences on a day to be fixed by Proclamation.
3 Saving of certain State and Territory laws
It is the intention of the Parliament that this Act is not to affect the operation of a law of a State or of a Territory that makes provision with respect to the collection, holding, use, correction, disclosure or transfer of personal information (including such a law relating to credit reporting or the use of information held in connection with credit reporting) and is capable of operating concurrently with this Act.
Note: Such a law can have effect for the purposes of the provisions of the National Privacy Principles that regulate the handling of personal information by organisations by reference to the effect of other laws.
3A Application of the Criminal Code
Chapter 2 of the Criminal Code (except Part 2.5) applies to all offences against this Act.
Note: Chapter 2 of the Criminal Code sets out the general principles of criminal responsibility.
(1) This Act binds the Crown in right of the Commonwealth, of each of the States, of the Australian Capital Territory, of the Northern Territory and of Norfolk Island.
(2) Nothing in this Act renders the Crown in right of the Commonwealth, of a State, of the Australian Capital Territory, of the Northern Territory or of Norfolk Island liable to be prosecuted for an offence.
(3) Nothing in this Act shall be taken to have the effect of making the Crown in right of a State, of the Australian Capital Territory, of the Northern Territory or of Norfolk Island an agency for the purposes of this Act.
5 Interpretation of Information Privacy Principles
For the purposes of the interpretation of the Information Privacy Principles, each Information Privacy Principle shall be treated as if it were a section of this Act.
5A Extension to external Territories
This Act extends to all external Territories.
5B Extra‑territorial operation of Act
Application to overseas acts and practices of organisations
(1) This Act (except Divisions 4 and 5 of Part III and Part IIIA) and approved privacy codes extend to an act done, or practice engaged in, outside Australia and the external Territories by an organisation if:
(a) subject to subsection (1A), the act or practice relates to personal information about an Australian citizen or a person whose continued presence in Australia is not subject to a limitation as to time imposed by law; and
(b) the requirements of subsection (2) or (3) are met.
Note: The act or practice overseas will not breach a National Privacy Principle or approved privacy code or be an interference with the privacy of an individual if the act or practice is required by an applicable foreign law. See sections 6A, 6B and 13A.
(1A) Paragraph (1)(a) does not apply in relation to National Privacy Principle 9.
Note: Because of subsection (1A), the extra‑territorial application of National Privacy Principle 9 is not limited by the citizenship etc. requirement of paragraph (1)(a).
Organisational link with Australia
(2) The organisation must be:
(a) an Australian citizen; or
(b) a person whose continued presence in Australia is not subject to a limitation as to time imposed by law; or
(c) a partnership formed in Australia or an external Territory; or
(d) a trust created in Australia or an external Territory; or
(e) a body corporate incorporated in Australia or an external Territory; or
(f) an unincorporated association that has its central management and control in Australia or an external Territory.
Other link with Australia
(3) All of the following conditions must be met:
(a) the organisation is not described in subsection (2);
(b) the organisation carries on business in Australia or an external Territory;
(c) the personal information was collected or held by the organisation in Australia or an external Territory, either before or at the time of the act or practice.
Power to deal with complaints about overseas acts and practices
(4) Part V of this Act has extra‑territorial operation so far as that Part relates to complaints and investigation concerning acts and practices to which this Act extends because of subsection (1).
Note: This lets the Commissioner take action overseas to investigate complaints and lets the ancillary provisions of Part V operate in that context.
(1) In this Act, unless the contrary intention appears:
ACC means the Australian Crime Commission.
ACT enactment has the same meaning as enactment has in the Australian Capital Territory (Self‑Government) Act 1988.
agency means:
(a) a Minister; or
(b) a Department; or
(c) a body (whether incorporated or not), or a tribunal, established or appointed for a public purpose by or under a Commonwealth enactment, not being:
(i) an incorporated company, society or association; or
(ii) an organisation within the meaning of the Conciliation and Arbitration Act 1904 or a branch of such an organisation; or
(d) a body established or appointed by the Governor‑General, or by a Minister, otherwise than by or under a Commonwealth enactment; or
(e) a person holding or performing the duties of an office established by or under, or an appointment made under, a Commonwealth enactment, other than a person who, by virtue of holding that office, is the Secretary of a Department; or
(f) a person holding or performing the duties of an appointment, being an appointment made by the Governor‑General, or by a Minister, otherwise than under a Commonwealth enactment; or
(g) a federal court; or
(h) the Australian Federal Police; or
(i) an eligible case manager; or
(j) the nominated AGHS company; or
(k) an eligible hearing service provider.
annual turnover of a business has the meaning given by section 6DA.
approved privacy code means:
(a) a privacy code approved by the Commissioner under section 18BB; or
(b) a privacy code approved by the Commissioner under section 18BB with variations approved by the Commissioner under section 18BD.
bank means:
(a) the Reserve Bank of Australia; or
(b) a body corporate that is an ADI (authorised deposit‑taking institution) for the purposes of the Banking Act 1959; or
(c) a person who carries on State banking within the meaning of paragraph 51(xiii) of the Constitution.
Board of the ACC means the Board of the Australian Crime Commission established under section 7B of the Australian Crime Commission Act 2002.
breach an approved privacy code has the meaning given by section 6B.
breach an Information Privacy Principle has a meaning affected by subsection 6(2).
breach a National Privacy Principle has the meaning given by section 6A.
class member, in relation to a representative complaint, means any of the persons on whose behalf the complaint was lodged, but does not include a person who has withdrawn under section 38B.
code complaint means a complaint about an act or practice that, if established, would be an interference with the privacy of the complainant because it breached an approved privacy code.
Code of Conduct means the Code of Conduct issued under section 18A.
commercial credit means a loan sought or obtained by a person, other than a loan of a kind referred to in the definition of credit in this subsection.
Commissioner means the Privacy Commissioner.
Commissioner of Police means the Commissioner of Police appointed under the Australian Federal Police Act 1979.
Commission of inquiry has the same meaning as it has in the Quarantine Act 1908.
Commonwealth contract means a contract, to which the Commonwealth or an agency is or was a party, under which services are to be, or were to be, provided to an agency.
Note: See also subsection (9) about provision of services to an agency.
Commonwealth enactment means:
(a) an Act other than:
(i) the Northern Territory (Self‑Government) Act 1978; or
(ii) an Act providing for the administration or government of an external Territory; or
(iii) the Australian Capital Territory (Self‑Government) Act 1988;
(b) an Ordinance of the Australian Capital Territory;
(c) an instrument (including rules, regulations or by‑laws) made under an Act to which paragraph (a) applies or under an Ordinance to which paragraph (b) applies; or
(d) any other legislation that applies as a law of the Commonwealth (other than legislation in so far as it is applied by an Act referred to in subparagraph (a)(i) or (ii)) or as a law of the Australian Capital Territory, to the extent that it operates as such a law.
Commonwealth officer means a person who holds office under, or is employed by, the Commonwealth, and includes:
(a) a person appointed or engaged under the Public Service Act 1999;
(b) a person (other than a person referred to in paragraph (a)) permanently or temporarily employed by, or in the service of, an agency;
(c) a member of the Defence Force; and
(d) a member, staff member or special member of the Australian Federal Police;
but does not include a person permanently or temporarily employed in the Australian Capital Territory Government Service or in the Public Service of the Northern Territory or of Norfolk Island.
consent means express consent or implied consent.
contracted service provider, for a government contract, means:
(a) an organisation that is or was a party to the government contract and that is or was responsible for the provision of services to an agency or a State or Territory authority under the government contract; or
(b) a subcontractor for the government contract.
corporation means a body corporate that:
(a) is a foreign corporation;
(b) is a trading corporation formed within the limits of Australia or is a financial corporation so formed; or
(c) is incorporated in a Territory, other than the Northern Territory.
credit means a loan sought or obtained by an individual from a credit provider in the course of the credit provider carrying on a business or undertaking as a credit provider, being a loan that is intended to be used wholly or primarily for domestic, family or household purposes.
credit card means any article of a kind commonly known as a credit card, charge card or any similar article intended for use in obtaining cash, goods or services by means of loans, and includes any article of a kind commonly issued by persons carrying on business to customers or prospective customers of those persons for use in obtaining goods or services from those persons by means of loans.
credit enhancement, in relation to a loan, means:
(a) the process of insuring risk associated with purchasing or funding the loan by means of a securitisation arrangement; or
(b) any other similar process related to purchasing or funding the loan by those means.
credit information file, in relation to an individual, means any record that contains information relating to the individual and is kept by a credit reporting agency in the course of carrying on a credit reporting business (whether or not the record is a copy of the whole or part of, or was prepared using, a record kept by another credit reporting agency or any other person).
credit provider has the meaning given by section 11B, and, for the purposes of sections 7 and 8 and Parts III, IV and V, is taken to include a mortgage insurer and a trade insurer.
credit report means any record or information, whether in a written, oral or other form, that:
(a) is being or has been prepared by a credit reporting agency; and
(b) has any bearing on an individual