Skip to content  
The Australian Government Department of Defence
Defending Australia and its National Interests

Privacy

Privacy Principles

Information Privacy Principles

Section 14 of the Privacy Act 1988 contains eleven Information Privacy Principles (IPP). These govern the handling of personal information by government agencies. The IPPs:

•  regulate the way government agencies collect, store, use and disclose information about people,
•  allow people access to information agencies keep about them, and
•  allow people to request changes to this information.

Case notes from various complaints and enquiries to the Office of the Privacy Commissioner have been published.  A selection of the case notes that explore the applicable IPPs and are relevant to Defence personnel are available on the Questions and Answers page of this website.

The IPPs set out the minimum standards necessary for government agencies to comply with the Privacy Act 1988. Complying with the IPPs is a legal obligation and agencies are encouraged to look for the least privacy-intrusive way of meeting their objectives when developing new policies and procedures. The Office of the Privacy Commissioner has produced Plain English Guidelines to the Information Privacy Principles that provide the Privacy Commissioner's view of how the IPPs affect Commonwealth government agencies. In essence, the guidelines summarise each IPP as follows:

IPP 1. Agencies can only collect personal information:

•  for a lawful purpose that is directly related to their functions; and
•  if collecting the information is necessary for or directly related to that purpose.

Agencies must not collect personal information unlawfully or unfairly.

IPP 2. If an agency asks a person for personal information about himself or herself, it must normally tell the person:

•  why it is collecting the information;
•  whether it has legal authority to collect the information; and
•  who it usually gives that sort of information to.

IPP 3. When an agency asks for personal information, the agency must do its best to make sure that the information is:

•  relevant to the agency's reason for collecting it;
•  up to date; and
•  complete.

When an agency gets personal information from people, it must do its best not to intrude unreasonably on their personal affairs.

IPP 4. A person whose information is held by a government agency has a right to expect that the agency will hold it securely, and will ensure that access to the information is permitted only for legitimate purposes.

IPP 5. To be able to exercise their rights in relation to the personal information that agencies hold about them, people must be easily able to find out:

•  the existence of personal information systems that affect them;
•  the nature and extent of those systems;
•  the main purposes and uses of those systems; and
•  how to gain access to personal information held in them.

IPP 6. People have the same right of access to information as is available under the Freedom of Information Act 1982.

IPP 7. Agencies should take all reasonable steps to ensure that the personal information they hold is of high quality. Not only should people have the ability to access personal information about them, but they should be able to have that information corrected if it is wrong.

IPP 8. An agency must take reasonable care to check that personal information is accurate, up to date, and complete, before using it.

IPP 9. An agency must only use personal information for a purpose to which it is relevant.

IPP 10. An agency must not use [within the agency] personal information for any other purpose than that for which it obtained the information unless:

•  the person the information is about consents [to the use], or
•  the use is necessary to protect against a serious and imminent threat to a person's life or health; or
•  the use is required or authorised by law; or
•  the use is reasonably necessary to enforce the criminal law or a law imposing a pecuniary penalty, or to protect public revenue; or
•  the use directly relates to the purpose for which the agency obtained the information.

IPP 11. An agency must not disclose [external to the agency] personal information unless:

•  the person the information is about has been told in a valid Privacy Notice (IPP2), or is otherwise likely to know that that kind of disclosure is commonly made; or
•  the person the information is about has consented [to the disclosure]; or
•  the disclosure is necessary to protect against a serious and imminent threat to a person's life or health; or
•  the disclosure is required or authorised by law, or
•  the disclosure is reasonably necessary to enforce the criminal law or a law imposing a pecuniary penalty, or to protect public revenue.

National Privacy Principles

The Privacy Act 1988 contains the National Privacy Principles (NPP) that establish the minimum standards for how private sector organisations collect, store, use and disclose personal information. Section 95B of the Privacy Act 1988 requires Defence to take measures to ensure Defence contractors comply with the IPPs. Nevertheless, NPPs 7 to 10, which deal with identifiers, anonymity, transborder data flows and sensitive information, also apply to Defence contractors. Service contract templates contain appropriate clauses to include in contracts. The Office of the Privacy Commissioner has produced Guidelines to the National Privacy Principles that provide a quick guide to information about the NPPs.

 

Copyright | Privacy Policy | Email Us | ©2004 Department of Defence