Overview[]
The Victorian (Australia) Information Privacy Act 2000 (IPA) gives Victorians privacy rights. The law requires Ministers and Parliamentary Secretaries, the State public sector, Victoria Police and local councils to protect the privacy of citizens' personal information.
The IPA sets standards for the way Victorian government organisations, statutory bodies and local councils collect and handle personal information. Ten Information Privacy Principles are the practical core of the IPA. With limited exceptions, all Victorian government organisations, including local councils, must comply with these principles or have an approved code of practice. Non-government organisations that work for government under contract may also be covered, depending on the contract.
The IPA came into full effect on September 1, 2002.
Information Privacy Principles[]
The ten Information Privacy Principles (IPPs) are as follows:
- Collection — Collect only personal information that is necessary for performance of functions. Advise individuals that they can gain access to personal information.
- Use and disclosure — Use and disclose personal information only for the primary purpose for which it was collected or a secondary purpose the person would reasonably expect. Use for secondary purposes should have the consent of the person.
- Data quality — Make sure personal information is accurate, complete and up-to-date.
- Data security — Take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification or disclosure.
- Openness — Document clearly expressed policies on management of personal information and provide the policies to anyone who asks.
- Access and correction — Individuals have a right to seek access to their personal information and make corrections. Access and correction will be handled mostly under the Victorian Freedom of Information Act.
- Unique identifiers — A unique identifier is usually a number assigned to an individual in order to identify the person for the purposes of an organisation's operations. Tax File Numbers and Driver's Licence Numbers are examples. Unique identifiers can facilitate data matching. Data matching can diminish privacy. This Principle limits the adoption and sharing of unique identifiers.
- Anonymity — Give individuals the option of not identifying themselves when entering transactions with organisations, if that would be lawful and feasible.
- Transborder data flows — Basically, if a person's personal information travels, privacy protection should travel with it. Transfer of personal information outside Victoria is restricted. Personal information may be transferred only if the recipient protects privacy under standards similar to Victoria's Information Privacy Principles.
- Sensitive information — The law restricts collection of sensitive information like an individual's racial or ethnic origin, political views, religious beliefs, sexual preferences, membership of groups or criminal record.
From 12 March 2014 the Australian Privacy Principles come into force, replacing the National Privacy Principles (NPPs) and the Information Privacy Principles (IPPs). The NPPs and IPPs continue to apply to acts or practices that occurred prior to 12 March 2014. The IPPs also continue to apply to ACT Government agencies.
Sources[]
- Privacy Victoria, "The Information Privacy Act" (full-text).
- Privacy Victoria, "What is 'personal information'?" (full-text).