Australian Government - click here to go to our home page

go to start   text resizing

Australian Public Service Commission
Foundations of Governance - Click to go to the Foundations home page

in Foundations

A-Z index
In this section:

on our site

Site help

help with using this site

Site menu

news

Filing - click to go to section front pageAPS Commission Home page
> Foundations of Governance
> Management and use of Government information > Privacy Act > Next: Archives Act
‹ Previous page

Last updated: August 2008

Management and use of Government information

Privacy Act

The Privacy Act 1988 is the principal piece of legislation providing protection of personal information in the federal public sector and in the private sector. It also establishes the Office of the Privacy Commissioner which has primary responsibility for assisting agencies to comply with the Act and to investigate complaints from individuals whose privacy has been breached.

The Privacy Act regulates the handling of personal information. It contains 11 Information Privacy Principles (IPPs) in section 14 for the federal public sector and 10 National Privacy Principles (NPPs) in Schedule 3 for private sector organisations. The IPPs and NPPs deal with all stages of the processing of personal information, setting out standards for the collection, use, disclosure, quality and security of personal information. They also create rights of access to, and correction of, the information by the individuals concerned.

The Privacy Act requires, for instance, under principle 1 of the IPPs that an agency only collect personal information by lawful and fair means and for lawful purposes that are necessary for, or that relate directly to, a function or activity of the agency. When an agency collects personal information, under principle 2 of the IPPs it must take reasonable steps to ensure that the individual is made aware of things such as why the information is being collected, how it will be used and to whom it may be disclosed.

Among their privacy obligations under the IPPs, agencies must keep personal information secure, maintain its accuracy, and ensure that it is used only if it is relevant and complete. Agencies must also give individuals access to records about themselves, usually, but not necessarily, in the context of the Freedom of Information framework.

Since December 2001 when the coverage of the Act extended to the private sector, agencies have assumed obligations in relation to the personal information handling activities of their contractors. These privacy obligations are explained in greater detail in the Office's Information Sheet 14-2001 - Privacy Obligations for Commonwealth Contracts.

Each Government agency is expected to appoint a privacy contact officer (PCO) to be the first point of contact, both internally and externally, for advice on privacy matters regarding their agency. PCO meetings are organised by the Office of the Privacy Commissioner and are held on a regular basis. More information on the PCO Network and guidance for PCOs on consulting with the Office is available here.

Each year Australian Government agencies must compile, and submit to the Privacy Commissioner, a Personal Information Digest setting out the nature of the various types of records of personal information they keep and related details.  This action constitutes an agency’s compliance with IPP 5.

The Privacy Commissioner also issues guidelines regarding the use of Tax File Numbers and data matching in Australian Government departments and agencies, enforces the spent convictions scheme under Part VIIC of the Crimes Act 1914 (Cth), and regulates the information collection and handling practices of private sector credit reporting agencies