Keeping information safe and private

Created: July 30, 2013 at 10:28 AM | Updated: July 12, 2024 | By Community Resource Kit

Your privacy responsibilities

Personal information is any information that tells us something about a specific individual. The information does not need to name the individual, as long as they are identifiable in other ways, like through their home address. This means that all sorts of things can contain personal information, including notes, emails, recordings, photos, and scans, whether they are in hard copy or electronic form.

Under the Privacy Act, organisations must follow a set of rules when handling personal information. The Privacy Act protects individuals by defining how organisations:

Who does the Privacy Act apply to?

The Privacy Act applies to any person, organisation, or business (referred to in the legislation as an 'agency'), whether it’s in the public sector or private sector, that collects and holds personal information about other people. An individual acting in their personal or domestic capacity is not an agency. This includes:

  • government departments and agencies
  • companies
  • small businesses
  • social clubs
  • charities, societies, and community groups
  • other types of organisations


The Privacy Act does not apply to:

  • courts and tribunals when they are doing their judicial tasks
  • news media when they are gathering and reporting news
  • Members of Parliament (MPs) when they’re acting in an official capacity.

Section 8(b) of the Privacy Act has a full list of exceptions

The Privacy Principles

The Privacy Act has 13 information privacy principles that govern how businesses and organisations should collect, handle, and use personal information. 

  • The first four principles govern how you can collect personal information. This includes when you can collect it, where you can collect it from, and how you can collect it. Read more about collecting personal information.
  • Principles five, six, and seven govern how you store personal information. People have a right to access and seek correction to their personal information. Read more about holding personal information.
  • The remaining principles govern how you use and share personal information. Make sure information is accurate, and you use and share it appropriately. Read more about using and sharing personal information.

You can learn more about the principles here, and read case notes about how they have been applied in real-life situations. 

Privacy rules for specific situations

Some industries and types of personal information have codes of practice which change how the Act applies to them. There are six codes of practice in operation:

How other laws work with the Privacy Act

If another law says something different to the privacy principles, that law overrides the Privacy Act.

For example, if another statutory provision allows you to disclose information, in those circumstances, you won't be in breach of the Privacy Act by disclosing the information regardless of what principle 11 says.

Having a privacy officer

The Act requires all agencies to have at least one person who’s familiar with the agency’s privacy obligations and fulfils the role of a privacy officer.

Information for privacy officers


Previous page: Organising your filing system

Next topic: Introduction to raising funds

Contents of the Community Resource Kit