Created: July 30, 2013 at 10:28 AM | Updated: July 12, 2024 | By Community Resource Kit
Personal information is any information that tells us something about a specific individual. The information does not need to name the individual, as long as they are identifiable in other ways, like through their home address. This means that all sorts of things can contain personal information, including notes, emails, recordings, photos, and scans, whether they are in hard copy or electronic form.
Under the Privacy Act, organisations must follow a set of rules when handling personal information. The Privacy Act protects individuals by defining how organisations:
Who does the Privacy Act apply to?
The Privacy Act applies to any person, organisation, or business (referred to in the legislation as an 'agency'), whether it’s in the public sector or private sector, that collects and holds personal information about other people. An individual acting in their personal or domestic capacity is not an agency. This includes:
- government departments and agencies
- companies
- small businesses
- social clubs
- charities, societies, and community groups
- other types of organisations
The Privacy Act does not apply to:
Section 8(b) of the Privacy Act has a full list of exceptions
The Privacy Act has 13 information privacy principles that govern how businesses and organisations should collect, handle, and use personal information.
You can learn more about the principles here, and read case notes about how they have been applied in real-life situations.
Privacy rules for specific situations
Some industries and types of personal information have codes of practice which change how the Act applies to them. There are six codes of practice in operation:
If another law says something different to the privacy principles, that law overrides the Privacy Act.
For example, if another statutory provision allows you to disclose information, in those circumstances, you won't be in breach of the Privacy Act by disclosing the information regardless of what principle 11 says.
The Act requires all agencies to have at least one person who’s familiar with the agency’s privacy obligations and fulfils the role of a privacy officer.
Information for privacy officers
Previous page: Organising your filing system