Privacy Act 1988
Total Page:16
File Type:pdf, Size:1020Kb
Privacy Act 1988 Act No. 119 of 1988 as amended This compilation was prepared on 30 April 2012 taking into account amendments up to Act No. 24 of 2012 The text of any of those amendments not in force on that date is appended in the Notes section The operation of amendments that have been incorporated may be affected by application provisions that are set out in the Notes section Prepared by the Office of Legislative Drafting and Publishing, Attorney-General’s Department, Canberra ComLaw Authoritative Act C2012C00414 ComLaw Authoritative Act C2012C00414 Contents Part I—Preliminary 1 1 Short title [see Note 1] ....................................................................... 1 2 Commencement [see Note 1]............................................................. 1 3 Saving of certain State and Territory laws ......................................... 1 3A Application of the Criminal Code ..................................................... 2 4 Act to bind the Crown ....................................................................... 2 5 Interpretation of Information Privacy Principles ............................... 2 5A Extension to external Territories ....................................................... 2 5B Extra-territorial operation of Act ....................................................... 3 Part II—Interpretation 5 6 Interpretation ..................................................................................... 5 6A Breach of a National Privacy Principle ............................................ 23 6B Breach of an approved privacy code ................................................ 24 6C Organisations ................................................................................... 25 6D Small business and small business operators ................................... 27 6DA What is the annual turnover of a business? ..................................... 29 6E Small business operator treated as organisation .............................. 30 6EA Small business operators choosing to be treated as organisations .................................................................................... 32 6F State instrumentalities etc. treated as organisations ......................... 33 7 Acts and practices of agencies, organisations etc. ........................... 34 7A Acts of certain agencies treated as acts of organisation ................... 38 7B Exempt acts and exempt practices of organisations ......................... 39 7C Political acts and practices are exempt ............................................ 40 8 Acts and practices of, and disclosure of information to, staff of agency, organisation etc. ............................................................. 42 9 Collectors ........................................................................................ 44 10 Record-keepers ................................................................................ 45 11 File number recipients ..................................................................... 46 11A Credit reporting agencies ................................................................. 47 11B Credit providers ............................................................................... 47 12 Application of Information Privacy Principles to agency in possession ........................................................................................ 50 12A Act not to apply in relation to State banking or insurance within that State ............................................................................... 50 12B Severability: additional effect of Act in relation to organisations .................................................................................... 50 Part III—Information privacy 52 Division 1—Interferences with privacy 52 13 Interferences with privacy [see Note 2] ........................................... 52 Privacy Act 1988 iii ComLaw Authoritative Act C2012C00414 13A Interferences with privacy by organisations .................................... 53 13B Related bodies corporate ................................................................. 54 13C Change in partnership because of change in partners ...................... 55 13D Overseas act required by foreign law............................................... 56 13E Effect on section 13 of sections 13B, 13C and 13D ........................ 56 13F Act or practice not covered by section 13 or section 13A is not an interference with privacy ...................................................... 56 Division 2—Information Privacy Principles 57 14 Information Privacy Principles ........................................................ 57 15 Application of Information Privacy Principles ................................ 63 15B Special provision relating to the application of the Information Privacy Principles in relation to Norfolk Island ........... 63 16 Agencies to comply with Information Privacy Principles ............... 63 Division 3—Approved privacy codes and the National Privacy Principles 64 16A Organisations to comply with approved privacy codes or National Privacy Principles ............................................................. 64 16B Personal information in records ....................................................... 64 16C Application of National Privacy Principles ..................................... 65 16D Delayed application of National Privacy Principles to small business ........................................................................................... 65 16E Personal, family or household affairs .............................................. 66 16F Information under Commonwealth contract not to be used for direct marketing ......................................................................... 66 Division 4—Tax file number information 68 17 Guidelines relating to tax file number information .......................... 68 18 File number recipients to comply with guidelines ........................... 68 Division 5—Credit information 69 18A Code of Conduct relating to credit information files and credit reports .................................................................................... 69 18B Credit reporting agencies and credit providers to comply with Code of Conduct ...................................................................... 69 Part IIIAA—Privacy codes 70 18BA Application for approval of privacy code ........................................ 70 18BAA Privacy codes may cover exempt acts or practices .......................... 70 18BB Commissioner may approve privacy code ....................................... 70 18BC When approval takes effect ............................................................. 73 18BD Varying an approved privacy code .................................................. 73 18BE Revoking the approval of an approved privacy code ....................... 74 18BF Guidelines about privacy codes ....................................................... 74 18BG Register of approved privacy codes ................................................. 75 18BH Review of operation of approved privacy code ............................... 75 iv Privacy Act 1988 ComLaw Authoritative Act C2012C00414 18BI Review of adjudicator’s decision under approved privacy code ................................................................................................. 76 Part IIIA—Credit reporting 77 18C Certain credit reporting only to be undertaken by corporations ..................................................................................... 77 18D Personal information not to be given to certain persons carrying on credit reporting ............................................................. 77 18E Permitted contents of credit information files.................................. 78 18F Deletion of information from credit information files ..................... 81 18G Accuracy and security of credit information files and credit reports .............................................................................................. 83 18H Access to credit information files and credit reports ....................... 84 18J Alteration of credit information files and credit reports .................. 84 18K Limits on disclosure of personal information by credit reporting agencies ............................................................................ 85 18L Limits on use by credit providers of personal information contained in credit reports etc. ......................................................... 89 18M Information to be given if an individual’s application for credit is refused ............................................................................... 92 18N Limits on disclosure by credit providers of personal information contained in reports relating to credit worthiness etc. ................................................................................................... 93 18NA Disclosure by credit providers to certain persons who gave indemnities .................................................................................... 101 18P Limits on use or disclosure by mortgage insurers or trade insurers of personal information contained in credit reports .......... 101 18Q Limits on use by certain persons of personal information obtained from credit providers ....................................................... 103 18R False or misleading credit reports .................................................. 105 18S Unauthorised access to credit information files