THE OFFICE OF THE PRIVACY COMMISSIONER
Spacer GifHOME > Government > Privacy Contact Officers > Advice for PCOs Spacer Gif Spacer Gif Spacer Gif Spacer Gif
Spacer Gif
Spacer Gif Government
Spacer Gif Bullet News for PCOs
Spacer Gif Bullet PCO Network meetings
Spacer Gif Bullet Advice for PCOs
Spacer Gif Bullet What is a Privacy Contact Officer?
Spacer Gif Bullet Government FAQs
Spacer Gif SPECIFIC PRIVACY
INFORMATION FOR:
Spacer Gif > Individuals
Spacer Gif > Business
Spacer Gif > Health
Spacer Gif > Government
Horizontal Rule
Spacer Gif > Federal Privacy Law
Spacer Gif > About the Office
Spacer Gif > Frequently Asked Questions
Spacer Gif > IT and Internet Issues
Spacer Gif > Media and Speeches
Spacer Gif > Publications
Spacer Gif > Privacy Links
Spacer Gif > International
Spacer Gif > Contact us

Spacer Gif

Advice for PCOs

View printable version of this page

Privacy - What do I need to know as a Australian or ACT Government employee?

As an Australian or ACT Government employee you are responsible for handling personal information in accordance with standards set out in the Privacy Act 1988 (Cth) (the Privacy Act). This note provides you with an introduction to privacy, outlines briefly what might be expected of you and what resources are available to assist you in finding out more.

The Privacy Act establishes the Information Privacy Principles (IPPs), as the minimum standard Australian and ACT agencies are required to meet in handling personal information. The Privacy Act aims to give people reasonable control over information about themselves, taking account of other important interests such as the right of government to achieve its objectives in an efficient way.

Most Australian and ACT government agencies must comply with the IPPs, the Tax File Number Guidelines (as set out in Sections 14 and 17 of the Privacy Act respectively) and the spent convictions scheme set out in Part VIIC of the Crimes Act 1914. Other laws, including the Public Service Act 1999 and statutes setting out the functions and powers of agencies, have a bearing on the handling of personal information.

The Office of the Privacy Commissioner (the Office) assists agencies in meeting their obligations under the Privacy Act. The Office does this by providing comments on new policy proposals or laws and advice on the operation of the Privacy Act generally, providing information by undertaking promotional and educational activities (eg, through a network of Privacy Contact Officers (PCOs)) and by investigating complaints and undertaking audits.

The Office expects to be consulted on new policy proposals, cabinet submissions and draft legislation with privacy implications. The Cabinet Handbook requires consultation with the Office on Cabinet submissions with privacy implications. However agencies should rarely need to consult this Office on more day-to-day matters regarding the implementation or ongoing management of programs. These matters should be handled by your PCO and by accessing the guidelines and fact sheets available on our website or from the Office. In particular the Government section of our website is a useful resource for PCOs.

How might the Privacy Act affect my work?

It may not always be immediately obvious how the Privacy Act impacts on your work. The Privacy Act will probably apply if you do any of the following:

  • Supervise staff
  • Handle personal information about someone in your organisation
  • Develop policy that may impact on the handling of personal information
  • Deal with clients and handle their personal information
  • Undertake fraud investigations
  • Design forms for the collection of personal information
  • Develop or manage outsourcing contracts
  • Monitor staff use of the Internet and email facilities
  • Work on a hotline or in a call centre

If any of the above categories apply to you, then the Privacy Act affects you and you need to be aware of your agency's responsibility to protect personal information in accordance with the Privacy Act.

The Information Privacy Principles

The Information Privacy Principles (IPPs) are legally binding standards and regulate the way most Australian and ACT agencies collect, store, use and disclose information about people. The principles start with general rules. These include requirements that:

  • people be told why their information is being collected;
  • people have access to personal information about them;
  • personal information is only to be used for the purpose for which it was collected; and
  • personal information not be disclosed except to the person concerned.

The principles also set out exceptions to the general rules.

What is personal information?

Section 6 of the Privacy Act defines personal information as follows:

information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

There are some obvious examples of personal information such as name or address. Personal information can also include photos, videos - anything where a person can be reasonably identified.

Back to top

Notification of possible breaches of the Privacy Act

Background

  • There have been a number of instances when agencies have claimed that they have contacted the Office to notify us of possible breaches.
  • Unfortunately this is not always correct which usually results in this Office unnecessarily writing to the agency concerned seeking an explanation of the circumstances surrounding the possible breach of privacy.
  • Also, in some instances it is not always the PCO who contacts the Office, in fact on a number of occasions the PCO is not aware of the incident.
  • It is critical that if PCOs are going to be the Office's contact point within agencies, that agencies ensure that such notifications are sent to the Office via the PCO.
  • If a notification of a breach is received from someone other than the PCO the Office will ensure that the PCO is notified.


What are we looking for?

  • A more formalised approach.
  • Agencies should inform the Office by email, fax or letter - should avoid contacting the Office by phone.
  • The notification should be sent to the attention of the Director of Compliance.
  • Details to be included are: - Brief description of what has occurred - What actions the agency is taking - Contact person for follow up.

Advantages in notifying the Office

  • If you notify us we are better prepared to handle third party enquiries i.e. the media or complainants.
  • May eliminate the need to commence a s.40(2) investigation if we are aware that the agency is already taking steps to deal with the matter.

NOTE: Also see the guide to handling personal information security breaches (August 2008) www.privacy.gov.au/publications/breach_guide.pdf

Commissioners letter to agency heads on requests for advice - August 2003

The Commissioner has written to agency heads with advice about a new strategy to help agencies and PCOs to deal with their privacy obligations, including setting out the most efficient and effective way to engage with our office about requests for advice.

These suggestions for interaction with our Policy Advice Team were originally discussed with PCOs at the 29 November 2002 meeting. This was subsequently reported on, with the suggestions included in the PCO Meeting Report of 23 December 2002.

A revised version of the strategy is attached to the letter to agency heads and is also available Word, PDF.

Information Paper Suggestions for Client Contact Projects

At the November 2002 PCO Meeting a representative from the Policy Advice Team at the OPC advised that the Office was seeking comments on a draft paper outlining some processes for conducting various types of client contact survey activities. The consultation process is now complete and the paper has been finalised. Thanks to all those who contributed.

Changes to IPP Guideline No.32 in Plain English Guidelines to Information Privacy Principles 8 -11

There have been some changes to IPP Guideline No. 32 - to clarify the situation for agencies in relation to requests from State/Territory agencies for disclosures of personal information 'required or authorised by law'. The changed sections of the Guideline are shaded.

Back to Top

Australian Public Service Commission circulars on sharing information about Code of Conduct inquiry outcomes

The APSC has two circulars which provide guidance to Australian Public Service (APS) agencies about releasing information about Code of Conduct inquiry outcomes.

The first, released in 2007, clarifies the circumstances in which information can be provided concerning Code of Conduct matters when APS employees move from one APS agency to another. It can be found at: http://www.apsc.gov.au/circulars/circular072.htm

The second, released in 2008, provides guidance about what information APS agencies can or should give complainants about the outcome of their complaints. It can be found at: http://www.apsc.gov.au/circulars/circular083.htm

Back to Top



Spacer Gif> Privacy Policy Spacer Gif> Copyright Spacer Gif> Site map Spacer Gif> Join Email List Spacer Gif> Glossary Spacer Gif> Calendar Spacer Gif> Newsletter