Australian and ACT government agencies are covered by the Privacy Act. Agencies covered by the Act must comply with eleven Information Privacy Principles (or 'IPPs') which set out how they may collect, use, store and disclose your personal information.

The IPPs also give you a right to access the information that government agencies hold about you and correct it if it's wrong.

State and Northern Territory government agencies are not covered by the Privacy Act, but may be covered by state and territory privacy legislation. To find out more, see State and territory privacy law. Or to find out more about which government agencies are covered by the Privacy Act see Complaints.

Under the Privacy Act, what do Australian and ACT government agencies have to do?

Generally, they have to make sure you understand:

• the purpose for which they are collecting your personal information
• who (if anyone) they are going to give it to
• any laws that say they must collect or that allow them to collect your information.

Agencies must also make sure that they collect your personal information in a fair and lawful way, and that the personal information they hold on you is accurate, up-to-date, complete and secure.

There are special rules for how agencies can use or disclose personal information about you.

How do the Information Privacy Principles help me?

Generally, the IPPs give you the right to:

• know why your personal information is being collected, any law authorising the collection and who it will be given to
• have access to your records
• have inaccurate information about you amended
• be sure that information about you can only be used for particular reasons
• be sure that information about you can only be disclosed for particular reasons.

Privacy and tax file numbers

The Privacy Act protects your tax file number. It prevents the number being used as an identifier, and gives you the right not to provide your tax file number.

When you do provide your tax file number, it can only be used for tax-related, assistance agency and superannuation purposes.

Under the Privacy Act, the Privacy Commissioner issues and administers legally binding guidelines about tax file numbers.

To find out more, see tax file numbers.

Privacy and data-matching

Data-matching between the Australian Tax Office (ATO) and assistance agencies such as Centrelink and the Department of Veterans Affairs is regulated under the Data-Matching Program (Assistance and Tax) Act 1990.

Data-matching happens when agencies compare personal information they have collected. The 'matching' ensures that people are receiving the correct benefit, and detects overpayments and ineligibility for assistance.

Under the Privacy Act, the Privacy Commissioner is responsible for issuing guidelines to protect privacy, investigating complaints and monitoring the way these agencies conduct data-matching programs.

The Privacy Commissioner has also issued voluntary guidelines on data-matching for all Australian and ACT government agencies (other than just the ATO, Centrelink and the Department of Veterans Affairs).

For more information, see Government data-matching.

Other places to go...

• Plain English summary of the Information Privacy Principles: Want a snapshot of the IPPs with links to more detailed guidance? Follow this link...
  
• Guidelines on Medicare and Pharmaceutical Benefits: These guidelines cover the use of claims information under the Pharmaceutical Benefits Scheme and the Medicare Program. Find out more...
  
• Telecommunications: The Privacy Commissioner has some responsibilities under the Telecommunications Act. Find out more...
  
• Complaints: Find out more about making a privacy complaint.