In December 2001, the Privacy Act changed and now gives you new rights in relation to how your personal information is handled by many private sector organisations.

What does it mean for you?

Your new privacy rights come in the form of ten National Privacy Principles (NPPs). These set the standards organisations are required to observe in collecting, storing, using, disclosing, protecting and transferring your personal information.

These changes were introduced to give you greater control over your personal information. A summary of the NPPs and what they cover is on the next page.

Some organisations have signed up to meet the standards of Privacy Codes rather than the NPPs. The Privacy Codes must provide protection at least equivalent to the NPPs. Details about organisations that have signed up to a code are available from the relevant Code Administrator. A list of Code Administrators can be accessed on our web site or by calling us.

You can now:

 

• know why your personal information is being collected and how it will be used;
• ask for access to your records, including your health information;
• take up opportunities to stop receiving direct marketing material;
• correct inaccurate information about you;
• know which organisations will be given your personal information;
• ensure organisations only use your information for purposes they have told you about;
• find out what information an organisation holds on you and how they manage it.

What are the ten National Privacy Principles?

The following briefly explains what the NPPs mean for you.

NPP1: Collection - describes what an organisation should do when collecting your personal information.

NPP2: Use and Disclosure - outlines how organisations can use and disclose your personal information.

NPP3: Data Quality & NPP4: Data Security - set the standards that organisations must meet for the accuracy, currency, completeness and security of your personal information.

NPP5: Openness - requires organisations to be open about how they handle your personal information.

NPP6: Access & Correction - gives you a general right of access to your own personal information, and the right to have that information corrected, if it is inaccurate, incomplete or out of date.

NPP7: Identifiers - says that generally, Commonwealth government identifiers (such as the Medicare number or the Veterans Affairs number) can only be used for the purposes for which they were issued.

NPP8: Anonymity - where possible, requires organisations to provide the opportunity for you to interact with them without identifying yourself.

NPP9: Transborder Data Flows - outlines privacy protections that apply to the transfer of your personal information out of Australia.

NPP10: Sensitive Information - requires your consent when an organisation collects sensitive information about you such as health information, or information about your racial or ethnic background, or criminal record. Sensitive information is a subset of personal information and special protection applies to this information.

Other privacy rights

These new rights are in addition to existing rights you have in relation to how your personal information is handled by:

• Commonwealth and ACT government agencies;
• credit providers such as banks and credit unions;
• credit reporting agencies that maintain information about your credit standing;
• anyone that holds your personal tax file number; and organisations that request information about convictions for old minor federal offences. Commonwealth government agencies are also restricted in the uses they can make of old minor federal and state offences.

If you would like more information about any of the above visit our web site or call our privacy hotline staff. See back for contact details.

Who else protects privacy?

There are other agencies that can help you with privacy enquiries about State government bodies. In NSW you can contact Privacy NSW and in Victoria, the Office of the Victorian Privacy Commissioner.

What do organisations have to do?

Many private sector organisations will be required to make sure you understand:

• the purpose for which they are collecting your personal information;
• how they are going to use it;
• who they are going to give it to; and
• how you can access and correct the information they hold about you.

They must also make sure that they collect your personal information in a fair and lawful way, and that the personal information they hold on you is accurate, up-to-date and secure.

Organisations with an annual turnover of more than $3 million are covered by the Act, as are all health service providers and some small businesses. Please note that there are some exemptions under the Act. See Information Sheet 12 on our web site or call us for more information.

What to do when you think your privacy has been infringed

Before making a complaint to the Privacy Commissioner you should attempt to resolve the matter with the organisation in question. What should you do?

1. Write a letter or email to the organisation, explain the situation and what you would like to see happen.
2. Give the organisation an opportunity to rectify the situation, 30 days is a reasonable time frame in which they should respond to your initial enquiry.
3. If you are not satisfied with the outcome you can complain to our Office, or the Privacy Code Adjudicator (see list on our web site or call us for further information).

If you would like to receive a complaint form, please contact our Office using the contact details on the back cover.

Would you like more information?

Check our web site for further information, especially the Your Privacy Rights page and the Frequently Asked Questions. Hard copies of publications are available if required.

Certain terms used in this brochure have special meaning, see definitions in the Act for further information.

Contact details

Web site:	www.privacy.gov.au
Enquiries:	enquiries@oaic.gov.au
Hotline:	1300 363 992 (cost of a local call)
Fax:	02 9284 9666
TTY:	1800 620 241
Mail:	GPO Box 5218 SYDNEY NSW 2001

 

 

 

 

 

Non-English speakers

If you need assistance with other languages call the Translating and Interpreting Service on 131 450 and ask for the Office of the Privacy Commissioner on 1300 363 992. This is a free service.