Site Changes

On 1 November 2010 the Office of the Privacy Commissioner was integrated into the Office of the Australian Information Commissioner and a new website established at www.oaic.gov.au.

Note 1: Major changes to the Privacy Act 1988 will come into effect in March 2014. Agencies, businesses and not for profits need to start preparing for these changes. For more information go to our privacy law reform page at www.oaic.gov.au
Note 2: From 12 March 2013 content is no longer being added to, or amended, on this site, consequently some information may be out of date. For new privacy content visit the www.oaic.gov.au website.

Types

Topic(s): Compliance

IPPs - Plain English Summary

Information Privacy Principles (IPPs)

Below is a plain English summary of the eleven Information Privacy Principles (IPPs).

The IPPs regulate how Australian and ACT government agencies manage personal information. They cover how and when personal information can be collected, how it should be used and disclosed, and storage and security. They also allow individuals to access that information and have it corrected if it is wrong.

If you want more detail, see the full text of the IPPs and the Guidelines for IPPs 1-3, 4-7, 8-11.

IPP 1: manner and purpose of collection

The information must be necessary for the agency's work, and collected fairly and lawfully.

IPP 2: collecting information directly from individuals

An agency must take steps to tell individuals why they are collecting personal information, what laws give them authority to collect it, and to whom they usually disclose it. This is often done by what is called an IPP 2 notice.

IPP 3: collecting information generally

An agency must take steps to ensure the personal information it collects is relevant, up-to-date and complete and not collected in an unreasonably intrusive way.

IPP 4: storage and security

Personal information must be stored securely to prevent its loss or misuse.

IPPs 5 - 7: access and amendment

These principles require agencies to take steps to record the type of personal information that they hold and to give individuals access to personal information about them. Personal information can be amended or corrected if it is wrong.

IPPs 8 - 10: information use

These principles outline the rules about keeping accurate, complete and up-to-date personal information; using information for a relevant purpose; and only using the information for another purpose in special circumstances, such as with the individual's consent or for some health and safety or law enforcement reasons.

IPP 11: disclosure

This principle sets out when an agency may disclose personal information to someone else, for example another agency. This can only be done in special circumstances, such as with the individual's consent or for some health and safety or law enforcement reasons.