Site Changes

On 1 November 2010 the Office of the Privacy Commissioner was integrated into the Office of the Australian Information Commissioner and a new website established at www.oaic.gov.au.

Note 1: Major changes to the Privacy Act 1988 will come into effect in March 2014. Agencies, businesses and not for profits need to start preparing for these changes. For more information go to our privacy law reform page at www.oaic.gov.au
Note 2: From 12 March 2013 content is no longer being added to, or amended, on this site, consequently some information may be out of date. For new privacy content visit the www.oaic.gov.au website.

Types

Topic(s): Technologies

Media Release: Privacy Commissioner approves Biometrics Institute Privacy Code

27 July 2006

Privacy Commissioner, Karen Curtis has approved the Biometrics Institute Privacy Code, which comes into operation on 1 September 2006.

"I am pleased to announce that I have approved the Biometrics Institute Privacy Code, submitted to my Office by the Biometrics Institute," said Ms Curtis.

"This has been a long term project and I congratulate the Biometrics Institute for their efforts in developing the Privacy Code.

"My Office will handle privacy complaints about organisations who volunteer to be bound by the Code," said Ms Curtis.

The Code includes privacy standards that are at least equivalent to the National Privacy Principles (NPPs) in the Privacy Act and also incorporates higher standards of privacy protection in relation to:

certain acts and practices in relation to employee records that otherwise would be exempt.
the addition of three new Supplementary Biometrics Institute Privacy Principles 11, 12, and 13 in the Code:
- Principle 11 deals with the protection of biometric information and in some ways supplements the data security obligations in NPP 4.
- Principle 12 includes some added notice requirements, restricts some secondary uses without express free and informed consent and confers a right to request the removal of biometric information from a system. These obligations enhance NPP 1.3, NPP 1.5, NPP 2 and NPP 4.
- Principle 13 introduces an obligation of accountability through an extra notice obligation, requires an audit of biometric systems to be undertaken, introduces the concept of holistic privacy management in relation to a biometric product or service, and mandates the use of privacy impact assessments. These requirements augment NPP 1, NPP 4 and NPP 5.1.
the inclusion of specific requirements in the Code for code subscribers to be aware of and take account of relevant national and international standards for information protection and biometric systems.

The Biometrics Institute is a 'not for profit' entity with the purpose of promoting the responsible use of and development of biometrics. The Biometrics Institute Privacy Code is intended to cover organisations which volunteer to be bound by the Code and which sell or use biometric services and products.

Further information regarding the Biometrics Institute Privacy Code and signatory organisations are available by contacting the Biometrics Institute.

Now that the Code has been registered on the Federal Register of Legislative Instruments it will be entered into the Commissioner's register of approved privacy codes on the Office's website.

Background

The Privacy Act establishes a framework in which organisations, or groups of organisations, are able to develop their own privacy code for the handling of personal information. The co-regulatory component in the legislation is designed to allow for flexibility in an organisation's approach to privacy while guaranteeing that consumers' personal information is subject to minimum standards that are enforceable in law.

The Privacy Commissioner may only approve a code if it contains standards that are at least the equivalent overall to the NPPs. Once a code has been approved organisations can choose to be bound by the code and it will then replace the NPPs for those organisations.