Your Privacy and Organisations
View printable version of this page
This page gives you some information on how the National Privacy Principles
in the Privacy Act 1988 (Cth) protect
personal information, including health information, handled by private sector
organisations and small businesses in the community.
The National Privacy Principles cover many large and some small businesses in
the private sector and all private health service providers. Coverage
extends widely, to private schools, charities, direct marketing, sports clubs
and gyms, doctors, chemists, retailers, banks and insurance companies to name
just a few.
The ten National Privacy Principles
in the federal Privacy Act set out rules for the way these organisations and
small businesses must collect personal information, the quality of the
information, how it is kept secure and how the information is used and
disclosed.
The principles also give you rights to access and correct information.
You can also make a complaint if you think your
information has been mishandled.
If you are not sure if the organisation or business you are dealing with is
covered by the federal Privacy Act, just ask!
The National Privacy Principles generally do not apply to State and Territory
government agencies. Information
Sheet 12-2001 Coverage and exemptions from the Private Sector Provisions
gives you more information about the coverage of the federal Privacy Act and
entities which are not covered.
Back to Top
Your Privacy and the National Privacy Principles - My Privacy My Choice
The Privacy Act gives you rights in the way your personal information is
handled by many private sector organisations including all private health
service providers and some small businesses.
In the private sector, your privacy rights come in the form of ten National
Privacy Principles or NPPs. A summary of the NPPs
gives you more information.
These principles set out the rules organisations and small businesses must
observe in collecting, storing, using, disclosing, protecting and transferring
personal information about you. There are also principles about your
rights of access and correction, the quality of the information and your right
to be anonymous in particular circumstances.
My Privacy My
Choice - Your New Privacy Rights (PDF,
Word)--gives you more detail about
the Privacy Act and your rights.
Back to Top
Exemptions
The Privacy Act contains exemptions which means some sectors of the community
are not covered by the private sector provisions under the Privacy Act.
These exemptions cover registered political parties, the media and
information held in a past or current employee records.
Generally, State and Territory government bodies are not covered by the
private sector provisions in the federal Privacy Act.
Information Sheet 12 has more
information about what the Privacy Act covers in the private sector.
Back to Top
Credit Providers and Credit Reporting Agencies
Credit providers, like banks and building societies, provide reports
about people's bad debts and credit applications to central
databases managed by credit reporting agencies.
Part IIIA of the Privacy Act deals with credit reporting and
sets out rules about what information credit providers can report and who the
credit reporting agency can give that information to.
Back to Top
The National Privacy Principles - a Summary
The following briefly explains what the NPPs mean for you. A full text of the
National Privacy Principles can be found
on the federal Privacy Law page.
NPP1: Collection - describes what an organisation should do when
collecting your personal information. This includes rules about what information
they collect, collecting information about you from someone else and, generally,
what information they should give you about the collection.
NPP2: Use and Disclosure - outlines how organisations can use and
disclose your personal information. An organisation does not always need
your consent to use and disclose your information if they meet other
conditions. There are special rules about direct marketing.
NPP3: Data Quality & NPP4: Data Security - set the standards that
organisations must meet for the accuracy, currency, completeness and security of
your personal information.
NPP5: Openness - requires organisations to be open about their privacy
policy. Organisations must give you certain information about the way they
handle personal information in their organisation if you ask them to.
NPP6: Access & Correction - gives you a general right of access to
your own personal information, and the right to have that information corrected,
if it is inaccurate, incomplete or out of date.
NPP7: Identifiers - says that generally, Commonwealth government
identifiers (such as the Medicare number or the Veterans Affairs number) can
only be used for the purposes for which they were issued.
NPP8: Anonymity - where possible, organisations must give you the
opportunity to do business with them without identifying yourself.
NPP9: Transborder Data Flows - outlines privacy protections that apply
to the transfer of your personal information out of Australia .
NPP10: Sensitive Information - requires your consent when an
organisation collects sensitive information about you such as health
information, or information about your racial or ethnic background, or criminal
record. Sensitive information is a subset of personal information and
special protection applies to this information.
Back to Top
What do organisations and small businesses have to do?
Generally, they have to make sure you understand:
- the purpose for which they are collecting your personal information;
- how they are going to use it;
- who they are going to give it to; and
- how you can access and correct the information they hold about
you.
They must also make sure that they collect your personal information in a
fair and lawful way, and that the personal information they hold on you is
accurate, up-to-date and secure.
How do the National Privacy Principles help me?
The National Privacy Principles give you more control over what happens to
your personal information. You can:
- know why your personal information is being collected and how it will be
used;
- ask for access to your records, including your health information;
- take up opportunities to stop receiving direct marketing material;
- correct inaccurate information about you;
- know which organisations will be given your personal information;
- ensure organisations only use your information for purposes they have told
you about;
- find out what information an organisation holds on you and how they manage
it.
Back to Top
Privacy Codes and Opt-in
Some private sector organisations and small businesses have signed up to meet
the standards of Privacy Codes rather
than the National Privacy Principles. These Privacy Codes must provide
protection that is at least equivalent to the National Privacy Principles.
Details about organisations that have signed up to a code are available from
the Code Administrator. A list of Code Administrators can be accessed on our
web site or you can contact us for more
information.
Some organisations and small businesses that are not covered by the Privacy
Act can opt-in or choose to be
covered by the Act. A list of these organisations and small businesses can
be accessed on our web site or contact us for
more information.
Back to Top
Do you have a privacy problem?
If you think an organisation or small business has mishandled your personal
information, you should try and work out the matter with the organisation or
small business in question before making a complaint to the Privacy
Commissioner. Our complaints page gives you more
information.
Back to Top
Who else protects privacy?
There are other agencies that can help you with privacy enquiries about State
government bodies. Our State Privacy
Laws page gives you more information about privacy in other Australian
States and Territories.
Back to Top
Non-English speakers
Translating and Interpreting Service on 131 450. This is a free service.
Ask for the Office of the Privacy Commissioner on 1300 363 992.
Back to Top
|
HOME > Individuals > Your Privacy and Organisations
