Your Privacy and OrganisationsThis page gives you some information on how the National Privacy Principles in the Privacy Act 1988 (Cth) protect personal information, including health information, handled by private sector organisations and small businesses in the community. The National Privacy Principles cover many large and some small businesses in the private sector and all private health service providers. Coverage extends widely, to private schools, charities, direct marketing, sports clubs and gyms, doctors, chemists, retailers, banks and insurance companies to name just a few. The ten National Privacy Principles in the federal Privacy Act set out rules for the way these organisations and small businesses must collect personal information, the quality of the information, how it is kept secure and how the information is used and disclosed. The principles also give you rights to access and correct information. You can also make a complaint if you think your information has been mishandled. If you are not sure if the organisation or business you are dealing with is covered by the federal Privacy Act, just ask! The National Privacy Principles generally do not apply to State and Territory government agencies. Information Sheet 12-2001 Coverage and exemptions from the Private Sector Provisions gives you more information about the coverage of the federal Privacy Act and entities which are not covered.
Your Privacy and the National Privacy Principles - My Privacy My ChoiceThe Privacy Act gives you rights in the way your personal information is handled by many private sector organisations including all private health service providers and some small businesses. In the private sector, your privacy rights come in the form of ten National Privacy Principles or NPPs. A summary of the NPPs gives you more information. These principles set out the rules organisations and small businesses must observe in collecting, storing, using, disclosing, protecting and transferring personal information about you. There are also principles about your rights of access and correction, the quality of the information and your right to be anonymous in particular circumstances. My Privacy My Choice - Your New Privacy Rights (PDF, Word)--gives you more detail about the Privacy Act and your rights. ExemptionsThe Privacy Act contains exemptions which means some sectors of the community are not covered by the private sector provisions under the Privacy Act. These exemptions cover registered political parties, the media and information held in a past or current employee records. Generally, State and Territory government bodies are not covered by the private sector provisions in the federal Privacy Act. Information Sheet 12 has more information about what the Privacy Act covers in the private sector. Credit Providers and Credit Reporting AgenciesCredit providers, like banks and building societies, provide reports about people's bad debts and credit applications to central databases managed by credit reporting agencies. Part IIIA of the Privacy Act deals with credit reporting and sets out rules about what information credit providers can report and who the credit reporting agency can give that information to. The National Privacy Principles - a SummaryThe following briefly explains what the NPPs mean for you. A full text of the National Privacy Principles can be found on the federal Privacy Law page. NPP1: Collection - describes what an organisation should do when collecting your personal information. This includes rules about what information they collect, collecting information about you from someone else and, generally, what information they should give you about the collection. NPP2: Use and Disclosure - outlines how organisations can use and disclose your personal information. An organisation does not always need your consent to use and disclose your information if they meet other conditions. There are special rules about direct marketing. NPP3: Data Quality & NPP4: Data Security - set the standards that organisations must meet for the accuracy, currency, completeness and security of your personal information. NPP5: Openness - requires organisations to be open about their privacy policy. Organisations must give you certain information about the way they handle personal information in their organisation if you ask them to. NPP6: Access & Correction - gives you a general right of access to your own personal information, and the right to have that information corrected, if it is inaccurate, incomplete or out of date. NPP7: Identifiers - says that generally, Commonwealth government identifiers (such as the Medicare number or the Veterans Affairs number) can only be used for the purposes for which they were issued. NPP8: Anonymity - where possible, organisations must give you the opportunity to do business with them without identifying yourself. NPP9: Transborder Data Flows - outlines privacy protections that apply to the transfer of your personal information out of Australia . NPP10: Sensitive Information - requires your consent when an organisation collects sensitive information about you such as health information, or information about your racial or ethnic background, or criminal record. Sensitive information is a subset of personal information and special protection applies to this information. What do organisations and small businesses have to do?Generally, they have to make sure you understand:
They must also make sure that they collect your personal information in a fair and lawful way, and that the personal information they hold on you is accurate, up-to-date and secure. How do the National Privacy Principles help me?The National Privacy Principles give you more control over what happens to your personal information. You can:
Privacy Codes and Opt-inSome private sector organisations and small businesses have signed up to meet the standards of Privacy Codes rather than the National Privacy Principles. These Privacy Codes must provide protection that is at least equivalent to the National Privacy Principles. Details about organisations that have signed up to a code are available from the Code Administrator. A list of Code Administrators can be accessed on our web site or you can contact us for more information. Some organisations and small businesses that are not covered by the Privacy Act can opt-in or choose to be covered by the Act. A list of these organisations and small businesses can be accessed on our web site or contact us for more information.
Do you have a privacy problem?If you think an organisation or small business has mishandled your personal information, you should try and work out the matter with the organisation or small business in question before making a complaint to the Privacy Commissioner. Our complaints page gives you more information. Who else protects privacy?There are other agencies that can help you with privacy enquiries about State government bodies. Our State Privacy Laws page gives you more information about privacy in other Australian States and Territories. Non-English speakersTranslating and Interpreting Service on 131 450. This is a free service. Ask for the Office of the Privacy Commissioner on 1300 363 992. |