Agencies - that is almost everyone holding personal information about others - have to comply with the Privacy Act.
This isn't as hard as you might think. The Act's 12 information privacy principles model the way in which good businesses handle personal information and is structured around these 12 information privacy principles.
These principles can be summarised as:
Together, these principles form a 'life-cycle' for personal information.
Agencies must first decide what information they need, and where and how they are going to get it. They then need to ensure they hold the information with appropriate protections and that they comply with any access or correction requests they receive. Finally, personal information should be used and disclosed with care and kept securely, and in line with the purposes for which the information was collected.
For a summary of the health information privacy rules, view this page.
The Getting started section will help you to plan how you will comply with the information privacy principles.
The Privacy Act can be "trumped" by other legislation, if that legislation says something different to the standards set out in the privacy principles.
For example, if another statutory provision allows you to disclose information in the circumstances, you won't be in breach of the Privacy Act by disclosing the information regardless of what principle 11 says.
The Act requires all agencies (including businesses) to have a privacy officer.
It's too hard for everyone in an agency to know all the privacy principles and what other law might apply. So have a privacy officer - a person who is responsible for finding out what to do, and giving advice to other members of staff.
Let us know who your privacy officer is. We can provide training, or we can give the person information about the Act. We can also put them in touch with other privacy officers in your area.
The only thing we can't do is give you direct legal advice on individual problems, just in case that problem ends up as a complaint to the Commissioner.
Don't forget, if you need general information about your obligations under the Act, please contact us.