Note: The IPPs applying to Australian Government agencies were replaced by the Australian Privacy Principles (APPs) on 12 March 2014. More information on the APPs can be found on the Privacy law reform page.
The IPPs applying to ACT public sector agencies were replaced by the Territory Privacy Principles (TPPs) on 1 September 2014. More information on the TPPs can be found on the Australian Capital Territory Privacy page.
The information below only applies to acts and practices that occured before those dates.
When Australian, ACT and Norfolk Island Government agencies and ministers' offices collect, store, use and disclose any personal information about individuals, they must comply with the 11 Information Privacy Principles (IPPs) in section 14 of the Privacy Act 1988. The IPPs also allow individuals to request access to their personal information and ask for information to be amended or deleted.
Individuals may also request access to their personal information handled by Australian Government agencies under the Freedom of Information Act 1982 (FOI Act). More information about individuals accessing their own information under the FOI Act is available from FOI Fact Sheet 5 — Freedom of information: Your personal information.
Below is a summary of the IPPs. For more detail, see the full text of the IPPs. Information and guidance on the interpretation of the IPPs can be found in the guidelines to IPPs below.
IPP 1: manner and purpose of collection
The information must be necessary for the agency's work, and collected fairly and lawfully.
IPP 2: collecting information directly from individuals
An agency must take steps to tell individuals why they are collecting personal information, what laws give them authority to collect it, and to whom they usually disclose it. This is often done by what is called an IPP 2 notice.
IPP 3: collecting information generally
An agency must take steps to ensure the personal information it collects is relevant, up‑to‑date and complete and not collected in an unreasonably intrusive way.
IPP 4: storage and security
Personal information must be stored securely to prevent its loss or misuse.
IPPs 5–7: access and amendment
These principles require agencies to take steps to record the type of personal information that they hold and to give individuals access to personal information about them. Personal information can be amended or corrected if it is wrong.
IPPs 8–10: information use
These principles outline the rules about keeping accurate, complete and up‑to-date personal information; using information for a relevant purpose; and only using the information for another purpose in special circumstances, such as with the individual's consent or for some health and safety or law enforcement reasons.
IPP 11: disclosure
This principle sets out when an agency may disclose personal information to someone else, for example another agency. This can only be done in special circumstances, such as with the individual's consent or for some health and safety or law enforcement reasons.