The Privacy Act 1988 (Privacy Act) regulates how personal information is handled. The Privacy Act defines personal information as:
…information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Personal information includes information such as:
- your name or address
- bank account details and credit card information
- information about your opinions and what you like.
The Privacy Act includes ten National Privacy Principles (NPPs), which apply to certain private sector organisations, and 11 Information Privacy Principles (IPPs), which apply to Australian, ACT and Norfolk Island agencies.
The Privacy Act does not regulate the way that personal information is handled by individuals and some small businesses. Additionally, different privacy regimes exist in some states and territories, which regulate the way state and territory government agencies handle information.
The IPPs and NPPs are not prescriptive. Each agency or organisation needs to apply those principles to its own situation. The principles cover:
- how personal information is collected
- how it is used and disclosed
- maintaining the quality of the information
- keeping it secure
- general rights for individuals to access and correct their information.
The Privacy Act also covers more specific matters, such as:
- the use of tax file numbers
- how credit worthiness informationis handled by credit reporting agencies and credit providers
- the handling of health or medical information, which is classed as ‘sensitive information’ under the Privacy Act.
The Privacy Act places obligations on agencies and organisations to handle sensitive information with particular care. Sensitive information includes information or an opinion about:
- an individual’s racial or ethnic origin
- health or medical information
- political opinion
- membership of a political association, professional or trade association or trade union
- religious beliefs or affiliations
- philosophical beliefs
- sexual preferences or practices
- criminal record
- genetic information.
The areas of privacy regulated by the Privacy Act are just one aspect of privacy. Other types of privacy can include territorial privacy and physical or bodily privacy, but these are not regulated by the Privacy Act.
Some other concepts that can be related to privacy are:
- Confidentiality — this usually refers to communications between individuals with an inherently private relationship, such as a client and lawyer, patient and medical professional, source and journalist, or individual and their spiritual adviser.
- Secrecy — generally refers to laws that impose an obligation of confidentiality in relation to the handling of government information.
- Intellectual property — refers to the creation or property of your mind, and may include propriety knowledge.
- Freedom of information — refers to the public’s right to access government information.
These matters are not regulated by the Privacy Act. In most cases there are other Australian laws that regulate these matters.