The Territory Privacy Principles (TPPs) apply to ACT public sector agencies covered by the Information Privacy Act 2014.
On this page
- TPP 1 — Manage personal information in an open and transparent way
- TPP 2 — Anonymity and pseudonymity
- TPP 3 — Collection of solicited personal information
- TPP 4 — Dealing with unsolicited personal information
- TPP 5 — Notification of collection
- TPP 6 — Use or disclosure
- TPP 8 — Cross-border disclosure
- TPP 10 — Quality
- TPP 11 — Security
- TPP 12 — Access
- TPP 13 — Correction
TPP 1 — Manage personal information in an open and transparent way
TPP 2 — Anonymity and pseudonymity
Requires agencies to give individuals the option of not identifying themselves, or of using a pseudonym, when dealing with the entity in relation to a particular matter. Limited exceptions apply where this is impracticable, or an Australian law or court/tribunal order requires or authorises the agency to deal with individuals who have identified themselves.
TPP 3 — Collection of solicited personal information
Outlines when an agency can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information.
TPP 4 — Dealing with unsolicited personal information
Outlines how agencies must deal with unsolicited personal information. Different requirements apply depending on whether or not the entity could have collected the information under TPP 3 and if the information is contained in a Territory record.
TPP 5 — Notification of collection
Outlines when and in what circumstances an agency that collects personal information must notify an individual of certain matters.
TPP 6 — Use or disclosure
Outlines the circumstances in which an agency may use or disclose personal information that it holds. Unless an exception applies, an agency can only use or disclose personal information for the primary purpose for which it was collected.
TPP 8 — Cross-border disclosure
Outlines the steps an agency must take to protect personal information before it is disclosed overseas.
TPP 10 — Quality
An agency must take reasonable steps to ensure the personal information it collects is accurate, up-to-date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.
TPP 11 — Security
An agency must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An agency has obligations to destroy or de-identify personal information in certain circumstances.
TPP 12 — Access
Outlines an agency’s obligations when an individual requests to be given access to personal information held about them by the agency. This includes a requirement to provide access unless a specific exception applies.
TPP 13 — Correction
Outlines an agency’s obligations in relation to correcting the personal information it holds about individuals.
Note: The TPPs are similar to the Australian Privacy Principles (APPs) in Schedule 1 of the Privacy Act 1988 (Cth) that apply to most Australian Government (and Norfolk Island Government) agencies and some private sector organisations. Any APPs not relevant to the handling of personal information by ACT public sector agencies have not been included, and this is reflected in the numbering.