Privacy codes register
The Australian Information Commissioner (the Information Commissioner) is required to keep this register under s 26U of the Privacy Act 1988.
The following codes are in force:
- Privacy (Credit Reporting) Code 2014 (Version 2.3)
Registered: 01 July 2022
- Privacy (Australian Government Agencies — Governance) APP Code 2017
Registered: 27 October 2017
- Privacy (Market and Social Research) Code 2021
Registered: 1 March 2021
About privacy codes
Under Part IIIB of the Privacy Act, the Information Commissioner can approve and register enforceable codes which are developed by entities on their own initiative or on request from the Information Commissioner, or developed by the Information Commissioner directly.
The purpose of a code is to provide individuals with transparency about how their information will be handled. Codes do not replace the relevant provisions of the Privacy Act, but operate in addition to the requirements of the Privacy Act. A code cannot lessen the privacy rights of an individual provided for in the Privacy Act. Registered codes are disallowable legislative instruments.
An APP entity (or a body or association representing them) can develop a written code of practice for the handling of personal information, called an APP code. An APP code sets out how one or more of the APPs are to be applied or complied with, and the APP entities that are bound by the code.
The Privacy Act also requires the development of a code of practice about credit reporting, called the CR code. The CR code sets out how the Privacy Act’s credit reporting provisions are to be applied or complied with by credit reporting bodies, credit providers and other entities bound by Part IIIA.
An entity bound by a registered code must not do an act, or engage in a practice, that breaches that code (ss 26A (APP codes) and 26L (CR code)). A breach of a registered code will be an interference with the privacy of an individual under s 13 of the Privacy Act and subject to investigation by the Information Commissioner under Part V of the Privacy Act.
Draft code consultations
Before a code can be approved, the OAIC must be satisfied that members of the public have been given an adequate opportunity to comment on a draft of the code. Organisations developing codes can request the OAIC to provide a link to their website during their public consultation process.
The following organisations have asked the OAIC to provide a link to their public consultations:
- Australian Retail Credit Association – consultation on proposed CR Code variations – closes 11 August 2021