An organisation or agency can’t use or disclose your personal information for another reason (a secondary purpose) unless an exception applies. Exceptions include:
you’ve consented to an organisation or agency using or disclosing your personal information for a secondary purpose
an organisation or agency uses or discloses your personal information because they think it’s reasonably necessary for enforcement-related activities carried out by, or on behalf of, an enforcement body
a secondary purpose is required or authorised under an Australian law, or court or tribunal order
Is an organisation or agency ‘using’ your personal information?
An organisation or agency is ‘using’ your personal information if they control how the information is handled. For example if they:
search their records for your personal information
access and read the personal information they hold about you
make a decision based on the personal information they hold about you
pass your personal information from one part of the organisation or agency to another
An organisation or agency is even using your personal information if an employee without authority accesses it while doing their work duties.
Is an organisation or agency ‘disclosing’ your personal information?
An organisation or agency ‘discloses‘ your personal information if they give access to it, or show it to another individual, organisation or agency. This includes situations where the individual, organisation or agency receiving your personal information already knows it.
