an introduction to the privacy act n.
Skip this Video
Loading SlideShow in 5 Seconds..
An Introduction to the Privacy Act PowerPoint Presentation
Download Presentation
An Introduction to the Privacy Act

Loading in 2 Seconds...

play fullscreen
1 / 27

An Introduction to the Privacy Act - PowerPoint PPT Presentation

  • Uploaded on

An Introduction to the Privacy Act. Privacy Act 1993. Promotes and protects individual privacy Is concerned with the privacy of information about people rather than physical intrusions into privacy

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

An Introduction to the Privacy Act

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
privacy act 1993
Privacy Act 1993
  • Promotes and protects individual privacy
  • Is concerned with the privacy of information about people rather than physical intrusions into privacy
  • Establishes 12 information privacy principles which regulate the collection, storage, use and disclosure of personal information and give people the right to access and correct their information
  • Allows the Privacy Commissioner to issue industry specific codes of practice
  • Sets out rules for information matching
  • Provides a set of principles regulating how information on public registers can be used
  • Sets up a complaints procedure
  • Sets out how law enforcement information is to be dealt with
  • Provides for the appointment of a Privacy Commissioner and sets out his role and functions
definition of personal information
Definition of Personal Information
  • Information about an identifiable individual
  • Does not include information about a corporate body
  • Any person or body of persons
  • Corporate or unincorporate
  • Public or private sector
  • Some exceptions: MPs, courts and tribunals, news media in relation to its news activities
  • Sections 3 and 4
breach of ipp and adverse consequence results in interference with individual s privacy
Breach of IPPANDAdverse ConsequenceResults in Interference With Individual’s Privacy




interference with privacy access
Interference With Privacy (Access)
  • Referral
  • Failure to respond within 20 working days
  • Conditions on use
  • Charging
  • Refusal to correct

Interference with privacy if there is no proper basis for:

ipp 1 purpose of collection of personal information
IPP 1 - Purpose of Collection ofPersonal Information

Not to be collected by an agency unless:

  • Information is collected for a lawful purpose connected with the function / activity of the agency
  • Collection necessary for that purpose


Lawful purpose?

Is it purpose connected with a function / activity of the agency?

Is collection necessary for that purpose?

ipp 2 source of personal information
IPP 2 - Source of Personal Information

Where an agency collects personal information, the agency shall collect the information directly from the individual concerned.

No compliance permissible where the agency believes, on reasonable grounds, that:

  • Individual has authorised collection of the information from someone else
  • Compliance would prejudice the purpose of that collection
  • Compliance not reasonably practicable in the circumstances

(Non-compliance permissible on

certain other grounds)

ipp 3 collection of personal information from subject a
IPP 3 - Collection of Personal InformationFrom Subject (A)

Where personal information collected directly from individual concerned, agency required to take reasonable steps to ensure individual is aware of:

  • Fact information is being collected
  • Purpose for which information is collected
  • Intended recipients of information
  • Contact details for agencies collecting and holding information
  • Whether supply of information is mandatory / voluntary (Where law authorises / requires collection)
  • Consequences if information not supplied
  • Rights of access and correction
  • Provide these details before
  • collection if practicable
ipp 3 collection of personal information from subject b
IPP 3 - Collection of Personal InformationFrom Subject (B)
  • It is authorised by the individual
  • It would not prejudice the individual’s interests
  • Compliance would prejudice purposes of collection

Also certain other grounds IPP 3(4)

Repeat explanation not necessary

If given recently

Non-compliance permissible where agency believes, on reasonable grounds, that:

ipp 4 manner of collection of personal information
IPP 4 - Manner of Collection of Personal Information
  • Unlawful means
  • Means that, in the circumstances are,

- Unfair

- Unreasonably intrude upon the

Individual’s personal affairs

Personal information must not be collected





Develop information handling policies

Convey policies when collecting information

ipp 5 storage and security of information
IPP 5 - Storage and Security of Information
  • Loss
  • Unauthorised access, use, modification or disclosure
  • Other misuse

Agency holding personal information must take reasonable security safeguards to protect against:


Physical security?

Operational security?

Security of transmission?

Disposal or destruction?

ipp 6 access to personal information
IPP 6 - Access to Personal Information

Where an agency holds personal information in a way that it can readily be retrieved, individuals are entitled to have access to information relating to them

ipp 6 access to personal information1
IPP 6 - Access to Personal Information

Obligations of agencies to

  • Provide assistance
  • Transfer access requests
  • Respond within time limits
  • Make information available in form requested

Precautions by appropriate procedures:

  • Satisfactory identification of individual
  • Authority of agent


  • No charge by public sector agency
  • Reasonable charges by others
withholding grounds principle 6
Withholding Grounds - Principle 6
  • 27(1)(c) - prejudice maintenance of law
  • 27(1)(d) - endanger safety
  • 29(1)(a) - unwarranted disclosure
  • 29(1)(c) - prejudice physical / mental health
  • 29(2) - not readily retrievable / cannot be found / does not exist
ipp 7 correction of personal information
IPP 7 - Correction of Personal Information

An individual is entitled to request the correction of information

Agency must either:

Agency must notify known recipients of the information about this correction

Make correction


Attach statement by individual of correction sought

ipp 8 accuracy of personal information to be checked before use

Up to date



Not misleading


IPP 8 - Accuracy of Personal Information to Be Checked Before Use

Agencies must take reasonable steps to ensure personal information is accurate before using it

ipp 9 agency not to keep personal information or longer than necessary
IPP 9 - Agency Not to Keep Personal Information or Longer Than Necessary

Agency holding personal information shall not keep it for longer than required for the purposes for which it may lawfully be used.


Should it be retained at all?

If so, for how long?

Note legal obligations to retain,

eg. tax, medical records

Consider return, destruction, transfer

ipp 10 limits on use of personal information
IPP 10 - Limits on Use of Personal Information

Personal information collected for one purpose cannot be used for another purpose unless agency believes, on reasonable grounds, that:

(Non-compliance permissible on

Certain other grounds)

  • Use for other purpose authorised by individual concerned
  • Information sourced from publicly available publication
  • Use for other purpose necessary to prevent or lessen a serious and imminent threat to
  • - public health / safety
  • - life / health of someone
  • Purpose is directly related to the purpose for which it was collected
ipp 11 limits of disclosure of personal information
IPP 11 - Limits of Disclosure ofPersonal Information

An agency shall not disclose personal information unless it believes, on reasonable grounds, that disclosure:

(Non compliance permissible on

Certain other grounds)

  • Is to the individual concerned
  • Is authorised by the individual
  • Is one of the purposes in connection with which the information was obtained or is a directly related purpose
  • Is in a form in which the individual is not identified
information privacy principle 11
Information Privacy Principle 11

Don’t do it unless


Research (No ID)

Purpose of Collection

Publicly Available

Maintenance of the Law

To the Person

Public Health or Safety

Needed to sell Business

Authorised by Privacy Commissioner

ipp 12 unique identifiers
IPP 12 - Unique Identifiers
  • Agencies not to assign unique identifiers unless necessary to enable them to carry out their functions efficiently
  • Agencies not to assign unique identifier that has been assigned by another agency
  • Clearly identify the individual before assigning unique identifier
  • Agencies not to require people to disclose a unique identifier assigned by another agency unless disclosure is for the purposes for which that unique identifier was assigned

Complaints Process



Commissioner assists

parties with settlement

Provisional Opinion

- with right of response

Final opinion

Referred by


Referred by Privacy


Complaints Review Tribunal

privacy act and official information act interface
Privacy Act and Official Information Act Interface

Requester X asks for

information about


Privacy Act

  • IPP 6
  • Part IV Privacy Act
  • Sections 27-29 -
  • withholding grounds
  • apply

Official Information


Requester X asks for

information about Y

Section 5

Presumption of availability

Unless good reason for

withholding information

Section 9(2)(a) protect

privacy of natural persons


Other Legislation

Action authorised

by other


Privacy Act

Does not Derogate


Don’t blame the Privacy Act

Telephone: 04-474 7590

Enquiries hotline: 0800 803 909

Or: 09-302 8655


Internet address:

Postal address: Privacy Commissioner

PO Box 10-094