12.3 Privacy Act
The Privacy Act 1993 controls how agencies collect, use, disclose, store and give access to information which may lead to an individual’s identification, such as names, birth dates, addresses, financial data and employment details. It does not include company or organisational information.
-
Purpose
The Privacy Act’s aim is to promote and protect individual privacy. The focus is on purpose, not consent. When the council collects information, it must make it very clear why it is collecting their information and what it intends to do with it. Because the council only has to make individuals aware of what it will do with their information, it does not require their consent.
-
Privacy principles
At the heart of the Privacy Act are 12 principles:
| Principle | Summary |
|
Principle 1 – purpose for collection |
Only collect the information you need |
|
Principle 2 – source of information |
Obtain the information directly from the person concerned |
|
Principle 3 – what to tell an individual |
Tell them what you are doing |
|
Principle 4 – manner of collection |
Be ethical when you are doing it |
|
Principle 5 – storage and security |
Tale care of information once you've got it |
|
Principle 6 – access |
They can see it if they want to |
|
Principle 7 – correction |
They can correct it if it is wrong |
|
Principle 8 – accuracy |
Make sure it is accurate before you use it |
|
Principle 9 – retention |
Get rid of it when you're done with it |
|
Principle 10 – use |
Only use it for the purpose you obtained it for |
|
Principle 11 – disclosure |
Disclose the information only if that is why you obtained it |
|
Principle 12 – unique identifiers |
Be careful with unique identifiers |
These principles reflect internationally accepted standards for handling personal information