12.3 Privacy Act

The Privacy Act 1993 controls how agencies collect, use, disclose, store and give access to information which may lead to an individual’s identification, such as names, birth dates, addresses, financial data and employment details. It does not include company or organisational information.

  1. Purpose

    The Privacy Act’s aim is to promote and protect individual privacy. The focus is on purpose, not consent. When the council collects information, it must make it very clear why it is collecting their information and what it intends to do with it. Because the council only has to make individuals aware of what it will do with their information, it does not require their consent.

  2. Privacy principles

At the heart of the Privacy Act are 12 principles: 

Principle Summary

Principle 1 – purpose for collection

Only collect the information you need

Principle 2 – source of information

Obtain the information directly from the person concerned

Principle 3 – what to tell an individual

Tell them what you are doing

Principle 4 – manner of collection

Be ethical when you are doing it

Principle 5 – storage and security

Tale care of information once you've got it

Principle 6 – access

They can see it if they want to

Principle 7 – correction

They can correct it if it is wrong

Principle 8 – accuracy

Make sure it is accurate before you use it

Principle 9 – retention

Get rid of it when you're done with it

Principle 10 – use

Only use it for the purpose you obtained it for

Principle 11 – disclosure

Disclose the information only if that is why you obtained it

Principle 12 – unique identifiers

Be careful with unique identifiers

These principles reflect internationally accepted standards for handling personal information



Previous | Next