Privacy and personal information
It's your responsibility to protect everyone's personal information.
What you need to know
- The 12 Privacy Principles.
- If in doubt, check with your Privacy Officer.
- Tell users how you will protect, use and provide access to their personal information and seek their agreement.
The Privacy Principles
The Privacy Act 1993 is founded on 12 Privacy Principles.
If your agency collects personal information of any kind – even information that is usually of low sensitivity – you should be aware of these Privacy Principles.
What is personal information?
Personal information is any information which is about an identifiable individual.
Systems dealing with sensitive information require higher levels of protection and assurance.
You may decide that based on the context in which personal information is supplied that seemingly low sensitivity information needs higher levels of protection.
People are the owners of their own personal information. It is provided to us for a specific purpose. It should not be disclosed to others without the explicit consent of the person. The information should be treated as In Confidence, at least.
Talk to your Privacy Officer for more advice.
You have to comply with the Privacy Act.
You have to tell people:
- what information is being collected
- why it is being collected
- how it will be used
- how it will be kept secure
- about their right to review and correct it.
The person's authorisation is needed for any other use or disclosure of the information. This also applies to information that most people are willing to share with others, such as their contact details.
You may wish to seek users’ acknowledgement of those terms by asking them to give their consent via a check-box on online forms used for entering personal information.
Guidance from the Privacy Commission:
What to do when things go wrong — guidance from the Privacy Commissioner: