Commonwealth Privacy Act 1988
A Personal Summary

Roger Clarke

Version of 5 February 1989

© Roger Clarke, 1989

Companion Pages are:

an unofficial short form of the Information Privacy Principles

an interpretation and annotations (abstract only)

an assessment against the OECD Guidelines

History

This 60-page statute was passed and assented to in December 1988. It followed a long history of deliberations, including a study by the Law Reform Commission from 1976-83; a 1984 commitment by the Government to comply with the OECD's Data Protection Guidelines of 1980; the Privacy Bill 1986 which was closely intertwined with the Australia Card Bill and lapsed with it in 1987; and negotiations between the Government and Opposition, which resulted in significant changes to the Privacy Bill 1988 late in its time before the legislative.

Synopsis

The Bill regulates use by federal government agencies of personal data. As a central part of the regulatory framework, it establishes a set of Information Privacy Principles which agencies may not breach.

The Bill regulates private sector organisations and state government agencies, but only to the extent that they are recipients of tax file number information.

The Bill creates a 'watchdog' by adding a Privacy Commisioner to the Human Rights and Equal Opportunities Commission.

Structure of the Act

Appendix B shows the key definitions.

Appendix A: The Information Privacy Principles
(Unofficial Short Form)

The Information Privacy Principles are central to the regulatory mechanism. They occupy 5 pages and 1500 words, and are expressed in careful legalese. The following is a rendition designed to convey their essential content, not their detailed meaning, nor the manifold exceptions and qualifications.

1. Collection

A collector shall only collect personal information for inclusion in a record or generally available publication where it is necessary for a lawful purpose. A collector shall not collect personal information by unlawful or unfair means

2. Solicitation from the Individual Concerned

Where personal information is solicited from the individual concerned, the collector shall ensure that person is aware of the purpose for which it is being collected, of any legal obligation to comply with the request, and of disclosure practices relating to it

3. Solicitation of Personal Information Generally

When personal information is solicited, the collector shall ensure that it is relevant to the purpose of collection, up to date and complete, and that the collection is not unduly intrusive

4. Storage and Security

A record-keeper shall ensure that records are secure against loss, unauthorised access, use, modification or disclosure, and against other misuse

5. Public Access Rights

A record-keeper shall enable any individual to ascertain the nature, main purposes and subject access procedures relating to any personal information held, and shall maintain a record of such details

6. Subject Access Rights

The individual concerned shall be entitled to have access to a record that contains personal information, except to the extent that the record-keeper is required or authorised to refuse

7. Subject Alteration Rights

A record-keeper shall make reasonable alterations to ensure that records of personal information are accurate, relevant, up to date, complete and not misleading, and where unwilling to make an alteration, shall allow the individual concerned to attach to a record a statement of the alteration sought

8. Quality of Information Used

A record-keeper shall not use personal information without taking reasonable steps to ensure that it is accurate, up to date and complete

9. Relevance of Information Used

A record-keeper shall not use personal information unless it is relevant

10. Use Limitations

A record-keeper shall only use personal information for the purpose for which it was obtained, and for such additional purposes as are consented to by the individual, are authorised by law, are necessary in an emergency, and are reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue

11. Disclosure Limitations

A record-keeper shall only disclose personal information if the individual to whom it relates should have been aware that it was subject to disclosure, or the disclosure has been consented to by the individual, authorised by law, or is necessary in an emergency, or is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue. In the last three cases a note to that effect shall be included in the record. The recipient of the information shall not use or disclose the information except for the purpose for which it was given it

Appendix B: The Key Definitions (Unofficial Short Form)

The 9 pages of global definitions are expressed in careful legalese. The following is a rendition designed to identify the key terms, and convey their essential content, but not to capture their detailed meaning.

1. The organisations that are subject to regulation:

2. The matters that are subject to regulation:

Navigation

Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Last Amended: 6 May 1996

These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).

The Australian National University
Visiting Fellow, Faculty of
Engineering and Information Technology,

Information Sciences Building Room 211

Xamax Consultancy Pty Ltd, ACN: 002 360 456

78 Sidaway St
Chapman ACT 2611 AUSTRALIA

Tel: +61 6 288 6916 Fax: +61 6 288 1472