PRIVACY AND PERSONAL INFORMATION PROTECTION ACT 1998 - As at 14 July 2023 - Act 133 of 1998

Table of Provisions

• Long Title

PART 1 - PRELIMINARY

• 1 Name of Act
• 2 Commencement
• 3 Definitions
• 4 Definition of "personal information"
• 4A Exclusion of health information from definition of "personal information"
• 4B Regulations may declare whether agency is part of or separate from a public sector agency
• 5 Government Information (Public Access) Act 2009 not affected
• 6 Courts, tribunals and Royal Commissions not affected
• 7 Crown bound by Act

PART 2 - INFORMATION PROTECTION PRINCIPLES

Division 1 - Principles

• 8 Collection of personal information for lawful purposes
• 9 Collection of personal information directly from individual
• 10 Requirements when collecting personal information
• 11 Other requirements relating to collection of personal information
• 12 Retention and security of personal information
• 13 Information about personal information held by agencies
• 14 Access to personal information held by agencies
• 15 Alteration of personal information
• 16 Agency must check accuracy of personal information before use
• 17 Limits on use of personal information
• 18 Limits on disclosure of personal information
• 19 Special restrictions on disclosure of personal information

Division 2 - General provisions relating to principles

• 20 General application of information protection principles to public sector agencies
• 21 Agencies to comply with principles

Division 3 - Specific exemptions from principles

• 22 Operation of Division
• 23 Exemptions relating to law enforcement and related matters
• 23A Exemptions relating to ASIO
• 24 Exemptions relating to investigative agencies
• 25 Exemptions where non-compliance is lawfully authorised or required
• 26 Other exemptions where non-compliance would benefit the individual concerned
• 27 Specific exemptions for certain law enforcement agencies
• 27A Exemptions relating to information exchanges between public sector agencies
• 27B Exemptions relating to research
• 27C Exemptions relating to credit information
• 27D Exemptions relating to emergency situations
• 28 Other exemptions

PART 3 - PRIVACY CODES OF PRACTICE AND MANAGEMENT PLANS

Division 1 - Privacy codes of practice

• 29 Operation of privacy codes of practice
• 30 Modification of information protection principles
• 31 Preparation and making of privacy codes of practice
• 32 Agencies to comply with privacy codes of practice

Division 2 - Privacy management plans

• 33 Preparation and implementation of privacy management plans

PART 4 - PRIVACY COMMISSIONER

Division 1 - Appointment of Privacy Commissioner

• 34 Appointment of Privacy Commissioner
• 35 Veto of proposed appointment of Privacy Commissioner
• 35A Remuneration
• 35B Vacancy in office
• 35C Removal from office
• 35D Filling of vacancy
• 35E Privacy Commissioner a statutory officer and not Public Service employee
• 35F Appointment of acting Privacy Commissioner
• 35G Staff of Privacy Commissioner
• 35H Delegation

Division 2 - Functions of Privacy Commissioner

• 36 General functions
• 37 Requirement to give information
• 38 Inquiries and investigations
• 39 General procedure for inquiries and investigations
• 40 Personal information digest
• 41 Exempting agencies from complying with principles and codes
• 42 Information about compliance arrangements
• 43 Disclosure of Cabinet or Executive Council information
44. (Repealed)
• 44A Oversight of functions by Joint Committee

Division 3 - Complaints relating to privacy

• 45 Making of privacy related complaints
• 46 Preliminary assessment of privacy related complaints
• 47 Referring privacy related complaints to other authorities
• 48 Dealing with privacy related complaints
• 49 Resolution of privacy related complaints by conciliation
• 50 Reports and recommendations of Privacy Commissioner
• 51 Effect of dealing with privacy related complaints under this Division

PART 5 - REVIEW OF CERTAIN CONDUCT

• 52 Application of Part
• 53 Internal review by public sector agencies
• 54 Role of Privacy Commissioner in internal review process
• 55 Administrative review of conduct by Tribunal
56. (Repealed)

PART 6 - PUBLIC REGISTERS

• 56A Personal information includes health information
• 57 Disclosure of personal information contained in public registers
• 58 Suppression of personal information
• 59 Provisions of this Part prevail

PART 6A - (Repealed)

PART 7 - INFORMATION AND PRIVACY ADVISORY COMMITTEE

• 60 Establishment of Information and Privacy Advisory Committee
• 61 Functions of Information and Privacy Advisory Committee

PART 7A - REPORTS BY PRIVACY COMMISSIONER

• 61A Annual report
• 61B Report on operation of Act
• 61C Special report to Parliament
• 61D Procedure for reporting

PART 8 - MISCELLANEOUS

• 62 Corrupt disclosure and use of personal information by public sector officials
• 63 Offering to supply personal information that has been disclosed unlawfully
64, 65. (Repealed)
• 66 Personal liability of Privacy Commissioner and others
• 66A Protection from liability
• 66B Fees
• 67 Disclosure by Privacy Commissioner or staff member
• 68 Offences relating to dealings with Privacy Commissioner
• 69 Legal rights not affected
• 70 Proceedings for offences
• 71 Regulations
72. (Repealed)
• 73 Repeal of Privacy Committee Act 1975 No 37
• 74 Savings, transitional and other provisions
• 75 Review of Act
Schedule 1 (Repealed)
• SCHEDULE 2
Schedule 3 (Repealed)
• SCHEDULE 4