PRIVACY AND PERSONAL INFORMATION PROTECTION ACT 1998 - As at 14 July 2023 - Act 133 of 1998
- As at 14 July 2023 - Act 133 of 1998Table of Provisions
PART 1 - PRELIMINARY
- 1 Name of Act
- 2 Commencement
- 3 Definitions
- 4 Definition of "personal information"
- 4A Exclusion of health information from definition of "personal information"
- 4B Regulations may declare whether agency is part of or separate from a public sector agency
- 5 Government Information (Public Access) Act 2009 not affected
- 6 Courts, tribunals and Royal Commissions not affected
- 7 Crown bound by Act
PART 2 - INFORMATION PROTECTION PRINCIPLES
Division 1 - Principles
- 8 Collection of personal information for lawful purposes
- 9 Collection of personal information directly from individual
- 10 Requirements when collecting personal information
- 11 Other requirements relating to collection of personal information
- 12 Retention and security of personal information
- 13 Information about personal information held by agencies
- 14 Access to personal information held by agencies
- 15 Alteration of personal information
- 16 Agency must check accuracy of personal information before use
- 17 Limits on use of personal information
- 18 Limits on disclosure of personal information
- 19 Special restrictions on disclosure of personal information
Division 2 - General provisions relating to principles
- 20 General application of information protection principles to public sector agencies
- 21 Agencies to comply with principles
Division 3 - Specific exemptions from principles
- 22 Operation of Division
- 23 Exemptions relating to law enforcement and related matters
- 23A Exemptions relating to ASIO
- 24 Exemptions relating to investigative agencies
- 25 Exemptions where non-compliance is lawfully authorised or required
- 26 Other exemptions where non-compliance would benefit the individual concerned
- 27 Specific exemptions for certain law enforcement agencies
- 27A Exemptions relating to information exchanges between public sector agencies
- 27B Exemptions relating to research
- 27C Exemptions relating to credit information
- 27D Exemptions relating to emergency situations
- 28 Other exemptions
PART 3 - PRIVACY CODES OF PRACTICE AND MANAGEMENT PLANS
Division 1 - Privacy codes of practice
- 29 Operation of privacy codes of practice
- 30 Modification of information protection principles
- 31 Preparation and making of privacy codes of practice
- 32 Agencies to comply with privacy codes of practice
Division 2 - Privacy management plans
- 33 Preparation and implementation of privacy management plans
PART 4 - PRIVACY COMMISSIONER
Division 1 - Appointment of Privacy Commissioner
- 34 Appointment of Privacy Commissioner
- 35 Veto of proposed appointment of Privacy Commissioner
- 35A Remuneration
- 35B Vacancy in office
- 35C Removal from office
- 35D Filling of vacancy
- 35E Privacy Commissioner a statutory officer and not Public Service employee
- 35F Appointment of acting Privacy Commissioner
- 35G Staff of Privacy Commissioner
- 35H Delegation
Division 2 - Functions of Privacy Commissioner
- 36 General functions
- 37 Requirement to give information
- 38 Inquiries and investigations
- 39 General procedure for inquiries and investigations
- 40 Personal information digest
- 41 Exempting agencies from complying with principles and codes
- 42 Information about compliance arrangements
- 43 Disclosure of Cabinet or Executive Council information 44. (Repealed)
- 44A Oversight of functions by Joint Committee
Division 3 - Complaints relating to privacy
- 45 Making of privacy related complaints
- 46 Preliminary assessment of privacy related complaints
- 47 Referring privacy related complaints to other authorities
- 48 Dealing with privacy related complaints
- 49 Resolution of privacy related complaints by conciliation
- 50 Reports and recommendations of Privacy Commissioner
- 51 Effect of dealing with privacy related complaints under this Division
PART 5 - REVIEW OF CERTAIN CONDUCT
- 52 Application of Part
- 53 Internal review by public sector agencies
- 54 Role of Privacy Commissioner in internal review process
- 55 Administrative review of conduct by Tribunal 56. (Repealed)
PART 6 - PUBLIC REGISTERS
- 56A Personal information includes health information
- 57 Disclosure of personal information contained in public registers
- 58 Suppression of personal information
- 59 Provisions of this Part prevail
PART 6A - (Repealed)
NonePART 7 - INFORMATION AND PRIVACY ADVISORY COMMITTEE
- 60 Establishment of Information and Privacy Advisory Committee
- 61 Functions of Information and Privacy Advisory Committee
PART 7A - REPORTS BY PRIVACY COMMISSIONER
- 61A Annual report
- 61B Report on operation of Act
- 61C Special report to Parliament
- 61D Procedure for reporting
PART 8 - MISCELLANEOUS
- 62 Corrupt disclosure and use of personal information by public sector officials
- 63 Offering to supply personal information that has been disclosed unlawfully 64, 65. (Repealed)
- 66 Personal liability of Privacy Commissioner and others
- 66A Protection from liability
- 66B Fees
- 67 Disclosure by Privacy Commissioner or staff member
- 68 Offences relating to dealings with Privacy Commissioner
- 69 Legal rights not affected
- 70 Proceedings for offences
- 71 Regulations 72. (Repealed)
- 73 Repeal of Privacy Committee Act 1975 No 37
- 74 Savings, transitional and other provisions
- 75 Review of Act Schedule 1 (Repealed)
- SCHEDULE 2 Schedule 3 (Repealed)
- SCHEDULE 4