Queensland Government Information Privacy Principles (IPPs)
On this page:
What are the IPPs in Queensland?
- Principle 1: Manner and purpose of collection of personal information
- Principle 2: Solicitation of personal information from individual concerned
- Principle 3: Solicitation of personal information generally
- Principle 4: Storage and security of personal information
- Principle 5: Information relating to records kept by record-keeper
- Principle 6: Access to records containing personal information
- Principle 7: Alteration of records containing personal information
- Principle 8: Record-keeper to check accuracy of personal information before use
- Principle 9: Personal information to be used only for relevant purposes
- Principle 10: Limits on use of personal information
- Principle 11: Limits on disclosure of personal information
It is mandatory that Queensland Government agencies:
- nominate a Privacy Contact Officer as the first point of contact for privacy issues within their agencies;
- develop privacy plans to implement the IPPs;
- publish privacy plans on their websites;
- implement the privacy plans according to a schedule outlined in the plan;
- review and update privacy plans annually;
- develop a privacy and security statement and publish it on their website;
- be responsible for accessing and correcting records; and
- be responsible for a privacy complaint resolution mechanism.
Collection of personal information (IPPs 1–3)
An agency may only collect personal information directly related to its activities and only by fair means. The collection of this information should not unreasonably intrude upon the privacy of the individual concerned.
In most cases when collecting personal information an agency must tell the individual:
- why the information is being collected; and
- to whom the information is normally disclosed.
Reasonable steps must be taken by an agency to ensure that personal information collected is relevant, accurate, up-to-date and complete.
Storage and security (IPPs 4–5)
Agencies in possession of personal information should ensure there are reasonable safeguards to prevent unauthorised access, use, disclosure, modification or destruction of the information.
Access and alteration (IPPs 6–7)
Individuals are entitled to access records containing personal information about themselves and to seek amendment to those records if they are inaccurate, incomplete, out-of-date or misleading.
The Freedom of Information Act 1992 (Qld) allows for access to certain documents and includes a right of amendment and correction where appropriate. The rights of access and alteration under IPPs 6 and 7 are the same as existing rights to access and amend under the Freedom of Information Act 1992 (Qld).
For more information about requesting access to documents through Freedom of Information, go to the Freedom of Information website.
Accuracy (IPP 8)
Agencies must take reasonable steps to ensure that any personal information to be used is accurate, up-to-date and complete.
Use and disclosure (IPPs 9–11)
Generally, an agency must only use personal information for the purpose for which it was collected and only disclose personal information if the individual concerned is aware of, or has consented to, that disclosure.
However, an agency may use or disclose personal information where certain ‘exceptions’ apply. These exceptions are listed in Information Standard 42 and include use or disclosure where authorised by legislation, or where the information is necessary for certain types of law enforcement.
Details about Queensland Privacy and the Information Privacy Principles are also provided in Information Standard 42—Information Privacy which was issued by the Department of Innovation and Information Economy (under ss.22(2) and 56(1)) of the Financial Management Standard 1997 (these links will take you to another website).
‘Use’ may be interpreted as employing for some purpose, putting into service or turning to account. This related to personal information as controlled by the agency. The range of activities covered by use include:
- searching records for any reason
- using personal information in a record to make a decision
- passing a record from one part of an agency to another part with a different function; and
- publishing information.
Use can also include publishing personal information or passing it to an
outside agency. An agency that maintains control over the personal information
once it has been passed to an outside agency (ie. to an outsourcer bound by
contractual obligations) is treated as using that information.
Do the IPPs apply to all government agencies?
Yes, apart from those agencies specifically excluded by Information Standard 42 (IS42)—Information Privacy. The excluded agencies include:
- Royal Commissions and Commissons of Inquiry;
- Parents and Citizens Associations; and
- Queensland Department of Health (The privacy principles for the Queensland Department of Health are set out in Information Standard 42A).
How did the IPPs come about in Queensland?
Privacy was first considered in Queensland after the Legal, Constitutional and Administrative Review Committee conducted a parliamentary investigation and tabled its report in April 1998. The report concluded that the existing level of privacy protection in Queensland was inadequate and that there were valid privacy concerns that needed to be addressed by legislative and/or administrative action.
In December 2000, Cabinet decided that a privacy scheme should be introduced
in the Queensland public sector to give effect to the Information Privacy
Principles (IPPs) contained in the Commonwealth Privacy Act 1988. Cabinet
also decided that the privacy scheme should be implemented by administrative
means, including an Information Standard and supporting privacy guidelines.
This Information Standard is IS42—Information Privacy, which was formally
endorsed by Cabinet as Queensland’s privacy regime in September 2001.
Updated 21 February 2006
Other
languages