The Privacy Act 1993 gives the Privacy Commissioner the power to issue codes of practice that become part of the law. These codes may modify the operation of the Act for specific industries, agencies, activities or types of personal information. Codes often modify one or more of the information privacy principles to take account of special circumstances which affect a class of agencies (e.g. credit reporters) or a class of information (e.g. health information). The rules established by a code may be more stringent or less stringent than the principles they replace.
Proposals for issuing a code of practice may be made by a body representing the interests of a particular class of agency or industry, or by the Privacy Commissioner herself.
Codes of practice are a flexible means of regulation and can be amended or revoked by the Privacy Commissioner at any time. However, as they are deemed regulations, they must be presented to the House of Representatives and will be subject to careful scrutiny by the Regulations Review Committee.
Codes are published on the Privacy Commissioner’s website.
If you would like further information on the codes of practice consultation process, you should refer to the Guidance Note on Codes of Practice under Part VI of the Privacy Act.