Personal information held by agencies
The Privacy Act controls how 'agencies' collect, use, disclose, store and give access to 'personal information'.
The privacy Codes of Practice do the same, but they apply to specific areas - particularly health, telecommunications and credit reporting.
Personal information is information about identifiable, living people.
Almost every person or organisation that holds personal information is an 'agency'. So, for example, the Privacy Act covers government departments, companies of all sizes, religious groups, schools and clubs.
Exemptions from the Act
Only a few organisations and people are not 'agencies'. Other rules exist to govern how they manage personal information, so the Privacy Act does not cover what they do. Organisations that aren't covered by the Privacy Act include:
The privacy principles
At the heart of the Privacy Act are twelve privacy principles. The privacy principles cover:
There are also four principles covering public registers.
These principles reflect internationally accepted standards for good personal information handling.
The Privacy Commissioner
The current Privacy Commissioner is John Edwards.
The Office of the Privacy Commissioner is an Independent Crown Entity. It is funded by the State, but is independent of government or Ministerial control.
What the Privacy Commissioner does
The Privacy Commissioner has many responsibilities. These include:
(a) an agency wrongfully refuses to give an individual access to information about them, or wrongfully refuses to correct information about them, or
(b) an individual suffers some form of harm as a result of a breach of a privacy principle, rule, or a code of practice or information matching provision.