Information Privacy Principles

The Victorian Information Privacy Act 2001 protects personal information held by Victorian government agencies, statutory bodies and local councils and some of the companies contracted to provide services to government. The law became enforceable from 1 September 2002. The Act contains ten Information Privacy Principles, or IPPs.

IPP

Subject  

Summary 

IPP1  

Collection  

Collect personal information necessary for Council's functions or activities, by lawful, fair and reasonable means and preferably collect it from the individual concerned. At or near the time of collection notify the individual of why it is being collected, what usual disclosures may be made, if the collection is required by law and their right to access the information.    

IPP2  

Use and Disclosure  

Use or disclose information for the primary purpose collected or for a related secondary purpose an individual would reasonably expect, where the individual consents, for law enforcement purposes, where required by law or for other prescribed exceptions. Where disclosure is for law enforcement a written note should be made of the disclosure.    

IPP3  

Data Quality  

Take reasonable steps to ensure personal information is accurate, complete, up-to-date and relevant.    

IPP4  

Data Security  

Take reasonable steps to protect personal information held from misuse, loss, unauthorised access, modification or disclosure. Destroy or permanently de-identify (if possible) information no longer required. Provisions dealing with retention in other Acts, eg Public Records Act, apply to the public sector.    

IPP5  

Openness  

Document clearly expressed policies on the management of personal information and steps individuals have to take to access personal information. Make policies available to anyone who asks. On request, take reasonable steps to let the enquirer know, generally, what sort of personal information is held, for what purposes and how Council collects/manages that information.    

IPP6  

Access andCorrection  

Administrative procedures for access to personal information under the Freedom of Information Act will apply in the public sector. Provide the individual with access to personal information on request by the individual, except to the extent that prescribed exceptions apply. If an individual establishes that the information is not accurate, complete and up-to-date, take reasonable steps to correct the information.    

IPP7  

Unique Identifiers  

May only assign unique identifiers to individuals if it is necessary to carry out functions efficiently. Must not adopt as its own a unique identifier assigned to an individual by another organisation unless prescribed exceptions apply.    

IPP8  

Anonymity  

Wherever it is lawful and practicable, individuals must have the option of not identifying themselves when entering transactions with an organisation.    

IPP9  

Transborder Data Flows  

May transfer personal information about an individual to someone (other than Council or the individual) outside Victoria only if prescribed conditions apply.    

IPP10  

Sensitive Information  

Must not collect sensitive information about an individual, such as ethnicity or criminal record, unless prescribed exceptions apply.