Information protection principles (IPPs) - for agencies

Fact sheet - Information protection principles for agencies (PDF, 50kb)

The 12 Information Protection Principles (IPPs) are your key to the Privacy and Personal Information Protection Act 1998 (PPIP Act).

These are legal obligations which NSW public sector agencies, statutory bodies, universities and local councils must abide by when they collect, store, use or disclose personal information. As exemptions may apply in some instances, it is therefore suggested you contact the Privacy Contact Officer in your agency or the Information and Privacy Commission NSW (IPC) for further advice.

Collection

1. Lawful

Only collect personal information for a lawful purpose, which is directly related to the agency’s function or activities and necessary for that purpose.

2. Direct

Only collect personal information directly from the person concerned, unless they have authorised collection from someone else, or if the person is under the age of 16 and the information has been provided by a parent or guardian.

3. Open

Inform the person you are collecting the information from why you are collecting it, what you will do with it and who else might see it. Tell the person how they can view and correct their personal information, if the information is required by law or voluntary, and any consequences that may apply if they decide not to provide their information.

4. Relevant

Ensure that the personal information is relevant, accurate, complete, up-to-date and not excessive and that the collection does not unreasonably intrude into the personal affairs of the individual.

Storage

5. Secure

Store personal information securely, keep it no longer than necessary and dispose of it appropriately. It should also be protected from unauthorised access, use, modification or disclosure.

Access and accuracy

6. Transparent

Explain to the person what personal information about them is being stored, why it is being used and any rights they have to access it.

7. Accessible

Allow people to access their personal information without excessive delay or expense.

8. Correct

Allow people to update, correct or amend their personal information where necessary.

Use

9. Accurate

Make sure that the personal information is relevant, accurate, up to date and complete before using it.

10. Limited

Only use personal information for the purpose it was collected unless the person has given their consent, or the purpose of use is directly related to the purpose for which it was collected, or to prevent or lessen a serious or imminent threat to any person’s health or safety.

Disclosure

11. Restricted

Only disclose personal information with a person’s consent or if the person was told at the time that it would be disclosed, if disclosure is directly related to the purpose for which the information was collected and there is no reason to believe the person would object,or the person has been made aware that information of that kind is usually disclosed, or if disclosure is necessary to prevent a serious and imminent threat to any person’s health or safety.

12. Safeguarded

An agency cannot disclose sensitive personal information without a person’s consent, for example, information about ethnic or racial origin, political opinions, religious or philosophical beliefs, sexual activities or trade union membership. It can only disclose sensitive information without consent in order to deal with a serious and imminent threat to any person’s health or safety.

For more information

Contact the Information and Privacy Commission NSW (IPC):

Freecall:            1800 472 679
Email:                ipcinfo@ipc.nsw.gov.au
Website:            www.ipc.nsw.gov.au

NOTE: The information in this fact sheet is to be used as a guide only. Legal advice should be sought in relation to individual circumstances

Rating: 
5 out of 5 star rating
Average: 5 (1 vote)
Archive: 
0
Teaser: 
The 12 Information Protection Principles (IPPs) are your key to the Privacy and Personal Information Protection Act 1998 (PPIP Act)

POPUP MINIPANEL