Information protection principles for the public

Read the document below or download it here Fact sheet - Information Protection Principles for the public, updated August 2019 

The 12 Information Protection Principles (IPPs) are your key to the Privacy and Personal Information Protection Act 1998 (PPIP Act)

These are legal obligations which NSW public sector agencies, statutory bodies, universities and local councils must abide by when they collect, store, use or disclose personal information.

As exemptions may apply in some instances, it is therefore suggested you contact the Privacy Contact Officer at the agency or the Information and Privacy Commission NSW (IPC) for further advice.

Collection
  1. Lawful

An agency must only collect personal information for a lawful purpose. It must be directly related to the agency’s function or activities and necessary for that purpose.

  1. Direct

An agency must only collect personal information directly from you, unless you have authorised collection from someone else, or if you are under the age of 16 and the information has been provided by a parent or guardian.

  1. Open

An agency must inform you that the information is being collected, why it is being collected, and who will be storing and using it. You must also be told how you can access and correct your personal information, if the information is required by law or is voluntary, and any consequences that may apply if you decide not to provide it.

  1. Relevant

An agency must ensure that your personal information is relevant, accurate, complete, up-to-date and not excessive. The collection should not unreasonably intrude into your personal affairs.

Storage
  1. Secure

An agency must store personal information securely, keep it no longer than necessary and dispose of it appropriately. It should also be protected from unauthorised access, use, modification or disclosure.

Access and accuracy
  1. Transparent

An agency must provide you with details regarding the personal information they are storing, why they are storing it and what rights you have to access it.

  1. Accessible

An agency must allow you to access your personal information without excessive delay or expense.

  1. Correct

An agency must allow you to update, correct or amend your personal information where necessary.

Use
  1. Accurate

An agency must ensure that your personal information is relevant, accurate, up to date and complete before using it.

  1.  Limited

An agency can only use your personal information for the purpose for which it was collected unless you have given consent, or the use is directly related to a purpose that you would expect, or to prevent or lessen a serious or imminent threat to any person’s health or safety.

Disclosure
  1.  Restricted

An agency can only disclose your information in limited circumstances if you have consented or if you were told at the time they collected it that they would do so. An agency can also disclose your information if it is for a directly related purpose and it can be reasonably assumed that you would not object, if you have been made aware that information of that kind is usually disclosed, or if disclosure is necessary to prevent a serious and imminent threat to any person’s health or safety.

  1.  Safeguarded

An agency cannot disclose your sensitive personal information without your consent, for example, information about ethnic or racial origin, political opinions, religious or philosophical beliefs, sexual activities or trade union membership. It can only disclose sensitive information without consent in order to deal with a serious and imminent threat to any person’s health or safety.

For more information

Contact the Information and Privacy Commission NSW (IPC):

Freecall: 1800 472 679
Email: ipcinfo@ipc.nsw.gov.au
Website: www.ipc.nsw.gov.au

NOTE: This is a guide only. Legal advice should be sought in relation to individual circumstances.

How easy did you find it to understand this resource?
Have you used the information in this resource to assist you?