Department of Primary Industries
Enabling Victoria's primary
and energy industries
  about us
Print using printer friendly version of this page

Information privacy

Hand resting on a ring binder folderThe Victorian Government values and protects all personal information it collects in the course of undertaking its responsibilities, and has always demonstrated a strong culture of protecting the confidentiality and privacy of individuals and clients.

The Information Privacy Act 2000  and the The Health Records Act 2001  were introduced to provide a legal framework to support the appropriate balance between the free-flow of information for the public good and the protection of privacy of personal information. These Acts will ensure organisations manage personal information according to the requirements of the Privacy Principles, which form the backbone of each statute.

Here you will find general information about privacy issues. You'll also find advice on where to access detailed guidance about building on previous good practice to implement the Information Privacy Act and the Health Records Act in the workplace.

This site will be frequently reviewed to reflect the most current advice from the Victorian Privacy Commissioner's and Health Services Commissioner's offices to offer updated information and advice regarding emerging privacy issues and trends.

If you have any queries, you can contact our Privacy Manager on 9658 4030 or email dpiprivacy.enquiries@dpi.vic.gov.au.

Privacy overview

What is privacy?

There are many kinds of privacy. Privacy is an internationally recognised human right that protects individuals from a range of interferences. In modern society the term privacy may be used to describe a number of related human rights:

  • Personal privacy, which considers the integrity of an individual's body
  • Privacy of personal behaviour, which incorporates sensitive social issues such as sexual preference, political activities and religious practices
  • Privacy of personal communications, which revolves around the concept of confidential voice, speech and telecommunications
  • Privacy of territory, which may be defined as the right to personal space and to the protection of one's property from trespass
  • Information Privacy or Data Privacy, which relates to the protection of personally identifying information. Information Privacy seeks to place greater control relating to information use, with the individual who is the data subject. It is usually expressed as Information Privacy Principles (IPPs) that regulate the collection, use, disclosure, transfer, access, correction, disposal of personally identifying information.

What information is regulated in the public sector by Victorian Privacy Legislation?

  • Personal information: that is information, whether fact or opinion, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion (Information Privacy Act 2000).
  • Personal information: that relates to an individual's physical, mental and emotional health or disability, palliative or aged care, or health service (Health Records Act 2001).

Personal information may consist of separate or linked factual data fields such as name, date of birth, driver's license number etc, as well as evaluative commentary regarding an individual or transaction. It may be held on a paper file, database on in another medium such as film, video or audio tape.

A person's identity may be apparent even when their name is not included in the information depending upon the other data items included in the information and the context the information is collected, used or disclosed within. The context of the provision of information and the connection or linking of data fields can change non-identifying data into personally identifying information. For example, a person's physical description linked with their profession and work location may be highly identifying when discussing a celebrity or well-known figure.

Examples of information that may be personally identifying either alone or in combination are:

  • Name
  • Photograph
  • Title
  • Email address
  • Telephone or fax numbers
  • Date of birth
  • Employee security pass number
  • Driver's licence number
  • Health diagnosis
  • Gender
  • Ethnicity
  • Banking details, such as branch location, account number and funds available
  • Customer service operators notes about a client and their query
  • A performance appraisal report on a staff member

Privacy legislation

Three specific privacy statutes deal with Information Privacy in Australia. They are:

  1. The Privacy Act 1988, which contains eleven Information Privacy Principles (IPPs) which apply to Australian and ACT government agencies. It also has ten National Privacy Principles (NPPs) which apply to parts of the private sector and all health service providers. The Federal Privacy Commissioner regulates this statute.
  2. The Information Privacy Act (Vic) 2000, regulates the personal information handling activities of the Victorian Public Sector and its funded services (except personal health information). The Victorian Privacy Commissioner regulates this statute.
  3. The Health Records Act (Vic) 2001, which regulates both public and private sector organisations that handle personal health Information. The Health Privacy Principles (HPPs) are largely similar in spirit and principle to the IPPs of the Victorian Information Privacy Act but are tailored to the specific requirements of health services and health information. The Victorian Health Services Commissioner regulates this statute.

Exemptions to the legislation

The Information Privacy Act does not apply to:

  • A court or tribunal
  • The holder of a judicial or quasi-judicial office
  • A registry or other office of a court or tribunal
  • The staff of these offices in their capacity as members of that staff
  • Publicly available information, that is personal information that is:
    • A generally available publication
    • Kept in a library, art gallery or museum
    • A public record under the Public Records Act 1973
    • Archives within the Copyright Act 1968
  • Public registers, while mostly exempt under the protection of their own acts, are required, so far as is reasonably practicable, not do an act or engage in a practice that would contravene an Information Privacy Principle.
  • Law enforcement agencies do not need to comply with IPPs 1.3 to 1.5, 2.1,6.1 to 6.8, 7.1 to 7.4, 9.1 or 10.1, if they believe on reasonable grounds that the non-compliance is necessary for the purposes of one, or more, of its or another law enforcement agency's law enforcement functions or activities.

The Health Record Act does not apply to:

  • Health information that has any connection with an individual's personal, family or household affairs
  • A court or tribunal
  • The holder of a judicial or quasi-judicial office
  • A registry or other office of a court or tribunal
  • The staff of these offices in their capacity as members of that staff
  • Publicly available information that would mean personal information that is:
    • A generally available publication
    • Kept in a library, art gallery or museum
    • A public record under the Public Records Act 1973
    • Archives within the Copyright Act 1968 Health information that can be accessed through freedom of information (FOI)
  • Health information held by a news medium in connection with its news activities

Lodging a privacy complaint

If you think your privacy has been interfered with and would like to make a complaint, please complete the DPI Privacy Complaint Form and send to:

The Manager, Privacy
Department of Primary Industries
GPO Box 4440, Melbourne VIC 3001

Or email: dpiprivacy.enquiries@dpi.vic.gov.au

Accessing your personal information

The access provisions of the Freedom of Information (FOI) Act and Information Privacy Act both provide a statutory right of access by individuals to personal information held by government agencies about them. While it is intended by the legislators that the FOI Act provide the channel for access and correction to personal information in the vast majority of applications for access, it is recognised that in some limited circumstances an informal process may be more appropriate.

All requests for access to personal information under the Information Privacy Act should be referred in the first instance to our Privacy Manager for assessment. Our Privacy Manager will consider the circumstances surrounding the request and the content of the data. The request for access may be endorsed and facilitated by our Privacy Manager, or you may be advised to apply to our department formally under the FOI Act.

If you would like to request access to information about you please complete the DPI Application for access to personal information form and send to:

The Manager, Privacy
Department of Primary Industries
GPO Box 4440, Melbourne VIC 3001

Or email: dpiprivacy.enquiries@dpi.vic.gov.au

Privacy documents

DPI Privacy Policy
Information Privacy Principles
Privacy statement (website)

Helpful links

 Links to Australian Privacy Commissioners' websites

The information on this site is based generally upon the Information Privacy Act and Health Records Act. It is not a substitute for a full understanding of either legislation and does not constitute Legal advice.

 

To view the attached PDFs you will need Adobe Acrobat Reader. A free copy can be downloaded from Adobe Acrobat. You can also convert PDF documents into alternative formats.
Department of Primary Industries, Victoria, Australia
Customer Service Centre: Phone 136 186, TTY 1800 122 969
Copyright & Disclaimer | Privacy | Accessibility
Page last updated 08-Feb-2010
© State Government of Victoria 1996-2010