The Privacy Act 1988 (Commonwealth) is an Australian law which regulates the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information. In terms of access to records about an individual’s time in institutional ‘care’, the Commonwealth Privacy Act may be relevant to records held by a non-government organisation, where the organisation’s records are not covered by the state or territory’s information privacy laws. New privacy laws came into effect in Australia on 12 March 2014.
The Act has 11 Information Privacy Principles that apply to the handling of personal information by most Australian, ACT and Norfolk Island public sector agencies, and 10 National Privacy Principles that apply to the handling of personal information by large businesses, all health service providers and some small businesses and non-government organisations.
The following National Privacy Principles (or NPPs) are particularly relevant to records relating to a person’s time in ‘care’:
NPP 5: openness
An organisation must have a policy on how it manages personal information, and make it available to anyone who asks for it.
NPP 6: access and correction
Gives individuals a general right of access to their personal information, and the right to have that information corrected if it is inaccurate, incomplete or out-of-date.
NPP 10: sensitive information
Sensitive information includes information relating to health, racial or ethnic background, or criminal records. Higher standards apply to the handling of sensitive information.