The Personal Information Protection (PIP) Act 2004 came into effect on 5 September 2005. Its purpose is to protect the privacy of individuals by controlling the ways in which the government can collect, keep, use, and release records containing sensitive personal information that clearly identifies an individual. The Act also enables individuals to access that information. This information can appear in many different kinds of records, including case files and patient records kept by the Departments of Health and Human Services and Justice, as well as their predecessors.
The information can be in any form, including photographs and sound or video recordings.
The Act allows people to access their personal information held by a ‘personal information custodian’ which is:
The Act defines ‘basic personal information’ as ‘the name, residential address, postal address, date of birth and gender of an individual’.
Health information includes records concerning physical, mental or psychological health and disability.
The Act defines sensitive information as:
personal information or an opinion relating to personal information about an individual’s –
(i) racial or ethnic origin; or
(ii) political opinions; or
(iii) membership of a political association; or
(iv) religious beliefs or affiliations; or
(v) philosophical beliefs; or
(vi) membership of a professional or trade association; or
(vii) membership of a trade union; or
(viii) sexual preferences or practices; or
(ix) criminal record; and
(b) health information about an individual
A person can ask for personal information to be changed if it is ‘incorrect, incomplete, out of date or misleading’.
The Act applies to the personal information of people who have died. Rights can then be exercised by the next of kin.
The Personal Information Protection Act, which protects and provides access to personal information, is different from the Right to Information Act, which deals with the broader activities of government.