The Information Privacy Principles
Under the Information Privacy Act, the PLA must comply with 11 Information Privacy Principles (IPPs) dealing with:
- collection of personal information
- storage and security of personal information
- providing information about personal information held by an agency
- access to and amendment of documents containing personal information
- accuracy and relevance of personal information
- use of personal information
- disclosure of personal information.
IPPs 1, 2 and 3 deal with what personal information may be collected, the way it is collected and what notices must be given to the person from whom the information is collected.
IPP 4 deals with requirements for ensuring that personal information is stored securely and protected from loss, unauthorised access, use, modification, disclosure or misuse.
IPPs 5, 6 and 7 deal with individuals obtaining information about whether an agency has control of any documents containing their personal information, how individuals can obtain access to those documents, and the amendment of documents containing personal information.
IPPs 8, 9, 10 and 11 deal with how personal information may be used and disclosed.
The full text of the IPPs is set out at Appendix A.