Information Privacy Principles (‘IPP’)
INFORMATION PRIVACY ACT 2000 (Vic)
IPP 1 Collection of Personal Information
- Get it directly from the person
- Tell them why you want it – it must be necessary for a function of the organisation
- Tell them what you are going to do with it
IPP 2 Use and Disclosure of Personal Information
- Use only for the purpose for which it was collected
- May be used for a secondary purpose if reasonably related or the person consents
- May be used to investigate and prevent crime
- May be used to prevent serious injury
IPP 3 Data Quality
- If you’re recording personal information, make sure it is accurate, complete and up-to-date
IPP 4 Data Security
- Take reasonable steps to protect information from misuse, loss and unauthorised access
- Take reasonable steps to destroy personal information that is no longer needed
IPP 5 Openness
- Have a policy and make it known and available
IPP 6 Access and Correction
- Allow people to access and, if necessary, correct their personal information
- The FOI Act applies, particularly if it’s not their information
IPP 7 Unique Identifiers
- Must only be assigned if necessary to carry out a function efficiently
- Don’t use or disclose other unique identifiers
IPP 8 Anonymity
- People should be able to remain anonymous where practicable
IPP 9 Transborder Data Flows
- Transfer personal information outside Victoria only if the receiver has similar laws or policies, or the person consents
IPP 10 Sensitive Information
- Collect sensitive information only with the person’s consent or if required by law
- Consent must be voluntary, informed, specific and current