OFFICE OF THE INFORMATION COMMISSIONER Northern Territory

Privacy - Openness

The Privacy Principles make it clear that organisations must be open with people about the personal information they collect and handle. This can be seen in four requirements of the Privacy Principles:

Disclosure of privacy policies and general information

Organisations must make available to the public a document in which they clearly express their policies for the management of personal information they hold (IPP 5.1).

On request, an organisation must also take reasonable steps to inform a person about:

The potentially onerous requirements of IPP 5 mean that it will usually be in the interests of organisations to develop detailed written policies about management of personal information that address, among other things, the specific requirements of IPP 5.2.

Ensuring awareness when collecting particular information

Every time personal information about an individual is collected, the organisation collecting the information must take reasonable steps to ensure that the individual is aware of:

  1. the identity of the organisation
  2. the purpose for which the information is collected
  3. any law that requires the particular information to be collected
  4. the main consequences (if any) for the individual if all or part of the information is not provided
  5. to whom the organisation usually discloses information of the same kind
  6. the fact that the individual is able to have access to the information.

Important points to note:

Access to personal information on request

Privacy Principle 6 sets out an alternative access scheme to Freedom of Information access. However, the Privacy access scheme is limited to the personal information of the individual concerned.

Like the FOI access scheme exemptions, there are a series of reasons why an organisation can refuse access to information (IPPs 6.1 and 6.2). Many of the exceptions are similar to FOI exemptions but there are some differences. One of the exceptions arises if 'denying access is required or authorised by law'. This would appear to allow refusal based on any of the FOI access exemptions.

In general terms, the requirements for, and procedures involved in, the FOI access scheme are more concrete, and spelled out in more detail, than the Privacy access scheme. In most cases, it will probably be preferable for individuals seeking access to use the FOI access scheme.

Correction of personal information on request

Privacy Principle 6 sets out an alternative correction scheme to Freedom of Information correction.

Like the FOI access scheme, the Privacy correction scheme refers to information that is not accurate, complete or up to date. If the person establishes this, the organisation must take reasonable steps to correct it.

In general terms, the requirements for, and procedures involved in, the FOI correction scheme are more concrete, and spelled out in more detail, than the Privacy correction scheme. In most cases, it will probably be preferable for individuals seeking correction to utilise the FOI correction scheme.

More information

Discussions of similar principles are available on the websites of Privacy Victoria and the Federal Privacy Commissioner.

Last Updated on
6 October, 2008