• Home
• What's New
• About Us
• Vision Impaired
• Relevant Laws
• Making a Complaint
• Case Notes
• Services
• Publications
• Privacy Victoria Network
• Training
• Positions Vacant
• Archive
• Links
• Contact Us

Information Privacy Principles

Ten Information Privacy Principles (IPPs) are the practical core of the Information Privacy Act. With limited exemptions, all Victorian government agencies, statutory bodies and local councils must comply with the IPPs.

This is a short summary of the IPPs:

IPP 1 Collection

Collect only personal information that is necessary for performance of functions. Advise individuals that they can gain access to personal information.

IPP 2 Use and disclosure

Use and disclose personal information only for the primary purpose for which it was collected or a secondary purpose the person would reasonably expect. Use for secondary purposes should have the consent of the person.

IPP 3 Data quality

Make sure personal information is accurate, complete and up to date.

IPP 4 Data security

Take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification or disclosure.

IPP 5 Openness

Document clearly expressed policies on management of personal information and provide the policies to anyone who asks.

IPP 6 Access and correction

Individuals have a right to seek access to their personal information and make corrections. Access and correction will be handled mostly under the Victorian Freedom of Information Act.

IPP 7 Unique identifiers

A unique identifier is usually a number assigned to an individual in order to identify the person for the purposes of an organisation's operations. Tax File Numbers and Driver's Licence Numbers are examples. Unique identifiers can facilitate data matching. Data matching can diminish privacy. IPP 7 limits the adoption and sharing of unique identifiers.

IPP 8 Anonymity

Give individuals the option of not identifying themselves when entering transactions with organisations, if that would be lawful and feasible.

IPP 9 Transborder data flows

Basically, if your personal information travels, your privacy protection should travel with it. Transfer of personal information outside Victoria is restricted. Personal information may be transferred only if the recipient protects privacy under standards similar to Victoria's IPPs.

IPP 10 Sensitive information

The law restricts collection of sensitive information like an individual's racial or ethnic origin, political views, religious beliefs, sexual preferences, membership of groups or criminal record.

The IPPs can also be read in full. The full text of the Information Privacy Principles can be found in schedule 1 of the Information Privacy Act 2000 (Vic).

The Explanatory Memorandum (PDF, 64Kb) and the Privacy Commissioner's Guidelines can help with interpretation of the IPPs.

Top

Last reviewed on 15 May 2009. © 2009 Privacy Victoria - an independent statutory office