Information Privacy Principles Victoria’s Information Privacy and Data Protection Act (2014) contains 10 Information Privacy Principles or IPP’s
This is a short summary of the IPPs:
IPP 1 Collection Collect only personal information that is necessary for performance of functions. Advise individuals that they can gain access to personal information.
IPP 2 Use and disclosure Use and disclose personal information only for the primary purpose for which it was collected or a secondary purpose the person would reasonably expect. Use for secondary purposes should have the consent of the person.
IPP 3 Data quality Make sure personal information is accurate, complete and up to date.
IPP 4 Data security Take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification or disclosure.
IPP 5 Openness Document clearly expressed policies on management of personal information and provide the policies to anyone who asks.
IPP 6 Access and correction Individuals have a right to seek access to their personal information and make corrections. Access and correction will be handled mostly under the Victorian Freedom of Information Act.
IPP 7 Unique identifiers A unique identifier is usually a number assigned to an individual in order to identify the person for the purposes of an organisation's operations. Tax File Numbers and Driver's Licence Numbers are examples. Unique identifiers can facilitate data matching. Data matching can diminish privacy. IPP 7 limits the adoption and sharing of unique identifiers.
IPP 8 Anonymity Give individuals the option of not identifying themselves when entering transactions with organisations, if that would be lawful and feasible.
IPP 9 Transborder data flows Basically, if your personal information travels, your privacy protection should travel with it. Transfer of personal information outside Victoria is restricted. Personal information may be transferred only if the recipient protects privacy under standards similar to Victoria's IPPs.
IPP 10 Sensitive information The law restricts collection of sensitive information like an individual's racial or ethnic origin, political views, religious beliefs, sexual preferences, membership of groups or criminal record. Council’s information privacy officer can be contacted on (03) 5434 6000 if you have any further enquiries of Council’s policy and procedure in relation to the Information Privacy and Data Protection Act (2014).