Information Privacy

Information Privacy Act 2009

Reprint No. 2 [as amended by all amendments that commenced on or before 1 July 2012]

The reprints used for the Office of the Information Commissioner’s annotated version of the Freedom of Information Act 1992 (Qld), RTI Act and IP Act (annotated legislation) are sourced from, and used with the permission of, the Office of The Queensland Parliamentary Counsel. The annotated legislation is updated from time to time to incorporate significant amendments. The current reprint of the IP Act is available from the Office of the Queensland Parliamentary Counsel.

An Act to provide safeguards for the handling of personal information in the public sector environment, and to allow access to and amendment of personal information.

Sections of the act with annotations 

Annotations highlighted.

• Chapter 1 Preliminary (1-25)
  • Part 1 Introductory (1-10)
    • 1 Short title
    • 2 Commencement
    • 3 Object of Act
    • 4 Act not intended to prevent other accessing or amendment of personal information
    • 5 Relationship with other Acts requiring access to or amendment of personal information
    • 6 Scope of personal information under this Act
    • 7 Relationship with other Acts prohibiting disclosure of information
    • 8 Relationship with other Acts regulating disposal of information
    • 9 Relationship with Right to Information Act
    • 10 Act binds State
  • Part 2 Interpretation (11-25)
    • 11 Definitions
    • 12 Meaning of personal information
      • Overview of Section 12 IP Act
      • Application of Section 12 IP Act
      • Key published decisions applying Section 12 IP Act
    • 13 Meaning of document of an agency for ch 3
    • 14 Meaning of document of a Minister for ch 3
    • 15 Meaning of document otherwise
    • 16 Meaning of document to which the privacy principles do not apply
    • 17 Meaning of agency for ch 3
    • 18 Meaning of agency otherwise
    • 19 Meaning of entity to which the privacy principles do not apply
    • 20 Special provision about application of Act other than ch 3 to a Minister
    • 21 Meaning of public authority
    • 22 Meaning of processing period and transfer period for ch 3
      • Overview of section 18 RTI Act/section 22 IP Act
      • Application of section 18 RTI Act/section 22 IP Act
    • 23 What it means to disclose personal information and to use personal information
    • 24 Meaning of control of a document
    • 25 References to IPPs and NPPs
• Chapter 2 Privacy principles (26-39)
  • Part 1 Compliance with IPPs by agencies (26-29)
    • 26 Information Privacy Principles
    • 27 Agencies to comply with IPPs
    • 28 Noncompliance with particular IPPs
    • 29 Special provision for law enforcement agencies
  • Part 2 Compliance with NPPs (30-32)
    • 30 National Privacy Principles
    • 31 Health agencies to comply with NPPs
    • 32 Noncompliance with particular NPPs
  • Part 3 Transfer of personal information outside Australia (33)
    • 33 Transfer of personal information outside Australia
  • Part 4 Compliance with parts 1 to 3 by contracted service providers (34-37)
    • 34 Meaning of service arrangement
    • 35 Binding a contracted service provider to privacy principles
    • 36 Bound contracted service provider to comply with privacy principles
    • 37 Contracting agency to comply with privacy principles if contracted service provider not bound
  • Part 5 Provision of information to Ministers (38)
    • 38 Personal information relevant to portfolio responsibilities
  • Part 6 Miscellaneous (39)
    • 39 Nature of rights created by pts 1 to 3
• Chapter 3 Disclosure and amendment by application under this Act (40-133)
  • Part 1 Right to access and amendment (40-42)
    • 40 Right to be given access to particular documents
      • Overview of Section 40 IP Act
      • Application of Section 40 IP Act
    • 41 Right to amend personal information in particular documents
      • Overview of Section 41 IP Act
      • Application of Section 41 IP Act
      • Key published decisions applying Section 41 IP Act
      • Relevant decisions from other jurisdictions
    • 42 Other ways of accessing or amending personal information
  • Part 2 Access and amendment applications (43-49)
    • 43 Making access application
    • 44 Making amendment application
    • 45 Making access or amendment applications for children
      • Overview of Section 45 IP Act
      • Application of Section 45 IP Act
      • Key published decisions applying Section 45 IP Act
    • 46 Access or amendment application may not be made to commissioner
    • 47 Application for documents then existing
    • 48 Application for metadata
    • 49 Application not for backup system documents
  • Part 3 Dealing with application (50-57)
    • Division 1 Decision-maker (50-51)
      • 50 Decision-maker for application to agency
      • 51 Decision-maker for application to Minister
    • Division 2 Preliminary contact with applicant (52-55)
      • 52 Application outside scope of Act
      • 53 Noncompliance with application requirement
      • 54 Access application not limited to personal information
      • 55 Longer processing period
    • Division 3 Contact with relevant third party (56)
      • 56 Disclosure of concern to third party
    • Division 4 Transfers (57)
      • 57 Transfer of access or amendment application
  • Part 4 Refusal to deal with access or amendment application (58-63)
    • 58 Pro-disclosure bias and pro-amendment bias in deciding to deal with applications
    • 59 Exempt information
    • 60 Effect on agency's or Minister's functions
    • 61 Prerequisites before refusal because of effect on functions
    • 62 Previous application for same documents - access application
      • Overview of Section 62 IP Act
      • Application of Section 62 IP Act
      • Key published decisions applying Section 62 IP Act
    • 63 Previous application for same documents - amendment application
  • Part 5 Decision (64-76)
    • Division 1 Access applicants (64-69)
      • 64 Pro-disclosure bias in deciding access to documents
      • 65 Considered decision on access application
      • 66 Deemed decision on access application
      • 67 Grounds on which access may be refused
      • 68 Notification of decision and reasons access application
      • 69 Information as to existence of particular documents
    • Division 2 Amendment applications (70-76)
      • 70 Considered decision on amendment application
      • 71 Deemed decision on amendment application
      • 72 Grounds on which amendment may be refused
        • Section 72(1)(a)(i)
          • Overview of Section 72(1)(a)(i) IP Act
          • Application of Section 72(1)(a)(i) IP Act
          • Key published decisions applying Section 72(1)(a)(i) IP Act
          • Relevant decisions from other jurisdictions
      • 73 Notification of decision and reasons - amendment application
      • 74 Amendment of document by alteration or notation
        • Overview of Section 74 IP Act
        • Application of Section 74 IP Act
        • Key published decisions applying Section 74 IP Act
        • Relevant decisions from other jurisdictions
      • 75 Notation to information
      • 76 Particular notations required to be added
  • Part 6 Charging regime (77-82)
    • Division 1 Preliminary (77-78)
      • 77 Meaning of access charge
      • 78 Duty in relation to access charge
    • Division 2 Payment of charges (79)
      • 79 Requirement to pay access charge
    • Division 3 Waiver of charges (80-82)
      • 80 Waiver under div 3 only
      • 81 Uneconomical to charge
      • 82 Applicant under financial hardship
  • Part 7 Giving access (83-92)
    • 83 Forms of access
    • 84 Time limit for access
    • 85 Precautions
    • 86 Precautions for children
    • 87 Deferral of access
    • 88 Deletion of irrelevant information
    • 89 Deletion of exempt information
    • 90 Deletion of contrary to public interest information
    • 91 Giving summary of personal information to applicant or intermediary
    • 92 Giving relevant healthcare information to applicant's nominated healthcare professional
  • Part 8 Internal review (93-97)
    • 93 Definitions for pt 8
    • 94 Internal review
    • 95 Decisions that may not be reviewed
    • 96 Applying for internal review
    • 97 When internal review application to be decided
  • Part 9 External review (98-126)
    • Division 1 Preliminary (98-100)
      • 98 Definitions for pt 9
      • 99 External review
      • 100 Onus
    • Division 2 Application (101-102)
      • 101 Applying for external review
        • Section 101(1)(d)
          • Overview of Section 101(1)(d) IP Act
          • Application of Section 101(1)(d) IP Act
          • Key published decisions applying Section 101(1)(d) IP Act
      • 102 Participants in external review
    • Division 3 After application made (103-107)
      • 103 Early resolution encouraged
      • 104 Agency or Minister to be informed of application for external review of deemed decision
      • 105 Agency or Minister to be informed before external review of decision
      • 106 Applications where decision delayed
      • 107 Information commissioner may decide not to review
    • Division 4 Conduct of external review (108-110)
      • 108 Procedure on external review
      • 109 Requirement to assist during review
      • 110 Conduct of reviews
    • Division 5 Powers of information commissioner on external review (111-122)
      • 111 Preliminary inquiries
      • 112 Better reasons
      • 113 Access to documents
      • 114 Access in particular form
      • 115 Requiring a search
      • 116 Requiring information, documents and attendance
      • 117 Examining witnesses
      • 118 Additional powers
      • 119 Restrictions under other laws not applicable
      • 120 Information commissioner to ensure proper disclosure and return of documents
      • 121 Information commissioner to ensure non-disclosure of particular information
      • 122 Exception for successful challenge of s 69(2) notice
    • Division 6 Decision on external review (123-124)
      • 123 Decision on external review
      • 124 Correction of mistakes in decisions
    • Division 7 Miscellaneous (125-126)
      • 125 Costs of external review
      • 126 Disciplinary action
  • Part 10 Vexatious applicants (127-128)
    • 127 Vexatious applicants
    • 128 Declaration may be varied or revoked
  • Part 11 References of questions of law and appeals (129-133)
    • 129 Definitions for pt 11
    • 131 Reference of questions of law to Queensland Civil and Administrative Tribunal
    • 132 Appeal to Queensland Civil and Administrative Tribunal on question of law
    • 133 Application to Queensland Civil and Administrative Tribunal for review of vexatious applicant declaration
• Chapter 4 Information Commissioner and Privacy Commissioner (134-163)
  • Part 1 Functions of information commissioner under this Act (134-138)
    • 134 Information commissioner not subject to direction
    • 135 Performance monitoring and support functions
    • 136 Decision-making functions
    • 137 External review functions
    • 138 Guidelines under the Right to Information Act
  • Part 2 Staff of Office of Information Commissioner in relation to this Act (139-140)
    • 139 Delegation
    • 140 Staff subject only to direction of information commissioner
  • Part 3 Privacy Commissioner (141-152)
    • 141 The Privacy Commissioner
    • 142 Role and function of privacy commissioner
    • 143 Privacy commissioner subject to direction of information commissioner
    • 144 Appointment
    • 145 Procedure before appointment
    • 146 Term of appointment
    • 147 Remuneration and conditions
    • 148 Leave of absence
    • 149 Preservation of rights if public service officer appointed
    • 150 Restriction on outside employment
    • 151 Resignation
    • 152 Acting privacy commissioner
  • Part 4 Proceedings (153-156)
    • 153 Third party proceedings
    • 154 Costs in proceedings
    • 155 Information Commissioner and Privacy Commissioner may appear in proceedings
    • 156 Intervention by Attorney-General
  • Part 5 Waiving or modifying privacy principles obligations in the public interest (157)
    • 157 Waiver or modification approval
  • Part 6 Compliance notices (158-163)
    • 158 Compliance notice
    • 159 Extension of time for compliance
    • 160 Agency must comply with notice
    • 161 Application to Queensland Civil and Administrative Tribunal for review of decision to give compliance notice
    • 162 Parties to QCAT proceeding
    • 163 How QCAT may dispose of review
• Chapter 5 Privacy complaints (164-178)
  • Part 1 Making privacy complaints (164-166)
    • 164 Meaning of privacy complaint
    • 165 Privacy complaint may be made or referred to information commissioner
    • 166 Requirements for privacy complaint
  • Part 2 Dealing with privacy complaints (167-170)
    • 167 Preliminary action
    • 168 Information commissioner may decline to deal with or deal further with complaint
    • 169 Referral of privacy complaint to other entity
    • 170 Arrangement with ombudsman
  • Part 3 Mediation of privacy complaints (171-173)
    • 171 Attempting resolution through mediation
    • 172 Certification of mediated agreement
    • 173 Filing of certified agreement with Queensland Civil and Administrative Tribunal
  • Part 4 Referral of privacy complaints to QCAT (174-178)
    • 174 Application of pt 4
    • 175 Advice to parties
    • 176 Referral to Queensland Civil and Administrative Tribunal
    • 177 Parties to QCAT proceeding
    • 178 How QCAT may dispose of complaint
• Chapter 6 Protections and offences (179-188)
  • Part 1 Protections (179-183)
    • 179 Access - protection against actions for defamation or breach of confidence
    • 180 Publication - protection against actions for defamation or breach of confidence
    • 181 Access - protection in respect of offences
    • 182 Publication - protection in respect of offences
    • 183 Protection of agency, information commissioner etc. from personal liability
  • Part 2 Offences (184-188)
    • 184 Direction to act in particular way
    • 185 Unlawful access
    • 186 False or misleading information
    • 187 Failure to produce documents or attend proceedings
    • 188 Disclosure or taking advantage of information
• Chapter 7 Miscellaneous provisions (189-201)
  • Part 1 Archival documents (189-191)
    • 189 Operation of Public Records Act 2002
    • 190 Non-official documents in Queensland State Archives etc.
    • 191 Official documents in Queensland State Archives
  • Part 2 Operation of this Act (192-195)
    • 192 Review of Act
    • 193 Reports of information commissioner
    • 194 Report of Assembly on Act's operation
    • 195 Functions of parliamentary committee
  • Part 3 Other (196-201)
    • 196 Power of person acting for another person
    • 197 Power of Information Commissioner for compliance notices and privacy complaints
    • 198 Rules and procedures of Queensland Civil and Administrative Tribunal
    • 199 Contents of prescribed written notice
    • 200 Approval of forms
    • 201 Regulation-making power
• Chapter 8 Transitional provisions (202-214)
  • Part 1 Transitional provisions of Act No. 14 of 2009 (202-211)
    • 202 Delayed application of Act other than ch 3 to local governments
    • 203 Outdated references
    • 204 Pre-enactment recruitment process
    • 205 Refusal to deal with application - previous application for same documents
    • 206 Delayed filing of certified agreement with QCAT
    • 207 Delayed referral of privacy complaint to QCAT
    • 208 Delayed application to QCAT
    • 209 Privacy complaints to relate to actions after ch 5 commencement
    • 210 Continuing application of relevant information standards
    • 211 Acts and practices authorised before relevant date
  • Part 2 Transitional provisions for State Penalties Enforcement and Other Legislation Amendment Act 2009 (212-214)
    • 212 Definition for pt 2
    • 213 Retrospective validation for particular delegations and directions
    • 214 Decision under s 69(2) is a reviewable decision
• Schedule 1 Documents to which the privacy principles do not apply
  • 1 Covert activity
  • 2 Witness protection
  • 3 Disciplinary actions and misconduct
  • 4 Public interest disclosure
  • 5 Cabinet and Executive Council
  • 6 Commissions of inquiry
  • 7 Other
• Schedule 2 Entities to which the privacy principles do not apply
  • Part 1 Entities to which the privacy principles do not apply
  • Part 2 Entities to which the privacy principles do not apply in relation to a particular function
• Schedule 3 Information Privacy Principles
  • 1 IPP1-Collection of personal information (lawful and fair)
  • 2 IPP2-Collection of personal information (requested from individual)
  • 3 IPP3-Collection of personal information (relevance etc.)
  • 4 IPP4-Storage and security of personal information
  • 5 IPP5-Providing information about documents containing personal information
  • 6 IPP6-Access to documents containing personal information
  • 7 IPP7-Amendment of documents containing personal information
  • 8 IPP8-Checking of accuracy etc. of personal information only for relevant purpose
  • 9 IPP9-Use of personal information only for relevant purpose
  • 10 IPP10-Limits on use of personal information
  • 11 IPP11-Limits on disclosure
• Schedule 4 National privacy principles
  • 1 NPP1 - Collection of personal information
  • 2 NPP2 - Limits on use or disclosure of personal information
  • 3 NPP3 - Data quality
  • 4 NPP4 - Data security
  • 5 NPP5 - Openness
  • 6 NPP6 - Access to documents containing personal information
  • 7 NPP7 - Amendment of documents containing personal information
  • 8 NPP8 - Anonymity
  • 9 NPP9 - Sensitive information
• Schedule 5 Dictionary