Evidence of authority and identity


An applicant can choose someone to act on their behalf to make an access or amendment application for them under the Right to Information Act 2009 (Qld) (RTI Act) or the Information Privacy Act 2009 (Qld) (IP Act). This person will be called the 'agent' of the applicant. An applicant may authorise anyone to be their agent, for example, a legal representative, friend or relative.

Information about the agent will need to be provided if the application is to access or amend the applicant's personal information. The requirements of an agent providing evidence of authority and identity will be discussed in this Guideline.

Evidence of authority - access and amendment applications containing the applicant's personal information

If an agent, acting on behalf of an applicant, applies for access to or amendment of documents containing personal information of the applicant, then the agent must provide all of the following:

  • evidence of the agent's authorisation to act for the applicant1 (agent's authorisation)
  • evidence of the agent's identity2 and applicant's identity3 (evidence of identity requirements).

These requirements ONLY APPLY if the application seeks to access or amend documents containing the applicant's personal information.4 Together, they establish the agent's authority to act for the applicant. They must be provided with the application or within 10 business days after making the application.5

The purpose of the evidence of identity requirements is to ensure that any personal information that an agency or Minister decides to release or amend pursuant to the application is only provided to, or altered for, the applicant or a person authorised by the applicant to act on their behalf. This operates as an additional safeguard on the disclosure or alteration of personal information.

1. Evidence of agent's authorisation

The RTI Act and IP Act set out three examples of the types of evidence that may establish an agent's authorisation including a 'client agreement authorising a legal practitioner to act for an applicant'.6 However, the list of examples is not exhaustive and other documents may also be sufficient to establish an agent's authorisation.7


  1. A letter of authority specifically appointing the person to act as the applicant's agent to make the application, which has been signed by the applicant and witnessed by a justice of the peace, solicitor or commissioner for declarations.
  2. In the case of a legal representative, a letter of authority setting out the nature, terms and duration (where relevant) of the legal representative's authority which is signed by the legal representative and their client (the applicant).

Generally, evidence provided by an agent to establish their authority to act as the applicant's agent should:

  • be in writing
  • be current8
  • state the full name of the applicant and the name of the agent
  • set out the scope of the authority to act as the applicant's agent
  • be signed and dated by the applicant and agent, and witnessed.

2. Evidence of identity for applicants and agents - access and amendment applications containing the applicant's personal information

Both the agent and the applicant must provide the agency9 with evidence of their identity.10

The term evidence of identity is defined in the Right to Information Regulation 2009 11 and the Information Privacy Regulation 2009 12 (the Regulations). The Regulations do not distinguish between evidence of identity required for an applicant and that required for an agent. They provide that evidence of identity for a person is 'a document verifying the person's identity' which includes:

  • a passport
  • a copy of a birth certificate or extract
  • a driver's licence
  • a statutory declaration from an individual who has known the person for at least one year
  • a copy of a prisoner's identity card that is certified by a Corrective Services officer.

The list of documents set out in the Regulations is not exhaustive and other documents may also satisfy the evidence of identity requirements. For example, in some cases, a letter printed on the law firm's letterhead and signed by the principal of the firm may be sufficient to verify a legal representative's identity.

The type of document that an agency chooses to accept from an agent who is acting as the applicant's agent may depend on factors such as:

  • the sensitivity of the documents sought in the application
  • whether the agency has had previous dealings with the legal representative
  • the terms of the legal representative's authorisation as agent

In relation to applications for access, the evidence of identity requirements correspond with the obligation on agencies to adopt appropriate procedures to ensure that personal information of the applicant that is requested by an applicant's agent, is only provided to the applicant's agent.13

The agency must determine whether the document provided by the agent verifies their identity. If a decision maker is concerned about an agent's identity, the decision maker should make independent checks or ask the agent for further information.

Providing evidence of identity and authorisation

Evidence of authority may be provided in a number of ways. Applicants can send a photocopy of the identity document (ID), which has been certified by a justice of the peace, lawyer, or commissioner for declarations as a correct copy of the original14, to the agency.  Alternatively, the applicant could attend at an office of the agency and show their ID to an agency officer, who can make a file note confirming the ID has been sighted.

Providing electronic copies

Copies of identification and evidence of authorisation must be sent to the agency, as outlined above.  The RTI Act and IP Act do not specify how such copies must be provided.  In some circumstances, they may be able to be provided electronically.

The Electronic Transactions (Queensland) Act 2001, (Electronic Transactions Act)15, supports an agency's discretion to accept electronic documents in certain circumstances by providing that where a State law requires or permits the production of a paper document an electronic version may be provided if the following conditions are met:

  • The method used to produce the electronic copy of the document ensures the integrity of the document’s information, ie, the information is complete and unaltered, apart from immaterial or endorsed changes.
  • The information in the electronic documents will be readily accessible for subsequent reference.
  • The person the paper document is to be given to agrees to receive an electronic copy of the document.

There are some exceptions to when the Electronic Transactions Act applies.16 If an agency is unsure and needs to clarify whether such exceptions apply in their circumstances, legal advice can be sought. However, the Electronic Transactions Act does not limit the circumstances in which an agency can otherwise decide to accept a document electronically.  Each agency needs to carefully consider whether it is appropriate to accept identity documents electronically and apply security mechanisms appropriate to the circumstances, whether or not the Electronic Transactions Act applies.

This means an agency may be able to agree to receive evidence of identity or authorisation electronically, for example by email or facsimile.  Allowing these documents to be provided electronically can help simplify the application process, but it is at the discretion of each agency to decide whether or not it will do so.

An agency may consider accepting evidence of identity documents electronically to be appropriate when the agency has previously been provided with a hard copy of the same document and they are confident that the applicant is the sender. However agencies may have general restrictions in place regarding receipt of such documents due to the sensitive nature of the personal information that that agency holds to protect an individual’s privacy. Similarly, agencies may wish to require the documents to be provided in hard copy in specific circumstances, for example where the applicant’s personal information is of a particularly sensitive nature, or if there are any concerns about the integrity of the document’s information regarding the applicant’s identity or an agent’s authority.

Applications for access to other information

If the application does not seek access to documents containing the applicant's personal information, an agent is not required to establish their authority to act for an applicant or provide evidence of their identity.

However, if an agent has not established their authorisation as agent and an application seeks access to documents that contain other sensitive information, an agency may decide not to give access to that information.

For example, a legal representative may apply, on behalf of a company, for access to documents which contain information about that company. If they have not established their authority to act for the company, the agency may decide not to give access to documents containing sensitive company information as, without evidence of the representative’s authority to act for the company, it has no surety that the information is actually being released to the company.

For this reason, it is good practice for an agent to provide an agency with their agent's authorisation when making any application under the RTI Act on behalf of an applicant.

  • 1 Section 24(3)(b) of the RTI Act and sections 43(3)(b) and 44(5)(b) of the IP Act.
  • 2 Section 24(3)(b) of the RTI Act and sections 43(3)(b) and 44(5)(b) of the IP Act.
  • 3 Section 24(3)(a) of the RTI Act and sections 43(3)(a) and 44(5)(a) of the IP Act.
  • 4 See section 12 of the IP Act which sets out the definition of personal information.
  • 5 Section 24(3) of the RTI Act and sections 43(3) and 44(5) of the IP Act.
  • 6 Section 24(3)(b) of the RTI Act and sections 43(3)(b) and 44(5)(b) of the IP Act.
  • 7 See section 14D(a) of the Acts Interpretation Act 1954 (Qld) which sets out how lists of examples in Queensland legislation are to be interpreted.
  • 8 OIC recommends that authorities older than 6 months be verified to ensure they are current prior to accepting them.
  • 9 In this Guideline, references to an 'agency' include Ministers, unless otherwise specified.
  • 10 Sections 24(3) of the RTI Act and sections 43(3) and 44(5) of the IP Act.
  • 11 Section 24(5) of the RTI Act and regulation 3 of the Right to Information Regulation 2009 (Qld).
  • 12 Sections 43(4) and 44(6) of the IP Act and regulation 3 of the Information Privacy Regulation 2009 (Qld).
  • 13 Section 70 of the RTI Act and section 85 of the IP Act.
  • 14 See the Guideline Evidence of Authority and Identity for further information about identity requirements.
  • 15 Section 16 of the Electronic Transactions Act.
  • 16 The Electronic Transactions Act does not apply to particular requirements and permissions, including that a document “be attested, authenticated, verified or witnessed by a person other than the author of the document”. Section 7A and Schedule 1, Electronic Transactions (Queensland) Act 2001 (Qld).

Current as at: December 18, 2013