The Information Privacy Act 2009 (Qld) (IP Act) applies to personal information, regardless of whether the personal information existed, or was collected or generated, prior to the commencement of the IP Act.1
When collecting or handling any personal information, an agency2 must comply with the relevant privacy principles and sections of the IP Act, unless one of the exceptions applies.
It does not matter:
See the discussion on personal information in the guideline Key privacy concepts – personal information for more detail.
The definition of personal information limits it to information about an individual.3
The definition of 'individual' in the Acts Interpretation Act 1954 (Qld) is 'a natural person4'. A natural person can only be a living person.
This means that deceased people cannot have personal information, however care should still be taken when handling the information of the deceased, as it may also be the personal information of the living, for example, a family member.
Chapter 2, part 1 requires all agencies except for health agencies to comply with:
Health agencies are required to comply with the National Privacy Principles (NPPs), rather than the IPPs, along with the rules about contracted service providers and transfer of personal information out of Australia.
Chapter 2 of the IP Act applies to the Office of the Information Commissioner, requiring the OIC to comply with the IPPs, and with Chapter 2, Parts 3 and 4 of the IP Act.
The IP Act will defer to any other Act which provides for the collection, storage, handling, management, use, disclosure and transfer of personal information.
In addition, requirements to use or disclose personal information under another Act override the relevant privacy principles by the action of IPP 10(1)(c), 11(1)(d), and NPP 2(1)(f).
The IP Act does not affect the provisions of the Public Records Act 2002 (Qld) which:
Current as at: July 19, 2013