Published on Office of the Information Commissioner Queensland (https://www.oic.qld.gov.au)

Home Guidelines  >  For government  >  Guidelines - Privacy principles  >  Application of the IP Act  >  When do the privacy principles apply

When do the privacy principles apply

Scope of personal information

The Information Privacy Act 2009 (Qld) (IP Act) applies to personal information, regardless of whether the personal information existed, or was collected or generated, prior to the commencement of the IP Act.1

Agencies must comply with the privacy principle requirements, which include the Queensland Privacy Principles (QPPs), and the mandatory notification of data breach scheme set out in the IP Act.

Personal information and the deceased

Personal information is information about an individual who can be identified.2 Refer to Key privacy concepts – sensitive and personal information for more information.

The definition of 'individual' in the Acts Interpretation Act 1954 (Qld) is 'a natural person'.3 A natural person can only be a living person, which means that deceased people cannot have personal information. Care should still be taken when handling the information of the deceased, as it may also be the personal information of the living, for example, a family member.

Interaction of the IP Act with other legislation

The IP Act will defer to any other Act which provides for the collection, storage, handling, management, use, disclosure and transfer of personal information.4

QPP 6, which provides when agencies can use or disclose personal information, does not override confidentiality or secrecy provisions that prohibit the using or disclosing information.

Exclusions

In some circumstances the IP Act recognises that it is appropriate for agencies not to comply with the privacy principles. It creates a number of exceptions to, and exemptions from, the obligation to comply with the privacy principles.

Provision of personal information to Ministers

Part of Queensland's Westminster model of responsible government is that Ministers are individually responsible and accountable to Parliament for their own actions, and for the administration of their respective government departments.

In order for a Minister to be fully aware of, and to make decisions about the functions and activities of their departments, Ministers need to have access to necessary information. Section 38 of the IP Act ensures that the provision of this information will not constitute a breach of the privacy principles where it contains personal information.

The information must be required to:

  • inform the Minister
  • about matters relevant to the Minister's responsibilities
  • in relation to the agency providing the information to the Minister.

The key requirement under section 38 of the IP Act is that the information must be required to inform Ministers about portfolio responsibilities to their agencies and not to any other person or body. An agency should satisfy itself that there is a link between the personal information and the matters that are relevant to the Minister's responsibility to the agency.

Documents to which the privacy principles do not apply

Schedule 1 of the IP Act sets out the documents to which the privacy principles do not apply. It does not matter which agency holds the documents. Agencies should be aware that these documents may be subject to secrecy or confidentiality obligations set out in other legislation.

Entities to which the privacy principles do not apply

Schedule 2, part 1 of the IP Act sets out the entities to which the privacy principles do not apply. These include a commission of inquiry issued by the Governor in Council, the Legislative Assembly and government owned corporations.

Entities to which the privacy principles do not apply in relation to a particular function

Schedule 2, part 2 of the IP Act sets out entities which are generally subject to the privacy principles but are exempt when performing certain functions. The entities and functions include a court, or the holder of a judicial office or other office connected with a court, in relation to the court’s judicial functions and a tribunal in relation to the tribunal’s judicial or quasi-judicial functions.

Functions which are not listed in this schedule 2, part 2 must comply with the privacy principle requirements.

  • 1 Section 6 of the IP Act.
  • 2 Section 12 of the IP Act.
  • 3 Section 36 of the Acts Interpretation Act 1954 (Qld).
  • 4 Section 7 of the IP Act.

Current as at: July 1, 2025