The Key Privacy Concepts guidelines explain important words and phrases used in the Information Privacy Act 2009 (Qld) (IP Act). They are intended to assist in the interpretation and application of the privacy principles in the IP Act.
Section 23(3) of the IP Act defines ‘use’.
(3) An entity uses personal information if it—
(a) manipulates, searches or otherwise deals with the personal information; or
(b) takes the information into account in the making of a decision; or
(c) transfers the information from a part of the entity having particular functions to a part of the entity having different functions.
(4) Subsection (3) does not limit what actions may be use of the personal information.
(5) However, use of the personal information does not include the action of disclosing the personal information to another entity.
Section 23(4) provides that section 23(3) is a non-exhaustive list of what can constitute use, however section 23(5) explicitly limits use to actions that are not disclosure as defined in section 23(2).
There are very few ways in which an entity can manipulate, apply or access personal information that will not constitute a use. Regular back-ups of electronic personal information through standard processes, or restoration of corrupted or lost information from those back-ups, would not generally constitute a use, however, accessing the personal information in those back-ups would.
In some circumstances, provision of personal information to another entity will not constitute a disclosure, but a use. This will be where the transferring entity retains control over the personal information and what the receiving entity may do with it.
Current as at: July 19, 2013