All Queensland government agencies1 must handle personal information in accordance with the Queensland Privacy Principles (QPP) in the Information Privacy Act 2009 (Qld) (IP Act).
This guideline is based on and includes material from the Australian Privacy Principle guidelines developed by the Office of the Australian Information Commissioner.
Section 12 of the IP Act provides that personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether it is true or recorded in a material format.
The individual does not need to be directly identified in the information for it to be personal information. It is sufficient if they can reasonably be identified by reference to other information.
Refer to Key privacy concepts – personal and sensitive information for more information.
QPP 10 requires agencies to take reasonable steps to ensure the quality of personal information they deal with. Specifically, they must take reasonable steps to ensure:
In addition to creating robust privacy protection, these requirements help ensure greater administrative efficiency and can save the time, potential embarrassment, and possible adverse effects of making decisions based on incorrect or incomplete information.
The agency must take reasonable steps to ensure the quality of personal information at two distinct times: the first, when the information is collected and the second, when the personal information will be used or disclosed.
Agencies aren’t required to review the personal information they hold outside the specific obligations in QPP 10, but doing so can help agencies ensure the overall and ongoing quality of the personal information they hold.
What constitutes reasonable steps will vary depending on the circumstances. Factors to consider when determining what steps are reasonable include:
In some circumstances there may be:
However, the onus will be on the agency to establish this.
Reasonable steps an agency could take include:
In most circumstances, a reliable way of ensuring quality will be to verify the information against the original source. However, in some cases that may be unreasonable because, for example:
If agency officers cannot reasonably check with the original source, there are often other methods that can be used to ensure information accuracy.
If an agency regularly collects personal information from a third party it should put appropriate practices, procedures and/or systems in place to ensure the personal information’s quality. Depending on the circumstances and the nature of the third party this could include:
Personal information is inaccurate if it contains an error or defect or if it is misleading. Incorrect factual information can include the wrong name, date of birth, residential address or current or former employer.
An opinion about the individual is not inaccurate just because the individual disagrees with it. An opinion will generally be accurate if it is clear that it is an opinion and not objective fact, it accurately records the view of the opinion giver, and is based on reasonable grounds.3
Personal information is out of date if it contains facts, opinions or other information that is no longer current. An example is a statement that an individual lacks a particular qualification or accreditation that the individual has subsequently obtained.
Information that was accurate when it was collected may be superseded by later information or events. Whether that makes the original personal information out of date will depend on why it was originally collected, used, or disclosed and what the agency wants to do with it now. If the agency needs more current information, the original personal information will, to that extent of the agency’s current purpose, be out of date
If agencies no longer need personal information for any purpose it should be assessed for destruction or deidentification under QPP 11.
Refer to QPP 11 – Security, deidentification and destruction of personal information for more information.
Personal information is incomplete if it presents a partial or misleading picture, rather than a true or full picture, for example a database which says that an individual has not paid their rates, when the rates have actually been paid, albeit late.
The information will be incomplete under QPP 10 if the database is used or disclosed for the purpose of providing information about the individual’s payment history. Similarly, a document which lists only two rather all three children of the parent(s) will be incomplete under QPP 10 if that personal information is used for the purpose of, and is relevant to, assessing a person’s eligibility for a benefit or service which relates to the number of dependencies a person or family has.
Collection of personal information will be reasonably necessary for one of the agency’s functions4 it is collecting it to ensure the information it already holds is complete.
Agencies must take reasonable steps to ensure personal information is relevant before it uses or discloses it. Personal information will be irrelevant if it does not have a bearing upon, or connection to, the purpose for which it will be used or disclosed.
For example, if an agency is disclosing medical records for the purposes of a WorkCover claim, it should only disclose the parts of the record that are relevant to that secondary purpose.
Current as at: July 1, 2025