Published on Office of the Information Commissioner Queensland (https://www.oic.qld.gov.au)

Home Guidelines  >  For government  >  Guidelines - Privacy principles  >  Use and disclosure  >  QPP 3 and 6 - ADR or a legal claim

QPP 3 and 6 - ADR or a legal claim

Overview

All Queensland government agencies1 must handle personal information in accordance with the Queensland Privacy Principles (QPP) in the Information Privacy Act 2009 (Qld) (IP Act).

This guideline is based on and includes material from the Australian Privacy Principle guidelines developed by the Office of the Australian Information Commissioner.

What is personal information?

Section 12 of the IP Act provides that personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether it's true or recorded in a material format.

The individual does not need to be directly identified in the information for it to be personal information. It is sufficient if they can reasonably be identified by reference to other information.

The personal information of one individual may also be the personal information of other individuals. OIC refers to this as mutual personal information, and examples include a marriage certificate, which contains personal information of both parties to a marriage, or a vocational reference that includes personal information about both the author and the subject of the reference.

Sensitive information is a category of personal information defined in schedule 5 of the IP Act.

Refer to Key privacy concepts – sensitive and personal information for more information.

Collection of sensitive information

An agency can only collect sensitive information without consent if one of the exceptions in QPP 3.4 applies.

Refer to QPP 3 – collection of solicited personal information for more information.

Permitted general situations

Under QPP 3.4 an agency can collect sensitive information without consent, and under QPP 6.2(c) an agency can use or disclose personal information for a secondary purpose, if a permitted general situation applies. The permitted general situations are listed in schedule 4, part 1 of the IP Act.

Use and disclosure

An agency can use or disclose personal information for the reason it was collected (the primary purpose). An agency can only use or disclose personal information for a secondary purpose as set out in QPP 6.

Use and disclosure are both defined in the IP Act. Use and disclosure are both defined in the IP Act. Refer to Key privacy concepts – use and disclosure for more information.

Collection, use and disclosure for Alternative Dispute Resolution or a legal or equitable claim

An agency can collect sensitive information without consent, or use or disclose personal information where the collection, use or disclosure is reasonably necessary for:

  • conducting a confidential alternative dispute resolution (ADR) process;2 or
  • the establishment, exercise or defence of a legal or equitable claim.3

Reasonably necessary

Whether collection, use or disclosure is reasonably necessary is an objective test: would a reasonable person who is properly informed agree that the collection, use or disclosure is necessary. The onus lies with the agency to justify that the particular collection, use or disclosure was reasonably necessary.

It is important to take a practical approach when making this determination. If an agency cannot in practice effectively pursue or perform a function without collecting, using or disclosing information, the collection, use or disclosure will generally be considered reasonably necessary for that function or activity. However, if there are reasonable alternatives available, for example, if deidentified information would be sufficient for the function or activity, it will be more difficult to establish.

Agencies cannot solely rely on normal business practice in assessing whether collection, use or disclosure is reasonably necessary. The primary consideration is whether, in the specific circumstances it is reasonably necessary.

Collection, use or disclosure will not be considered necessary where it is merely helpful, desirable or convenient.

A confidential ADR process

ADR, which is not defined in the IP Act, includes processes other than judicial determinations in which an impartial person assists people in a dispute to resolve the issues between them. The impartial person may have ADR related accreditation, but this is not required.

Examples of ADR processes include mediation, conciliation, facilitation, expert assessment, determination, or neutral evaluation.

Collection, use or disclosure for confidential ADR processes could include:

  • collection of sensitive information necessary for the conduct of the ADR
  • disclosure of personal information to an ADR provider
  • use or disclosure by an agency for the purpose of participating in the ADR; and
  • collection of sensitive information, or use or disclosure of personal information, by an agency in relation to a complaint of professional misconduct against an ADR practitioner.

The ADR must be confidential

The parties to the dispute and the ADR provider must be bound by confidentiality obligations. The obligations must prohibit the use or disclosure of personal information collected, used or disclosed for the ADR process for any other purpose, including in subsequent proceedings.

The confidentiality obligations may be imposed through binding agreements or legislative provisions.

A legal or equitable claim

Agencies can collect sensitive information and use or disclose personal information where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim.

It applies to claims being conducted in both courts and tribunals, and to both existing and anticipated proceedings. For anticipated proceedings, there must be a real possibility that they will commence, eg where the agency has sought or obtained legal advice about commencing proceedings.

Agencies are not required, and may not be permitted, to disclose personal information to a third party who requests it in connection with existing or anticipated legal proceedings. It will generally be difficult to establish that the disclosure is reasonably necessary in these circumstances.

Subpoenas or other court orders

If the third party request is made in the form of a subpoena or other court order, QPP 6.2(b) will apply.

Refer to QPP 3&6 – authorised by law or court order for more information.

  • 1 References to an agency in this guideline include a Minister, bound contracted service provider, or other entity required to comply with the QPPs.
  • 2 Schedule 4, part 1 of the IP Act, permitted general situation 1(e).
  • 3 Schedule 4, part 1 of the IP Act, permitted general situation 1(d).

Current as at: July 1, 2025