QPP 3 and 6 - prevent a serious threat

Overview

All Queensland government agencies¹ must handle personal information in accordance with the Queensland Privacy Principles (QPP) in the Information Privacy Act 2009 (Qld) (IP Act).

This guideline is based on and includes material from the Australian Privacy Principle guidelines developed by the Office of the Australian Information Commissioner.

What is personal information?

Section 12 of the IP Act provides that personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether it's true or recorded in a material format.

The individual does not need to be directly identified in the information for it to be personal information. It is sufficient if they can reasonably be identified by reference to other information.

The personal information of one individual may also be the personal information of other individuals. OIC refers to this as mutual personal information, and examples include a marriage certificate, which contains personal information of both parties to a marriage, or a vocational reference that includes personal information about both the author and the subject of the reference.

Sensitive information is a category of personal information defined in schedule 5 of the IP Act.

Refer to Key privacy concepts – sensitive and personal information for more information.

Collection of sensitive information

An agency cannot collect sensitive information without consent unless one of the exceptions in QPP 3.4 applies.

Refer to QPP 3 – collection of personal information for more information.

Use and disclosure

An agency can use and disclose personal information for the reason it was collected (the primary purpose). An agency can only use or disclose personal information for a secondary purpose as set out in QPP 6.

Use and disclosure are both defined in the IP Act. Refer to Key privacy concepts – use and disclosure for more information.

Permitted general situations

Under QPP 3.4 an agency can collect sensitive information without consent, and under QPP 6.2(c) an agency can use or disclose personal information for a secondary purpose, if a permitted general situation applies. The permitted general situations are listed in schedule 4, part 1 of the IP Act.

Collection, use or disclosure to prevent a serious threat

An agency can collect sensitive information, or use and disclose personal information, to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety, but only if it is unreasonable or impracticable to obtain the individual’s consent.²

Unreasonable or impracticable to get consent

Under the IP Act, consent can be express or implied. Refer to Key privacy concepts – consent for information about what constitutes valid consent under the QPPs.

Before collecting sensitive information, or using or disclosing personal information, to prevent a serious threat, agencies must identify a clear reason why it is unreasonable or impracticable to obtain the individual’s consent. Relevant considerations include:

• The nature and potential consequences of the serious threat. For example, the urgency of a situation and level of threatened harm may require information to be urgently used or disclosed in circumstances where there is no time to seek consent.
• Any possible adverse consequences to an individual if the agency collects, uses or discloses their information without consent. The greater the adverse consequences, the more difficult it will generally be to establish it was unreasonable or impracticable to obtain their consent.
• The source of the threat. For example, it would generally be unreasonable to seek consent from the individual posing the threat, particularly where they would be unlikely to give it, or where seeking their consent could increase the threat or make it more difficult to prevent.
• Whether the individual can be contacted. For example, it will generally be impracticable to obtain consent if the individual’s location is unknown or cannot reasonably be discovered, or if there is another reason they can’t be contacted, eg they are in a remote or disaster affected area with limited ability to receive communications.
• The number of individuals whose information is to be collected, used or disclosed. For example, it may be impracticable to obtain consent from a very large number of individuals (though see below as to the relevance of inconvenience, time and costs)
• The inconvenience, time and cost involved in obtaining consent. However, it is not unreasonable or impracticable to obtain consent just because it would be inconvenient, time-consuming or impose some cost. Whether those factors make it impracticable to obtain consent will depend on whether the burden is excessive in all the circumstances.

A serious threat

The threat the agency is trying to lessen or prevent by collecting, using or disclosing the information must be serious and it must be to an individual’s life, health, or safety or to public health or safety.

The likelihood of the threat occurring as well as the consequences if it materialises are both relevant when deciding if a threat is serious. A threat that could have dire consequences but is highly unlikely to occur would not generally constitute a serious threat. However, a potentially harmful threat that is likely to occur, but at an uncertain time, may be a serious threat, such as a threatened outbreak of infectious disease. This allows agencies to take preventative action to stop a serious threat from escalating before it materialises.

The individual whose personal information is being considered does not have to be the one facing the harm and the threat does not need to be to an identifiable person. It may be a threat of harm to be randomly inflicted, or inflicted on a class of people, so that it is impossible to identify a specific person against whom the threat is directed.

Health includes mental health—mere stress, aggravation, or inconvenience would not constitute serious harm, however the triggering of a serious stress-related disorder could. For public health or safety—this must be a real and serious threat to the general public, or a portion of it, such as an outbreak of disease, or a bushfire threatening a locality.

The threat does not have to occur in Queensland or even in Australia.  It may happen anywhere in the world.

Can collection/use/disclosure prevent or lessen the threat?

Agencies must reasonably believe that the collection, use or disclosure will prevent or lessen the threat. This will generally require a sufficient link between the collection, use or disclosure of the information and the prevention or lessening of the threat.

In the case of a disclosure, it would normally be to another agency or body with the capacity and authority to reduce or prevent the threat.

Regular or expected disclosures

Generally, this exception should be used in emergency or extraordinary situations and not to justify regular or ongoing disclosures. However, in some circumstances this may be appropriate, depending on the nature of the threat and the sensitivity of the information. For example, a local council might provide information to the Rural Bushfire Brigade so that the Brigade can prepare local landholders for bushfire season.

However, if an agency expects that disclosures of this kind will be regular and ongoing, it must include it in their QPP 5 notice.  See QPP 5 – What agencies must tell people when collecting personal information for more information.

Necessary

Part of deciding if the collection, use or disclosure is necessary involves making an assessment about whether the harm can be lessened or prevented without the information, eg by de-identifying information before disclosure or collection de-identified information.  If so, then the collection, use or disclosure is not necessary.

It is not sufficient that an agency simply believes the threat exists.  It must believe that the collection, use or disclosure of information is necessary to lessen or prevent that threat.  The following questions will assist agencies in making that determination:

• Is the information being collected, used or disclosed with the intention of lessening or preventing the threat?
• Is the information being collected, used or disclosed to manage the threat?
• When disclosed, is the recipient in a position to act on the information to lessen or prevent the harm?

Will the proposed collection, use or disclosure reduce the threat?

Agencies considering collecting, using or disclosing information to reduce threats to public health or public safety may find it useful to discuss the threat in general terms (and whether the proposed collection, use or disclosure is likely to reduce the threat) with a relevant authority dealing with public health or safety, for example a health agency or the agency responsible for environmental health.

Prevent or lessen

For a threat to be prevented or lessened the collection, use or disclosure of information must allow the body collecting, using or receiving it to take steps they would not otherwise have been able to take to either remove reduce it.  It must be more than a mere chance of reducing it, or a ‘just in case’ measure. For example, releasing a suspected offender’s picture and details to the media would, in most circumstances, be unlikely to satisfy these requirements.

If the attempt to prevent or lessen the threat is unsuccessful it will not invalidate the collection, use or disclosure, as long as the belief that collecting, using or disclosing the information would do so was reasonable.