Information Act

• About the Act
• Applications and refusals
• Exemptions
• Information Commissioner
• Record Keeping
• Fees for Applications and Complaints
• Privacy
• Privacy Statement
• Forms

Privacy

The Act requires that public sector organisations must comply with the Information Privacy Principles (IPPs) as set out in the Schedule of the Act:

• IPP1 is a collection principle. It describes what an organisation should do when collecting personal information
• IPP2 outlines how organisations can use and disclose personal information
• IPP3 (data quality) and IPP4 (data security) set the standards that organisations must meet for the accuracy, currency, completeness and security of personal information
• IPP5 requires organisations to be open about how they handle personal information
• IPP6 provides for access and correction rights, giving a general right of access to personal information and the right to have that information corrected if it is inaccurate, incomplete or out of date. This principle corresponds to the access provisions in the Act
• IPP7 (identifiers) says that a unique identifier must not be assigned to individuals, unless it is necessary to enable the public sector organisation to perform its functions efficiently. This provides a safeguard against the creation of a single identifier that could be used to cross-match data across public sector organisations
• IPP8 provides that, where possible, organisations must provide the opportunity for a person to conduct a transaction without identifying themselves
• IPP9 (transborder data flows) outlines privacy protections that apply to the transfer of personal information outside the Northern Territory
• IPP10 deals with sensitive information. Generally, consent is required from an individual when an organisation collects sensitive information, such as health information, information about racial or ethnic origins, political opinions, religious beliefs, or criminal record(s). Sensitive information is a subset of personal information and special protection applies to this information.

Public sector organisations may apply to have a code of practice approved that specifies the way that they will apply or comply with an IPP(s). A code of practice may modify an IPP, but only if the public sector organisation is not capable of complying with the IPP and the modification enables the public sector organisations to comply with the IPP. Any modification must give an effect that is as near as possible to the IPP.