Information Act

Information Act

Open All | Close All

The Northern Territory Information Act (the Act) was passed by the Northern Territory Legislative Assembly on 8 October 2002. The Act commenced on 1 July 2003 and will affect the way that Northern Territory public sector organisations collect, use and store University and personal information. Under the Act and for the first time in Australia, the related issues of freedom of information (FOI), privacy and records and archives management are brought together.

The Act is designed to promote the protection of personal information and the free flow of government information subject only to the need to protect essential public interests and the private and business interests of persons.

The primary purpose of the Act is to encourage the view within government that access to information is of positive benefit and that public sector organisations should operate within a culture of readily providing access to government information, unless good reasons exist for not doing so.

The Act has four main components:

  • A right of access to government information, including personal information, except where an exemption applies
  • The appointment of an Information Commissioner
  • Effective and responsible record keeping and records management
  • The protection of personal information in the public sector by applying Information Privacy Principles (IPPs).

The Act does not replace other procedures for accessing information, or limit access to government information (other then personal information) this is already publicly available.

The Act creates a legal right of access to government and personal information held by government, including the right to request the correction of personal information where a person believes that the information regarding them is incorrect, inaccurate or out of date. This right of access is limited where the disclosure of particular information would be contrary to the public interest, due to it having a prejudicial effect on essential public interests or on the private or business interests of other persons.

The Act will apply to University information that was created up to 10 years before commencement of the Act, and to personal information created at any time.

After two years of operation of the Act, it will be possible for individuals to access information that was created or received more than 10 years before the commencement of the Act.

Under the Act the University is encouraged to provide as much University information as possible to the public, within the requirements of the Act. The University can refuse applications for access to University and personal information, and applications to correct personal information, where:

  • The information falls under one of the public interest exemptions identified in Part 4 of the Act
  • Providing access would unreasonably interfere with the operations of the public sector organisation.

Where the release of information is prohibited by another Act, it is automatically exempt from disclosure. A three (3) year sunset period applies for this exemption.

Cabinet and Executive Council information, security and law enforcement information, and privacy and cultural information can be excluded as categories of information that are often not in the public interest to release.

Other exemptions may be granted in particular cases if they pass the harm tests outlined in the Act. For example, if disclosure would prejudice specified interests such as police investigations, the right of a person to a fair trial, or intergovernmental relations. In other cases, information only falls within the exemption provisions if its disclosure would have a substantial adverse effect on other specified interests, such as the management of the University or the financial or property interests of the University.

In addition, University commercial undertakings are protected where they might be exposed unreasonably to disadvantage by exercise of rights under this Act.

The Chief Minister is the only person able to issue an exemption certificate. Exemption certificates are valid for up two years and are renewable.

The Information Act enables the appointment of an Information Commissioner.

Under the Act, the Information Commissioner is able to accept complaints in relation to public sector organisations refusing requests for a review of a decision relating to an application to access information and alleged privacy interference. This includes complaints from third parties whose personal information may have been provided to another person without permission.

The Information Commissioner will be able to investigate, mediate and conduct hearings into complaints. This means that complaints and dispute resolution can be dealt with quickly and inexpensively, with the focus being on informality and mediation rather than on litigation.

However, review of decisions and complaints to the Information Commissioner will not be possible for the first 12 months of operation of the Act.

The Information Commissioner will also be able to conduct audits of public sector agency records to determine compliance with the privacy provisions of the Act.

In addition, the Information Commissioner can award damages (not exceeding $60 000) where actual loss or damage has been suffered by a complainant as a result of a privacy interference.

Requirements in relation to records and archives management are under Part 9 of the Act.

Under the Act, the Vice-Chancellor has a duty to ensure that the University complies with the records and archives management requirements. The Act also identifies University obligations concerning the protection, management, transferring and form of records.

The NT Archive Service can prepare and review standards for the management of records. The standards must have the Vice-Chancellor’s approval in order to take effect.

The Act provides for the management of archives, including requirements for the transfer of records to archives, the determination of open access periods (ordinarily 30 years unless in the public interest to remain closed), and accessing and correcting archives not publicly available.

In addition, it is an offence (in certain circumstances) under the Act to mishandle information and penalties may apply.

A schedule of fees and charges has been established by Regulation.

Under the Act (section 157) fees charged by public sector organisations must be reasonable, and no fee is to be charged for time spent locating misplaced information.

The University may charge an application fee1 or processing fee2 and the Commissioner may charge a fee in relation to making a complaint.

The University or the Commissioner may waive or reduce a fee is they consider it appropriate. In waiving or reducing a fee, the University or the Commissioner must have regard for:

  • The circumstances of the application or the complaint, including any impecuniosity or indigence of the applicant or the complainant
  • Personal financial resources
  • The objects of the Act.

The Regulations 3 prescribe the following:

Application fee

An agency may charge:

  • Nil - for an application relating to the applicant’s personal information
  • $30 - for an application relating to non-personal information.

Processing fee

An agency may charge a processing fee equal to the total cost of the services and materials specified in the Schedule (see below) provided in response to an application.

The cost of a service or materials provided is the amount, or is calculated at the rate, specific in the Schedule (see below) opposite the service or materials.

Deposit for processing fee

An agency may require an applicant to pay a deposit for a processing fee of:

  • 25% if the processing fee is estimated to be $100 or less
  • 50% of the estimate - if the processing fee is estimated to be more than $100.
Services and MaterialsAmounts and Rates
Searching for and retrieving information (but not misplaced information)Personal information - Nil Non-personal information - $25 for every hour or part of an hour
Considering and making decision in relation to application (including consultation)Personal information - Nil Non-personal information - $25 for every hour or part of an hour
Supervising examination of information by applicantPersonal information - first 2 hours - Nil - $25 for every hour, or part of an hour, over 2 hours. Non-personal information - $25 for every hour or part of an hour
Hiring out equipment or facilities to enable applicant to view or listen to disk, film or tapeActual cost
Operating equipment to copy disk, film or tape or to enable applicant to view or listen to disk, film or tape$25 for every hour or part of an hour
Other services to enable applicant to physically access informationActual cost
PhotocopiesBlack and white, A4 size photocopies - 20 cents per page. Other photocopies - actual cost per page
Copies of disks, films or tapesActual cost per copy
Written transcriptsActual cost per page
Packaging material for delivering or posting articlesActual cost
Delivery or postage chargesActual cost per article
  • A fee in respect of making an application
  • A fee in respect of the time taken and the costs incurred by an agency in response to an application
  • The Regulations may prescribe:
    • the amount of an application or processing fee; or the rate, formula or method to be used to calculate an application or processing fee
    • the different amounts, rates, formulae or method for different government information or agencies, or classes of information or agencies
    • provide for the estimation of application and processing fees
    • provide for the recovery of unpaid application or processing fees
    • prescribe the amount of a fee in relation to making a complaint
    • Government information that is not the applicant’s personal information.

The Act requires that public sector organisations must comply with the Information Privacy Principles (IPPs) as set out in the Schedule of the Act:

  • IPP1 is a collection principle. It describes what an organisation should do when collecting personal information
  • IPP2 outlines how organisations can use and disclose personal information
  • IPP3 (data quality) and IPP4 (data security) set the standards that organisations must meet for the accuracy, currency, completeness and security of personal information
  • IPP5 requires organisations to be open about how they handle personal information
  • IPP6 provides for access and correction rights, giving a general right of access to personal information and the right to have that information corrected if it is inaccurate, incomplete or out of date. This principle corresponds to the access provisions in the Act
  • IPP7 (identifiers) says that a unique identifier must not be assigned to individuals, unless it is necessary to enable the public sector organisation to perform its functions efficiently. This provides a safeguard against the creation of a single identifier that could be used to cross-match data across public sector organisations
  • IPP8 provides that, where possible, organisations must provide the opportunity for a person to conduct a transaction without identifying themselves
  • IPP9 (transborder data flows) outlines privacy protections that apply to the transfer of personal information outside the Northern Territory
  • IPP10 deals with sensitive information. Generally, consent is required from an individual when an organisation collects sensitive information, such as health information, information about racial or ethnic origins, political opinions, religious beliefs, or criminal record(s). Sensitive information is a subset of personal information and special protection applies to this information.

Public sector organisations may apply to have a code of practice approved that specifies the way that they will apply or comply with an IPP(s). A code of practice may modify an IPP, but only if the public sector organisation is not capable of complying with the IPP and the modification enables the public sector organisations to comply with the IPP. Any modification must give an effect that is as near as possible to the IPP.

Charles Darwin University ("the University") is committed to protecting your privacy. This Privacy Statement contains the University's policies for management of the personal information it collects. It is part of the procedures put in place by the University, which aim to protect the privacy of your personal information in accordance with the Information Privacy Principles ("IPPs") set out in the Information Act (NT) ("the Act").

Collection

The University collects the personal information that it needs to carry out its functions and activities, including its statutory functions.

The University may also collect statistical information to assist us and other government bodies to provide the most appropriate educational courses and facilities to students. Once this kind of information is collected, it will be de-identified so that any compilation or publication of those statistics will not reveal your identity.

The University may collect your personal information in a number of ways, including:

(a) directly from you in documents such as enrolment or application forms, via the student identification card system or by verbal or written correspondence; and

(b) from third parties such as other educational institutions or government bodies.

(c) using cookies on our website. A cookie is a piece of text sent from a web server to your computer, and is used to identify you only by a random number. This information does not personally identify you, but it does tell us that your computer has visited our site and what areas of the site have been browsed.

Use and disclosure

The University may use your personal information in a number of ways, including:

(a) to carry out the University's functions and activities;

(b) to provide information about the University's courses and facilities to students or prospective students;

(c) to provide educational services and to determine and provide appropriate support services and facilities to students;

(d) to administer and manage processes such as admission, enrolment, scholarships, accommodation, billing and collection of fees and charges, examinations and academic standing;

(e) to administer and maintain information technology services and facilities for the University.

The University will take reasonable steps to ensure that your personal information is not disclosed to third parties except in certain circumstances, including where:

(a) you have consented to the release;

(b) the release of the information is a condition of your sponsorship or enrolment;

(c) the University is authorised or required by law or regulatory requirements to disclose the information to, for example, the Australian Taxation Office or Centrelink;

(d) the information is provided to a third party which provides services to the University, in which case the University will endeavour to ensure that the service provider agrees to preserve the confidentiality of your personal information;

(e) the circumstances where the University is not prohibited from disclosing the information, as described in the Act.

Security of information

The University will take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.

Your personal information is generally stored in a secure place in the University faculty or department that uses that information. Your personal information may also be stored by the University in electronic form, which is protected from unauthorised access by a password system. University staff have access to your personal information only to the extent that is required for them to carry out their duties.

The University has in place a system to manage its records so that personal information is destroyed or permanently de-identified once it is no longer needed.

Access to your information

If you make a written request to us for access to the personal information the University holds about you, the University will provide you with access to that information, unless there is an applicable exception under the IPPs.

We may charge you a reasonable fee for providing you with access to the information.

Accuracy of information

The University wishes to ensure that the personal information it collects uses, or discloses is, and remains accurate, complete and up to date. If you think that your personal information retained by the University requires changing or updating, please contact your faculty or the Privacy Officer.

Privacy Officer

If you wish to access or change your personal information, or to lodge a complaint about an interference with your privacy, or you have any query on how your personal information is collected or handled, please contact our Privacy Officer:

Privacy Officer
Charles Darwin University
DARWIN NT 0909