Privacy Principles

Information Privacy Principles (IPPs)

Under the Information Privacy Act2009 (IP Act) Queensland public sector agencies, with the exception of Queensland Health, are required to comply with eleven (11) Information Privacy Principles (IPPs) that set out how personal information must be collected and managed in the public sector environment.

The IPPs have been adapted from the Commonwealth Privacy Act 1988.The full text of the IPPs is available in the IP Act, Schedule 3. In summary, the IPPs have the same force and effect as sections in legislation and make provision for the following:

1. collection of personal information (IPPs 1, 2, 3)
2. security and storage of personal information (IPP 4)
3. information about personal information holdings (IPP 5)
4. access to and amendment of personal information (IPPs 6, 7)
5. use of personal information (IPPs 8, 9, 10)
6. disclosure of personal information (IPP 11)

National Privacy Principles (NPPs)

Under the IP Act, Queensland Health is required to comply with nine (9) National Privacy Principles (NPPs) that set out how personal information must be collected and managed in the public health sector environment.  As is the case with the IPPs, the NPPs have the same force and effect as sections in legislation.

The NPPs have been adapted from the Commonwealth Privacy Act 1988.
The full text of the NPPs is available in the IP Act, Schedule 4. In summary, the NPPs make provision for the following:

• collection of personal information (NPP 1)
• limits on use or disclosure of personal information (NPP 2)
• quality of personal information (NPP 3)
• security of personal information (NPP 4)
• information about personal information holdings (NPP 5)
• access to and amendment of personal information (NPPs 6, 7)
• anonymity (NPP 8)
• collection and handling of sensitive personal information (NPP 9)