Home | Databases | WorldLII | Search | Feedback Administrative Review Council - Admin Review

Editors --- "The Privacy Amendment (Private Sector) Act" [2003] AdminRw 14; (2003) 55 Admin Review 51

The Privacy Amendment (Private Sector) Act

The Privacy Amendment (Private Sector) Act 2000 came into effect on 21 December 2001. It amends the Privacy Act 1988 so as to apply privacy principles to the acts and practices of ‘organisations’. Section 6C(1) of the new Act defines an ‘organisation’ as ‘an individual, a body corporate, an unincorporated association, a partnership, or trust that is not a small business operator, registered political party, agency, State or Territory authority or prescribed instrumentality of a State of Territory’. To this extent the Act covers private sector bodies and contractors. It does not cover the state and territory public sector or state and territory government business enterprises.

The Act requires that, when dealing with ‘personal information’, organisations comply with the National Privacy Principles or an ‘approved privacy code’. The National Privacy Principles were developed by the Privacy Commissioner in consultation with business and consumers; they set out minimum standards for how business and other private sector organisations should deal with personal information. Private sector organisations are bound by the National Privacy Principles, unless they have their own privacy code—an approved privacy code—that has been approved by the Privacy Commissioner. The Privacy Commissioner will approve a code only if it provides as much privacy protection as the National Principles.

Despite these changes, it is important to note that the amendments allow a contractual clause between a Commonwealth agency and a contracted service provider to permit a breach of a National Privacy Principle (s. 6A(2)) or an approved privacy code (s. 6B(2)).

An agency that enters into a Commonwealth contract must ensure that the contract contains provisions to ensure that a contractor and subsequent subcontractors do not act in a way, or engage in a practice, that would breach an information privacy principle if that act were done or the practice were engaged in by the agency (s. 95B). The Act provides a model clause to assist Commonwealth agencies in discharging their obligations under s. 95B.

A small business operator that is also a contracted service provider under a Commonwealth contract is subject to the legislation in respect of the performance of the contract but will be exempt in relation to its other acts and practices (s. 6D).

Agencies and contractors are required to release, on request, details of privacy clauses in their contracts (s. 95C).