caslon analytics elephant logoahrooogah!!title for privacy profile

home | about | site use | services | guides | briefings  | analysphere

back to Privacy Guide

Clth agencies

other aspects

private sector

State Acts
section heading icon     Commonwealth Agencies

This profile is under construction. 

This page highlights the Privacy Act's coverage of Commonwealth government agencies. 

The following pages highlight other aspects (eg privacy provisions in the Telecommunications and Archives legislation), offer a detailed description of how the Privacy Act affects private sector bodies, and identify pertinent State/Territory legislation.

Our Censorship guide includes a page discussing official secrets and freedom of information legislation in Australia and overseas.

subsection heading icon   The Act

The Commonwealth 1998 Privacy Act, a decade in gestation after proposals by the Whitlam government and developments overseas, was intended to cover the privacy practices of the federal bureaucracy - essentially how Canberra handles the data it collects about citizens, particularly citizens who are paying taxes (or not, as the case may be) or receiving financial benefits. 

It's been sporadically augmented; most recently through extension - criticised by many as half-hearted - to the private sector

The 1998 Act lays down privacy safeguards that Commonwealth and ACT government agencies must observe when collecting, storing, using and disclosing personal information. The Act also gives individuals access and correction rights in relation to their own personal information. 

The 2000 extension to the private sector involves a 'light touch' regulation of data collection and handling activity by many parts of the private sector, including online activity. As we noted in the Privacy guide, expect ongoing amendment of the Act until Australia meets international standards and consumer expectations. 

 subsection heading icon   evolution

Until the amendments of December 2000 it applied to the wider community (including the private sector and state/local government agencies) only in relation to specific categories of information: tax file number information and consumer credit information.

Since commencement of the Privacy Act the Privacy Commissioner's jurisdiction has been extended. 

In 1989, the Commissioner was given functions in relation to spent convictions information. In 1990 two major additions were made in the areas of credit reporting and data matching -  the first major extension to private sector activity. In 1991 amendments to the National Health Act embraced guidelines for the operation of the eligibility checking system between pharmacists and the Health Insurance Commission. The Telecommunications Act 1997 added oversight of selfregulation by telecommunications carriers and service providers.

The Commissioner has issued Tax File Number Guidelines (pdf) to restrict the use of data based on tax file numbers (TFNs), the unique identifiers issued by the Australian Taxation Office (ATO) to identify individuals, companies and others who lodge income tax returns with the office. 

Unauthorised use or disclosure of the numbers is an offence under the Taxation Administration Act 1953 (TAA) and aspects of the Income Tax Assessment Act 1936 (ITA). 

The Data-matching Program (Assistance and Tax) Act 1990 regulates the matching of records between the Australian Taxation Office and social service agencies using the tax file number.

subsection marker icon     Credit Reporting

The Privacy Act provides safeguards for individuals in relation to consumer credit reporting, in particular the handling of credit reports by credit reporting agencies and credit providers. 

It is meant to ensure that use of the data is restricted to assessing applications for credit and other legitimate activities relating to personal finance. It does not directly affect commercial credit information.. The Commissioner issues a legally binding Code of Conduct (PDF) for credit reporting, along with determinations that deal with such matters as identification of credit providers and the particulars permitted to be included in a credit information file

subsection marker icon     Government Data-matching

Data-matching poses a particular threat to personal privacy because it involves analysing information about large numbers of people without prior cause for suspicion and because all applicants for government assistance must disclose their TFN. 

The Data-matching Program (Assistance and Tax) Act 1990 (DPAT) regulates the use of tax file numbers in comparing personal information held by the ATO and by agencies such as Centrelink and the Department of Veterans' Affairs. Data-matching guidelines (pdf) were first issued in September 1991; revised guidelines came into effect in February 1995.

The Act and guidelines contain a number of technical controls and fairness provisions that are overseen by the Privacy Commissioner. The Commissioner has also issued advisory Guidelines For The Use of Data-Matching In Commonwealth Administration, intended for voluntary adoption by agencies conducting matching other than the programs specifically regulated by the 1990 Act. These guidelines therefore apply when the TFN is not used in the matching process.

Under the National Health Act the Privacy Commissioner issues separate Medicare & Pharmaceutical Benefits Programs Privacy Guidelines (PDF) cover management of data collected as part of the national health benefits schemes and primarily apply to the Health Insurance Commission and the federal Health Department. They identify data storage and data matching regimes. The guidelines were first issued in 1993, with effect from April 1994, and were amended in October 1996.


icon for link to next page   next page (other aspects of Commonwealth legislation)