Right to privacy
Part of the Privacy and right to information topic.
The Queensland Information Privacy Act 2009 (IP Act) protects your personal information when it is collected, stored, used or disclosed by Queensland Government agencies.
On this page
What you should know
The privacy principles outlined in the IP Act set out rules for how agencies must handle your information, with some exceptions for specific circumstances.
You can apply to the Office of the Information Commissioner to amend personal information that is held by the government.
If you believe the Queensland Government has handled your personal information in a way that’s inconsistent with the privacy principles, you have the right to make a privacy complaint.
Health agencies have additional obligations under the National Privacy Principles.
What is personal information
Personal information is any information that can reasonably identify you. This includes your:
- name
- address
- phone number
- email address
- date of birth
- photographs.
Privacy principles
The IP Act outlines privacy principles that apply to Queensland Government agencies. These principles ensure your personal information is handled appropriately.
Key privacy principles
- Information Privacy Principles (IPPs): Apply to all Queensland Government agencies except health agencies.
- National Privacy Principles (NPPs): Apply only to health agencies.
- Rules for transferring information outside Australia: Agencies must follow specific rules when transferring personal information overseas.
- Contractor arrangements: Agencies must ensure contractors comply with privacy principles when handling personal information.
How personal information is managed
Queensland Government agencies must follow strict rules when collecting, storing, using and disclosing your personal information.
Collecting your information
Agencies can only collect personal information that is directly related to their functions and activities. They must:
- collect information lawfully and fairly
- avoid unreasonably intruding into your personal affairs
- inform you why they are collecting your information and who it may be shared with (if applicable).
Storing your information
Agencies must protect your personal information from misuse, including unauthorised:
- access
- use
- modification
- disclosure.
Using and disclosing your information
Before using or disclosing your personal information, agencies must ensure it is accurate and up to date. They cannot use:
- more information than necessary
- it for a different purpose unless permitted by law.
Agencies can only disclose your personal information in specific circumstances, such as:
- when you have given express or implied consent
- to prevent a serious threat to life, health, safety or welfare
- when authorised or required by law
- for certain law enforcement activities.
Exceptions to privacy principles
Some entities, functions and documents are exempt from the privacy principles. For example:
- Entities: Commissions of inquiry.
- Functions: Judicial functions of courts.
- Documents: Cabinet documents.
- Ministerial advice: Information provided to a minister for portfolio responsibilities.
Additionally, only some privacy principles apply to:
- personal information you have published or provided for publication
- specific law enforcement activities.
Additional obligations for health agencies
Health agencies must comply with the NPPs, which include stricter rules for handling sensitive information, such as health records.
Key differences for health agencies
- Health agencies can only collect sensitive information in specific circumstances.
- They may disclose your personal information to another party if it relates to the purpose for which it was originally collected, without relying on a permitted exception.