Federal Register of Legislation - Australian Government

Primary content

Guides & Guidelines as made
These Guidelines determine protection of privacy in the conduct of medical research.
Administered by: Attorney-General's
Registered 31 Jul 2008
Gazetted 22 Mar 2000
Date of repeal 12 Mar 2014
Repealed by Issuing of guidelines under section 95 of the Privacy Act 1988

 

 

 


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Guidelines Under Section 95

 

of the  Privacy Act 1988

 

 

 

 

 

 

 

 

 

 

Guidelines Under Section 95 of the Privacy Act 1988                         1

 
March 2000


 

 

 

 

 

 

©  Comm onwealth  of  Austral ia  2000

 

ISB 1864960981

 

 

 

 

This  work  i s  copyrig ht.  Apart  from  any  use  as  permi tted  under  the  C opyright  Ac t  1 96 8, no  part  m ay  be  reproduc ed  by  any  process  without  pri or  written  permiss ion  from AusInfo.  Requests  and  enquiries  con cerning  reproduc tion  and  ri g hts  shoul d  be

addressed  to  the  Manag er,  Leg is lative  Ser vices,  AusI nfo,  G PO  Box  1920,  Canberra  ACT

2601.

 

 

The  strateg ic  intent  of  the  NH MRC  is  to  work  with  other s  for  the  health  of  all

Australi ans,  by  prom oting  inform ed  debate  o n  ethic s  a nd  polic y,  provi ding  knowl edg e based  advi ce,  foster ing  a  hig h  qua lity  and  internation ally  rec og nised  res earch  base,  a nd applying  researc h  ri g our  to  heal th  is sues.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

NH MRC  documents  are  prepared  by  panels  of  ex perts  drawn  from  a ppropriate

Australi an  academ ic,  professional,  co mmun ity  and  g overnment  organisati ons.  NH MRC  is g rateful  to  these  people  for  the  ex cellent  work  they  do  on  its  b ehalf.  This  wor k  is

usuall y  performed  on  an  honora ry  basis  and  in  add ition  to  their  us ual  work

c om m itm ents.

 

 

 

 

This  doc ument  is  sold  throug h  AusInfo  G overnment  I nfo  Booksh ops  at  a  pri ce  whic h covers  the  cos t  of  printing  and  distri bution  onl y.  F or  publi catio n  purcha ses  pleas e contac t  AusI nfo  on  their  tol l-free  num ber  132  447,  or  throug h  their  internet  addr ess:

 

 

2        Guidelines Under Section 95 of the Privacy Act 1988

 
http:// www. ausi nfo.g ov. au/g ener al/ g en_hottobu y.htm


 

 

 

 

 

 

CONTENTS

 

 

 

 

 

 

Abbreviations                                                                                                   5

 

Introduction                                                                                                     7

 

Privacy  and medical  research                                                                                   7

 

Application of  the  Privacy Act 1988 (Cth)  to medical research                          7

 

Guidelines  for  the  protection  of  privacy  in the  conduct

of medical research                                                                                                   8

 

Other legislation and regulations                                                                          8

 

The Australian Health Ethics  Committee, the National

Health and Medical Research Council and the  National

Statement on Ethical Conduct in Research Involving Humans                                     8

 

The future                                                                                                                 9

 

Guidelines under section 95 of the Privacy Act 1988                                     11

 

Appendix 1

 

Information  Privacy  Principles                                                                             17

 

Appendix 2

 

Privacy Act 1988 (Commonwealth), Section  95                                                      22

 

Appendix 3

 

Joint NHMRC/AVCC Statement and Guidelines on

Research Practice,  Section 2                                                                                     23

 

Appendix 4

 

Glossary  of  definitions                                                                                         25

 

Appendix 5

 

Information  about the  National Statement on Ethical

Conduct in Research Involving Humans                                                                    26

 

 

 

 

 

 

Guidelines Under Section 95 of the Privacy Act 1988                                                                                3


 

 

 

 

 

 

ABBREVIATIONS

 

AHEC                                                  Australian Health Ethics Committee AVCC             Australian Vice-Chancellors Committee HREC         Human Research Ethics Committee

IPP                                                        Information Privacy Principles

 

NHMRC                                              National Health and Medical Research Council

 

OECD                                                  Organisation for Economic Cooperation and

Development

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Guidelines Under Section 95 of the Privacy Act 1988                                                                                5


 

 

 

 

 

 

I N T R O D U C T I O N

 

 

Privacy and medical research

 

An individuals  right to privacy  is  a fundamental  human  right. This  is  recognised  in

a number of international instruments, in particular, the International Covenant on Civil and Political Rights (Article 17) and the  OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Australia adopted the OECD Guidelines  in  1984  and the  principles  in  those  guidelines  were  incorporated  in the federal Privacy Act 1988  (Privacy Act), which deals  with personal information

privacy protection, a component of the broader concept of privacy.

 

However, the right to privacy is  not an absolute  right. In some circumstances, it must be weighed against the  equally justified rights of others and against matters that benefit society  as  a whole.

 

The conduct of  medical research presents  one of these circumstances. Medical research is important for providing information to help the community make decisions that impact on the health of  individuals and the community. However, it should be  carried out in such a way as to minimise the intrusion on peoples privacy. Optimally, this  is done by  obtaining  the  informed consent of participants

prior to using their personal information. Where this is  not practicable, de-identified information should be used. Where neither  of these options  are available, it may  be that identified information must be used without consent in order for the  medical research to proceed.

 

In these  latter  cases, there  is  a need to balance  the  public interest in medical research against the  public interest in privacy.  These  guidelines  provide  a framework in which such decisions can be made.

 

 

Application of the       Privacy Act to medical research

 

Section 14  of  the  Privacy Act  sets  out eleven  Information  Privacy  Principles  (IPPs)

(Appendix 1), that govern the conduct of Commonwealth agencies  in their collection, management and use of data containing personal information. The IPPs do not permit agencies  to use or disclose in identifiable form records of  personal information for research and statistical purposes, unless specifically authorised or required by  another law, or the  individual has consented to the  use or disclosure.

 

Section 95  of  the  Privacy Act  (Appendix  2) provides  a process  to resolve  such

conflict that  may  arise  between the  public interest in privacy  and  the  public  interest

in medical  research, where  medical  research using  personal information  held  by  a Commonwealth agency  would  otherwise  involve  a breach  of  privacy  under  the Privacy Act.

 

Under  Section  95, the  National Health  and  Medical Research  Council  (NHMRC) may, with the approval of the Privacy Commissioner, issue  guidelines for the protection

of privacy in the  conduct of medical research. The Commissioner may only approve the  guidelines if  she/he is satisfied that the public interest in the  promotion of

 

 

 

Guidelines Under Section 95 of the Privacy Act 1988                                                                                7


 

 

 

 

 

 

research of  the  kind  to which  the  guidelines  relate  outweighs  to a substantial

degree the  public interest in maintaining adherence  to the  IPPs.

 

The  Guidelines Under Section 95 of the Privacy Act 1988  provide  a framework  for

the  conduct of  medical research using  information held by  Commonwealth agencies where identified information needs  to be used without consent. In these situations,

a Commonwealth agency  may collect or disclose, in identifiable form, records for medical research purposes  without infringing the  Privacy Act if the  proposed medical research has  been approved by a properly constituted Human Research

Ethics  Committee  (HREC) in  accordance  with the  Guidelines Under Section 95 of the

Privacy Act 1988.

 

As  part of  these  guidelines, NHMRC  is  required to  provide  an  annual  report to the Privacy Commissioner on Commonwealth agencies release  and subsequent use of personal information.

 

 

Guidelines for the protection of privacy in the conduct  of medical research

 

The  Guidelines for the Protection of Privacy in Medical Research were  first issued

on 1  July  1991.  These  guidelines  remained  in force  until  July  1995  when, following

a review by  the  NHMRC, the  Privacy  Commissioner  approved  a revised set of guidelines. The revised guidelines  featured minor amendments to the previous guidelines, with the major change being the presentation of the guidelines  in the context of  an information paper, produced by  the NHMRC, titled Aspects of Privacy

in Medical Research (endorsed by the NHMRC in 1995).

 

The  guidelines set out in this document will replace  Aspects of Privacy in Medical

Research.

 

 

Other legislation and regulations

 

Researchers and others using these  guidelines should be aware that there is  also

some  regulation at State  and Territory  level, either  in the  form  of  legislation related

to privacy  generally, administration of agencies or  in administrative codes  of practice, that may  have  a bearing on either access to personal information to be

used in research or the way in which proposed research must be conducted. Some jurisdictions have included stricter limitation on the handling of personal

information as  part of the administrative structure of health departments  and agencies.

 

 

The Australian Health Ethics Committee, the National Health and Medical

Research Council and the         National Statement on Ethical Conduct in Research

Involving Humans

 

The Australian Health Ethics Committee (AHEC) is a principal committee  of the NHMRC. AHEC advises the NHMRC on ethical issues  relating to health and monitors and advises on the functioning of HRECs that review proposed research projects involving human participants.

 

 

 

 

8        Guidelines Under Section 95 of the Privacy Act 1988


 

 

 

 

 

 

The  National Health and Medical Research Council Act 1992  requires  AHEC  to

develop and give the NHMRC guidelines for the  conduct of medical research involving  humans.  These  guidelines  were  issued in  June  1999  as  the National

Statement on Ethical Conduct in Research Involving Humans, (National Statement), superseding the NHMRC Statement on Human Experimentation and Supplementary Notes 1992.

 

The  National Statement  contains  some  guidelines  on protection of  privacy  of

personal information in research and references are made  to the  IPPs  as the relevant standards  of  conduct.  The following    Guidelines Under Section 95 of the

Privacy Act 1988  should be read together with the                  National Statement. It is intended  at a future  date  to integrate  the  Guidelines Under Section 95 of the Privacy Act 1988  with the  National Statement.

 

 

The future

 

On 16  December  1998  the  federal government announced  that it intends  to  legislate

to support and strengthen self-regulatory privacy protection in the private sector, and that a light-touch legislative  regime would be  introduced. The scheme will involve  amendment of  the  Privacy Act and will  be  based  on the  revised National Principles for the Fair Handling of Personal Information, (National Principles) which are  in turn based on  the  IPPs.  These  were  released by  the  Privacy Commissioner  in January  1999  and are  available  on the  Privacy  Commissioners website at http://www.privacy.gov.au.

 

If  the  amendments  are  passed, the  Privacy Act  will  apply  to  many  private  sector bodies and some  universities  which conduct research. This will mean that there is  a question to resolve as  to whether the IPPs or the  National Principles will be  the standard to be applied to the handling of information in non-federal agency

research. This  may  mean that  the  following  guidelines  and/or  the  National

Statement need to  be  further  revised.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Guidelines Under Section 95 of the Privacy Act 1988                                                                                9


 

 

 

 

 

 

G U I D E L I N E S  U N D E R  S E C T I O N  9 5  O F  

T H E P R I V A C Y  A C T  1 9 8 8

 

 

1.         The use of  the guidelines

 

1.1       Where  medical  research*  involves  the  use  of  personal information*  held  by  a

Commonwealth agency*, the  processes  that are set out in these  guidelines must be followed, in order for the information to be lawfully used or released.

 

1.2       Where  a Commonwealth  agency  seeks  to rely on these  guidelines  to lawfully release personal information for the purpose of medical research where this would otherwise  involve  a breach of  an IPP, the  agency  must satisfy  itself  that research on which the personal information is to be  used has been approved

by an Human Research Ethics Committee (HREC)1  for the particular purpose in accordance with these guidelines.

 

1.3       Agencies  may always decline  to disclose personal information for use in medical research even where  the  medical research has  been  approved by  an HREC in accordance with these guidelines.

 

 

2.         Procedures to be followed by researchers

 

2.1       An overriding  obligation for  the  researcher  is  at all times  to respect the dignity and personal privacy  of  the  individual.

 

2.2       The researcher must give a written proposal for the research to an HREC, with any information necessary for members of that HREC to meet their responsibilities under these  guidelines. Guidance on the information to be included in the written proposal is set out in paragraph 2.4.

 

2.3       When research may  involve  a breach of  an IPP or IPPs, the proposal for that research to be  submitted to an HREC  must contain a reference  to that IPP or IPPs, and must also state  reasons  for believing that the  public interest in the research outweighs, to a substantial degree, the  public interest in adhering to that IPP(s). In that proposal, the researcher must provide the HREC with necessary information to enable the  HREC to weigh the  public interest considerations in accordance with section 3.2  of these guidelines.

 

While Section 95  refers  to the IPPs generally,  the most  common breach or potential breach of the IPPs requiring the use of these guidelines will be one involving  disclosure, which would otherwise be prohibited by IPP 11.

 

 

 

 

 

*                 See Appendix 4:  Glossary

1.         See ‘2. Human Research Ethics Committees’, National Statement on Ethical Conduct in Research Involving Humans (1999) that explains terms of reference, membership constitution and committee procedures, etc for HRECs.

 

 

Guidelines Under Section 95 of the Privacy Act 1988                                                                            11


 

 

 

 

 

 

2.4              In the  proposal for  the  conduct of  each  such  research project, the  researcher

should state:

 

(a)        the  aims  of  the  research;

 

(b)       the  credentials  and  technical competence  of  the  researcher;

 

(c)        the  data needed  and  how it will be  analysed;

 

(d)       the  source  of  the  data;

 

(e)        the  study  period;

 

(f)        the  target population;

 

(g)       the  reasons  why  identified*  or  potentially  identifiable*  information is needed rather than de-identified* information, and the reasons why it is not proposed to seek consent to the  use of  personal information.

 

[Note: Any genetic research should be conducted in accordance with the  principles  in 16. Human Genetic Research of  the  National Statement on Ethical Conduct in Research Involving Humans (1999) when considering the release of personal information, and genetic testing.]

 

(h)       the specific uses to which the personal information used during the study  will  be  applied;

 

(i)        the proposed method of publication of results  of the research;

 

(j)        the estimated time  of retention of the  personal information;

 

(k)       the identity of the custodian(s) of the personal information used during the research;

 

(l)        security  standards to be  applied to the personal information. In

particular, that personal information will be retained in accordance  with the Joint NHMRC/AVCC Statement and Guidelines on Research Practice

(Appendix  3), and in a form  that is  at least  as  secure  as  it was  in the sources from which the  personal information was obtained unless more stringent legislative  or contractual provisions  apply;

 

(m)      a list of personnel with access  to the  personal information;

 

(n)       the standards that will be applied to protect personal information disclosed by  a Commonwealth agency. These should include the:

 

(i)         terms of any disclosure agreement between the agency and the researcher to govern the limits on use and disclosure of that personal information; and

 

(ii)        proposed methods of disposal of the personal information on the completion of the research, and that these are in accordance with the Archives Act, 1983 for Commonwealth records and legislative requirements of a State or Territory; and

 

 

*                 See Appendix 4:  Glossary

 

12       Guidelines Under Section 95 of the Privacy Act 1988


 

 

 

 

 

 

(iii)              standards that will be applied to protect privacy of personal

information where it is made available to other researchers or third parties if that is proposed.

 

2.5       A  researcher  should provide  to  the  agency  from  which  personal  information

is  sought written  notification of  the  decision  of  an HREC  made  in accordance with these guidelines.

 

2.6       If a researcher uses personal information obtained from a Commonwealth agency  in accordance with these  guidelines to contact a person, the researcher must inform that person:

 

•           that personal information has been provided by that Commonwealth agency  in accordance with these  guidelines; and

 

•           how that information will be used; and

 

•           that he  or she is free at any time to withdraw consent for further involvement in the research [See 1. Principles of Ethical Conduct; subheading  ‘Consent, National Statement on Ethical Conduct in Research Involving Humans (1999)]; and

 

•           of  the  standards  that will apply  to protect the  privacy  of  that person, and

 

•           of existing complaint mechanisms to HRECs and the Commonwealth

Privacy Commissioner.

 

2.7       The researcher must immediately report to the HREC anything that might warrant review of  ethical  approval  of  the  research proposal  [See  2. Human Research Ethics  Committees; subheading  Monitoring’, paragraph 2.37

National Statement on Ethical Conduct in Research Involving Humans (1999)].

 

 

3.         Consideration by Human Research Ethics Committees (HREC)

 

3.1       Before  making  a decision under  these  guidelines,  an HREC  must assess whether it has sufficient information, expertise and understanding of  privacy issues, either amongst the members of the HREC or otherwise  available to it,

to make a decision that takes proper  account of privacy. [See 2. Human Research Ethics  Committees and  18. Privacy  of  Information, National Statement on Ethical Conduct in Research Involving Humans (1999)].

 

3.2       In making  a decision  under  these  guidelines, an HREC  must consider  the following matters:

 

(a)        identify  and consider the  IPP or IPPs that might be  breached in the course of the proposed research, including whether it is necessary for the  research to use identified or potentially identifiable  data, and whether it is reasonable for the  research to proceed without the

consent of the individuals to whom the information relates, and

 

(b)       ensure  that the  committee  has  the  competence  to  determine  if  the public interest in the proposed research outweighs, or does  not outweigh,  to a substantial  degree, the  public interest in the  protection

 

Guidelines Under Section 95 of the Privacy Act 1988                                                                            13


 

 

 

 

 

 

of  privacy.  If  the  public  interest in the  proposed research does  not

outweigh,  to a substantial  degree, the  public interest in the  protection of  privacy  then the  research should not be  carried out.

 

 

Weighing the public interest

 

3.3       In reaching  a decision  under  3.2  (b)  an HREC  should consider  the  following matters:

 

(a)        the  degree  to which the  medical research is  likely  to contribute  to:

 

•           the identification, prevention or treatment of illness or disease; or

 

•           scientific understanding relating to health; or

 

•           the protection of the health of individuals and/or communities; or

 

•           the improved delivery of health services, or

 

•           scientific understanding or knowledge.

 

(b)       any  likely  benefits  to individuals, to the category of persons to which they  belong, or  the  wider  community  that will  arise  from the  medical research being undertaken in the manner proposed;

 

(c)        whether the  medical research design can be  satisfied without risking infringement of an IPP and the  scientific defects in the medical research that might arise if the medical research was  not conducted in the

manner proposed;

 

(d)       the financial costs  of not undertaking the medical research (to government, the  public, the  health care  system, etc);

 

(e)        the public importance  of  the  medical research;

 

(f)        the  extent to which the  data being  sought are ordinarily  available to the public from that Commonwealth agency; and

 

(i)         whether the medical research involves use of the data in a way which is inconsistent with the purpose for which the data were made public; and

 

(ii)        whether the medical research requires an alteration of the format of the data of a kind that would, if used by an agency, involve a

breach of an IPP.

 

(g)           whether  the  risk  of  harm  to a person whose  personal information is  to be used in proposed research is minimal, having regard to the elements

of that research provided in response to paragraph 2.3  of  these guidelines;

 

(h)       the standards of  conduct that are to be observed in medical research, including:

 

(i)         the study design and the scientific credentials of the researchers;

 

(ii)        if the research involves contact with participants, the procedures or

 

 

14       Guidelines Under Section 95 of the Privacy Act 1988


 

 

 

 

 

 

controls which will apply to ensure that participants are treated with

integrity and sensitivity, including whether questions to be asked or procedures to be employed are intrusive;

 

(iii)       whether access to personal information is restricted to appropriate researchers;

 

(iv)       the risk that a person or group could be identified in the published results; and

 

(v)        the procedures that are to be followed at the completion of the research to ensure that all data containing personal information are

at least as secure as they were in the sources from which the data were obtained, including the date when the data will be destroyed or returned.

 

 

Recording, notification and monitoring of decisions

 

3.4       The  decision of the HREC under 3.2 (b) will be  recorded in accordance with paragraph 2.30 of  the  National Statement on Ethical Conduct in Research Involving Humans (1999).

 

Wherever  access  to personal information  from  a Commonwealth agency  is being considered, the HREC must also record the following:

 

•           the Commonwealth agency from which the information will be sought;

 

•           the data items sought from the Commonwealth agency and approved by the HREC;

 

•           the number of  records involved;

 

•           which IPPs would be  infringed, and

 

•           how and on what grounds the HREC came to the conclusion that it had sufficient information, expertise and understanding of privacy issues

either  amongst the  members of  the  HREC or otherwise available  to it, to make a decision that takes proper account of  privacy.

 

3.5       It is  an obligation of  the HREC to monitor the research in accordance  with 2. Human Research Ethics  Committees;  subheading  Monitoring’,  National Statement on Ethical Conduct in Research Involving Humans (1999).

 

3.6       When the  HREC  approves  a research proposal, it  must decide  whether  the research should commence  within a defined period from the  date  of approval and whether the  project should be  completed within a set period, and notify

the researcher of that decision.

 

 

4.         The responsibilities of the NHMRC

 

4.1       The  AHEC  will report annually  to  NHMRC  in relation to  HRECs  generally, based on the annual compliance report. The report will also include  specific decisions and information as required by paragraph 3.4  of these guidelines.

 

 

 

Guidelines Under Section 95 of the Privacy Act 1988                                                                            15


 

 

 

 

 

 

4.2              The  AHEC  of  the  NHMRC  may  request, at any  time, information in relation  to

paragraphs  3.4,  3.5  and  3.6  above.

 

4.3       When there  has  been a failure  to comply  with the  guidelines  the  AHEC  of  the

NHMRC will:

 

•          report details of  the  failure to the  Privacy Commissioner and may name the researcher or the HREC responsible, and

 

•          where that failure involves use of  personal information disclosed by a

Commonwealth agency, inform that agency of details of the failure.

 

 

5.         Reports to or for the Privacy Commissioner

 

5.1       AHEC will annually  report details to the Privacy Commissioner of the research projects conducted under these guidelines and shall include evaluation of the operation of these guidelines for the year of reporting.

 

5.2       AHEC will also provide to the Privacy Commissioner, at his or her request, additional information about the operation of the guidelines, research projects conducted under these guidelines  and/or any  failures to comply with these guidelines.

 

 

6.         Complaint mechanisms

 

6.1       Complaints  may be  made  to:

 

(a)        HRECs concerning the researchers and/or the institutions conduct of

an approved research project that may  interfere with the  privacy of  the individual,

 

[See  Principle  2. Human Research Ethics  Committees; subheading

‘Complaints (National Statement on Ethical Conduct in Research

Involving Humans 1999)]

 

and/or

 

(b)       the  Privacy  Commissioner  concerning  the  use  of  personal  information by Commonwealth agencies.

 

Under  Section  36  of  the  Privacy Act  1988, an individual may  complain to the  Privacy  Commissioner  about an  act or  practice  that may  be  an

interference with the privacy of the individual. Where a Commonwealth agency  seeks  to rely  on these  guidelines  in order  to lawfully  release personal  information for  the  purpose  of  medical research under  Section

95, an individual may  complain if  the  procedures  set out in  these guidelines are not followed.

 

 

7          Date of review

 

7.1       The  NHMRC is required to initiate  a review of  the adequacy and operation of the  guidelines twelve months from the date  of  issue.

 

 

 

16       Guidelines Under Section 95 of the Privacy Act 1988


 

 

 

 

 

 

A P P E ND IX 1

 

 

I N F O R M AT I O N  P R I V A C Y  P R I N C I P L E S

 

 

[from  the  Privacy Act  1988 (Commonwealth)]

 

 

Principle 1

 

Manner and purpose of collection of personal information

 

1.         Personal  information shall not be  collected  by  a collector  for  inclusion  in a record or  in a generally  available  publication unless:

 

(a)        the information is collected for a purpose that is  a lawful purpose directly related to a function or activity of the collector; and

 

(b)       the  collection of the information is necessary for or directly  related to that purpose.

 

2.         Personal information shall not be collected by  a collector by unlawful or unfair means.

 

 

Principle 2

 

Solicitation of personal information from individual concerned

 

Where:

 

(a)        a collector collects personal information for inclusion in a record or in a generally  available  publication;  and

 

(b)       the information is solicited by the collector from the  individual concerned;

 

the  collector  shall  take  such steps  (if  any)  as  are, in the  circumstances,  reasonable

to ensure that, before the information is collected or, if  that is not practicable, as soon as practicable after the information is collected, the individual concerned is generally  aware  of:

 

(c)        the purpose for which the information is being collected;

 

(d)       if the collection of the information is authorised or required by or under lawthe fact that the collection of the information is so authorised or required; and

 

(e)        any  person to whom, or any body or agency  to which, it is the collectors usual practice  to