Federal Register of Legislation - Australian Government

Primary content

Privacy Regulation 2013

Authoritative Version
  • - F2015C00385
  • In force - Superseded Version
  • View Series
SLI 2013 No. 262 Regulations as amended, taking into account amendments up to Privacy Amendment (2015 Measures No. 2) Regulation 2015
This regulation updates and consolidates certain provisions that were contained in the principal regulations. It also gives effect to the Privacy Amendment (Enhancing Protection) Act 2012.
Administered by: Attorney-General's
Registered 05 May 2015
Start Date 02 May 2015
End Date 30 Jun 2015

Privacy Regulation 2013

Select Legislative Instrument No. 262, 2013

made under the

Privacy Act 1988

Compilation No. 4

Compilation date:                              2 May 2015

Includes amendments up to:            SLI No. 58, 2015

Registered:                                         5 May 2015

 

About this compilation

This compilation

This is a compilation of the Privacy Regulation 2013 that shows the text of the law as amended and in force on 2 May 2015 (the compilation date).

This compilation was prepared on 5 May 2015.

The notes at the end of this compilation (the endnotes) include information about amending laws and the amendment history of provisions of the compiled law.

Uncommenced amendments

The effect of uncommenced amendments is not shown in the text of the compiled law. Any uncommenced amendments affecting the law are accessible on ComLaw (www.comlaw.gov.au). The details of amendments made up to, but not commenced at, the compilation date are underlined in the endnotes. For more information on any uncommenced amendments, see the series page on ComLaw for the compiled law.

Application, saving and transitional provisions for provisions and amendments

If the operation of a provision or amendment of the compiled law is affected by an application, saving or transitional provision that is not included in this compilation, details are included in the endnotes.

Modifications

If the compiled law is modified by another law, the compiled law operates as modified but the modification does not amend the text of the law. Accordingly, this compilation does not show the text of the compiled law as modified. For more information on any modifications, see the series page on ComLaw for the compiled law.

Self‑repealing provisions

If a provision of the compiled law has been repealed in accordance with a provision of the law, details are included in the endnotes.

  

  

  


Contents

Part 1—Preliminary                                                                                                             1

1............ Name of regulation.............................................................................. 1

3............ Authority............................................................................................. 1

4............ Schedule(s)......................................................................................... 1

5............ Definitions.......................................................................................... 1

6............ Consumer credit liability information.................................................. 3

7............ Small business operators treated as organisations............................... 4

8............ State authorities treated as organisations............................................. 4

9............ State instrumentality treated as an organisation................................... 5

10.......... Meaning of credit provider.................................................................. 5

11.......... Meaning of credit reporting business.................................................. 5

12.......... Meaning of repayment history information......................................... 6

13.......... Agencies to be treated as organisations............................................... 6

13A....... Permitted disclosure of credit information by commercial credit providers              6

14.......... Permitted disclosure of credit information to a credit reporting body.. 6

Part 2—Australian Privacy Principles                                                                      7

15.......... Exceptions to Australian Privacy Principle 9.1................................... 7

16.......... Exceptions to Australian Privacy Principle 9.2................................... 7

17.......... Exceptions to Australian Privacy Principle 9.2—Centrelink Confirmation eServices (customer confirmation and income confirmation)....................................................................................... 7

18.......... Exceptions to Australian Privacy Principle 9.2—Centrelink Confirmation eServices (superannuation confirmation).......................................................................................................... 10

Part 3—Privacy Advisory Committee                                                                     11

20.......... Travelling allowance—within Australia............................................ 11

Part 4—Secrecy                                                                                                                     12

21.......... Designated secrecy provisions.......................................................... 12

Part 5—Transitional                                                                                                           13

22.......... Transitional....................................................................................... 13

23.......... Membership of recognised external dispute resolution schemes....... 13

Schedule 1—Agencies                                                                                              14

Endnotes                                                                                                                                    18

Endnote 1—About the endnotes                                                                            18

Endnote 2—Abbreviation key                                                                                19

Endnote 3—Legislation history                                                                             20

Endnote 4—Amendment history                                                                           21

 


Part 1Preliminary

  

1  Name of regulation

                   This regulation is the Privacy Regulation 2013.

3  Authority

                   This regulation is made under the Privacy Act 1988.

4  Schedule(s)

                   Each instrument that is specified in a Schedule to this instrument is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this instrument has effect according to its terms.

5  Definitions

                   In this regulation:

Act means the Privacy Act 1988.

agency means an agency that is:

                     (a)  an agency within the meaning of subsection 6(1) of the Act; or

                     (b)  an agency mentioned in:

                              (i)  Schedule 1; or

                             (ii)  Schedule 1 to the Financial Management and Accountability Regulations 1997; or

                            (iii)  subregulation 4(1) of the Commonwealth Authorities and Companies Regulations 1997; or

                            (iv)  Part 1 of Schedule 1 to the Commonwealth Authorities and Companies Regulations 1997; or

                     (c)  an agency in relation to which the Minister is satisfied that the events mentioned in paragraphs 100(2)(a) and (b) of the Act have occurred.

Ausgrid means the body established by the Energy Services Corporations Act 1995 (NSW).

AustralianSuper means AustralianSuper Pty Ltd, ABN 65 714 394 898, and includes a payroll contractor of AustralianSuper.

AvSuper means AvSuper Pty Ltd, ABN 84 421 446 069, and includes a payroll contractor of AvSuper.

Centrelink Confirmation eServices scheme means the scheme of that name that is administered by the Human Services Department.

Centrelink program has the meaning given by section 40 of the Human Services (Centrelink) Act 1997.

Customer Reference Number means the number assigned to an individual, in relation to a Centrelink program, by the Department administered by the Minister who administers the Human Services (Centrelink) Act 1997.

DVA File Number means the file number assigned to an individual by the Department administered by the Minister who administers the Veterans’ Entitlements Act 1986.

DVA unique identification number means the unique identification number assigned to an individual by the Department administered by the Minister who administers the Veterans’ Entitlements Act 1986.

Endeavour Energy means the body established by the Energy Services Corporations Act 1995 (NSW).

Essential Energy means the body established by the Energy Services Corporations Act 1995 (NSW).

HomeStart Finance means the body established by regulation 4 of the Housing and Urban Development (Administrative Arrangements) (HomeStart Finance) Regulations 1995 (SA).

Human Services Department means the Department administered by the Human Services Minister.

Human Services Minister means the Minister administering the Human Services (Centrelink) Act 1997.

payroll contractor, of an organisation (the principal organisation), means an organisation that is responsible, under a contract, for processing, on behalf of the principal organisation, any payments received by, or on behalf of, the principal organisation from an agency, its agent or its contracted service provider for the benefit of an individual employed, or formerly employed, by the agency.

payroll number, assigned to an individual by an agency, means the identifier assigned to the individual by the agency, its agent or its contracted service provider for the purpose of providing salary and other employment benefits to the individual.

residential tenancy database means a database that:

                     (a)  stores personal information in relation to an individual’s occupation of residential premises as a tenant; and

                     (b)  can be accessed by a person other than the operator of the database or a person acting for the operator.

6  Consumer credit liability information

                   For paragraph (e) of the definition of consumer credit liability information in subsection 6(1) of the Act, the terms or conditions of the consumer credit are the following:

                     (a)  how the principal and interest on the consumer credit are to be paid, namely whether:

                              (i)  the principal and interest are to be paid in full; or

                             (ii)  the principal and interest are to be paid, leaving a residual unpaid amount of principal and interest at the end of the term of the consumer credit; or

                            (iii)  only the interest is to be paid;

                     (b)  whether the term of the consumer credit is fixed or revolving;

                     (c)  if the term of the consumer credit is fixed—the length of the term;

                     (d)  whether the individual is a guarantor to another individual in relation to the other individual’s credit;

                     (e)  whether the consumer credit is secured or unsecured;

                      (f)  any variation to any of the terms or conditions mentioned in paragraphs (a) to (e).

7  Small business operators treated as organisations

             (1)  For subsection 6E(2) of the Act, a small business operator that operates a residential tenancy database is prescribed.

             (2)  For subsection 6E(2) of the Act, the following acts or practices of a small business operator of the kind mentioned in subsection (1) are prescribed:

                     (a)  an act done, or a practice engaged in, in connection with collecting personal information for the purpose of establishing or maintaining a residential tenancy database;

                     (b)  an act done, or a practice engaged in, in connection with maintaining personal information on a residential tenancy database;

                     (c)  an act done, or a practice engaged in, in connection with using or disclosing personal information that is stored on a residential tenancy database.

8  State authorities treated as organisations

                   For subsection 6F(1) of the Act, the following authorities of New South Wales are prescribed:

                     (a)  Essential Energy;

                     (b)  Ausgrid;

                     (c)  Endeavour Energy.

9  State instrumentality treated as an organisation

             (1)  For subsection 6F(1) of the Act, HomeStart Finance, an authority of South Australia, is prescribed.

             (2)  Australian Privacy Principle 11.2 does not apply to HomeStart Finance.

10  Meaning of credit provider

             (1)  For subparagraph 6G(1)(d)(ii) of the Act, Indigenous Business Australia is a credit provider.

             (2)  For subsection 6G(6) of the Act, an organisation or small business operator is not a credit provider in relation to an individual if the organisation or small business operator acts in the capacity of a current or prospective landlord of the individual.

11  Meaning of credit reporting business

             (1)  For subsection 6P(4) of the Act, a business or undertaking is not a credit reporting business if the business or undertaking is in a class of businesses or undertakings that:

                     (a)  provides personal information to a credit provider; and

                     (b)  provides the information to:

                              (i)  verify an individual’s identity; or

                             (ii)  validate other information relating to the individual’s financial position (such as real property assets) that the individual provides to the credit provider.

             (2)  A class of businesses or undertakings complies with paragraph (1)(b) if the class of businesses or undertakings:

                     (a)  compiles information about the individual from sources, including publicly available sources; and

                     (b)  provides the information to the credit provider to assist the credit provider to:

                              (i)  verify the individual’s identity; or

                             (ii)  verify that the individual owns the real estate or other assets that the individual claims to own; or

                            (iii)  validate the individual’s claimed financial position (in relation to the value of the individual’s assets).

12  Meaning of repayment history information

                   For paragraph 6V(2)(a) of the Act, an individual will be taken to have not met an obligation to make a monthly payment that is due and payable in relation to consumer credit if the individual misses any or all repayments due in a month, irrespective of the actual payment cycle for that obligation.

13  Agencies to be treated as organisations

                   For subsection 7A(2) of the Act, the Australian Government Solicitor is prescribed.

13A  Permitted disclosure of credit information by commercial credit providers

                   For subparagraph 21D(2)(a)(i) of the Act, a credit provider is prescribed if:

                     (a)  the credit provider discloses credit information; and

                     (b)  the disclosure is made in connection with the provision of commercial credit.

14  Permitted disclosure of credit information to a credit reporting body

                   For subparagraphs 21D(2)(a)(i) and 21D(3)(c)(i) of the Act, Indigenous Business Australia is prescribed.

Part 2Australian Privacy Principles

  

15  Exceptions to Australian Privacy Principle 9.1

                   For subclause 9.3 of the Australian Privacy Principles:

                     (a)  AvSuper is a prescribed organisation; and

                     (b)  the payroll number assigned to an individual by Airservices Australia, or the Civil Aviation Safety Authority, is a prescribed identifier; and

                     (c)  the prescribed circumstance is that the payroll number is adopted by AvSuper to provide a superannuation service to the individual.

16  Exceptions to Australian Privacy Principle 9.2

                   For subclause 9.3 of the Australian Privacy Principles:

                     (a)  AustralianSuper and AvSuper are each a prescribed organisation; and

                     (b)  the payroll number assigned to an individual by an agency is a prescribed identifier; and

                     (c)  the prescribed circumstance is that the payroll number is used or disclosed by AustralianSuper or AvSuper to provide a superannuation service to the individual.

17  Exceptions to Australian Privacy Principle 9.2—Centrelink Confirmation eServices (customer confirmation and income confirmation)

             (1)  For subclause 9.3 of the Australian Privacy Principles:

                     (a)  each of the following is a prescribed identifier:

                              (i)  a Customer Reference Number;

                             (ii)  a DVA file number;

                            (iii)  a DVA unique identification number; and

                     (b)  an organisation is a prescribed organisation if the organisation:

                              (i)  is a participant in the Centrelink Confirmation eServices scheme; and

                             (ii)  is included in a class of organisations set out in the table in subsection (2); and

                     (c)  the prescribed circumstance is that a prescribed organisation uses or discloses an individual’s prescribed identifier, with the individual’s consent, to access services provided under the Centrelink Confirmation eServices scheme to enquire whether the individual is entitled to receive a concession, service or assistance.

             (2)  The classes of organisations are set out in the following table:

 

Classes of organisations that can use or disclose Customer Reference Numbers, DVA File Numbers and DVA unique identification numbers

Item

Class of organisation

1

Organisations that provide healthcare services or healthcare products, including any of the following:

(a) hospitals;

(b) providers of hearing products and hearing services;

(c) providers of disability support services;

(d) providers of counselling and mental health services;

(e) providers of drug treatment and rehabilitation services.

2

Organisations that are education providers, including any of the following:

(a) pre‑schools, primary schools and secondary schools;

(b) providers of childcare services;

(c) universities, TAFE, community colleges and other tertiary education providers;

(d) adult education providers;

(e) organisations that provide administrative services to education providers.

3

Organisations that provide any of the following:

(a) electricity;

(b) gas;

(c) water;

(d) telecommunications services;

(e) broadband internet services.

4

Organisations that provide passenger rail services.

5

Organisations that provide motor vehicle roadside assistance services.

6

Organisations that provide trustee services.

7

Organisations that provide welfare services, including any of the following:

(a) advocacy organisations;

(b) organisations that provide assistance to:

(i) elderly persons; or

(ii) disabled persons; or

(iii) immigrants and refugees; or

(iv) Indigenous Australians; or

(v) families; or

(vi) children; or

(vii) persons impacted by domestic violence; or

(viii) homeless persons; or

(ix) prisoners.

8

Organisations that provide free or subsidised social housing, facilities management services, mortgages or accommodation services to any of the following:

(a) socially or economically disadvantaged persons;

(b) elderly persons;

(c) disabled persons;

(d) Indigenous Australians.

9

Organisations that provide legal aid services, including any of the following:

(a) legal aid organisations operated by the Commonwealth government, or the government of a State or Territory;

(b) legal practitioners who provide services for or on behalf of legal aid organisations;

(c) a court of the Commonwealth, a State or a Territory.

10

Organisations that provide services on behalf of local government.

11

Organisations that provide any of the following:

(a) financial planning services;

(b) financial products and services (including brokers);

(c) insurance products and services;

(d) banking services and loans as a credit union;

(e) subsidised or reduced interest loans.

18  Exceptions to Australian Privacy Principle 9.2—Centrelink Confirmation eServices (superannuation confirmation)

                   For subclause 9.3 of the Australian Privacy Principles:

                     (a)  a Customer Reference Number is a prescribed identifier; and

                     (b)  an organisation is a prescribed organisation if the organisation:

                              (i)  is a participant in the Centrelink Confirmation eServices scheme; and

                             (ii)  provides superannuation products and services; and

                     (c)  the prescribed circumstance is that a prescribed organisation uses or discloses an individual’s prescribed identifier, with the individual’s consent, to access services provided under the Centrelink Confirmation eServices scheme to enquire whether the individual is entitled to the early release of superannuation on the ground of financial hardship.

 

Part 3Privacy Advisory Committee

  

20  Travelling allowance—within Australia

                   For section 88 of the Act, the travelling allowance payable to an appointed member is:

                     (a)  the amount that would be payable to the member if clause 3.3 of the Remuneration Tribunal Determination 2004/03 applied; or

                     (b)  the amount that would be payable to the member if clause 3.4 of the Remuneration Tribunal Determination 2004/03 applied, at the tier 2 rate.

Part 4Secrecy

  

21  Designated secrecy provisions

                   For paragraph 80P(7)(d) of the Act, the following provisions of the Census and Statistics Act 1905 are prescribed:

                     (a)  section 19;

                     (b)  section 19A.

Part 5Transitional

  

22  Transitional

                   For item 19 of Schedule 6 to the Privacy Amendment (Enhancing Privacy Protection) Act 2012, section 18K of the Act applies to information mentioned in that section that has not been disclosed on or after 12 March 2014 and before 1 April 2014.

23  Membership of recognised external dispute resolution schemes

Energy utilities and water utilities

             (1)  For item 19 of Schedule 6 to the Privacy Amendment (Enhancing Privacy Protection) Act 2012, subparagraph 21D(2)(a)(i) of the Privacy Act 1988 does not apply in relation to a disclosure of credit information by a credit provider that is:

                     (a)  an entity that engages in the retail sale of electricity or gas services in Queensland, South Australia, Tasmania, the Australian Capital Territory or the Northern Territory; or

                     (b)  an entity that engages in the retail sale of water, sewerage or drainage services in Queensland, South Australia, Tasmania, the Australian Capital Territory or the Northern Territory.

Repeal of section

             (2)  This section is repealed on 1 January 2016.


Schedule 1Agencies

Note:       See section 5.

  

 

Specified agencies

Item

Agency

1

Airservices Australia

2

Albury‑Wodonga Development Corporation

3

Anindilyakwa Land Council

4

Army and Air Force Canteen Service

5

Attorney‑General’s Department

6

Australia Council for the Arts

7

Australia Japan Foundation

7A

Australian Aged Care Quality Agency

8

Australian Broadcasting Corporation

9

Australian Commission on Safety and Quality in Health Care

10

Australian Curriculum, Assessment and Reporting Authority

11

Australian Film Television and Radio School

12

Australian Fisheries Management Authority

13

Australian Hearing

14

Australian Heritage Council

15

Australian Industry Development Corporation

16

Australian Institute for Teaching and School Leadership Ltd

17

Australian Institute of Aboriginal and Torres Strait Islander Studies

18

Australian Maritime College

19

Australian Military Forces Relief Trust Fund

20

Australian National University

21

Australian Pesticides and Veterinary Medicines Authority

22

Australian Reinsurance Pool Corporation

23

Australian Renewable Energy Agency

25

Australian Sports Commission

26

Biosecurity Advisory Council

27

Central Land Council

28

Civil Aviation Safety Authority

29

Classification Board

30

Classification Review Board

31

Clean Energy Finance Corporation

32

Clean Energy Regulator

33

Coal Mining Industry (Long Service Leave Funding) Corporation

34

Commonwealth Superannuation Corporation

35

Cotton Research and Development Corporation

36

CRS Australia

37

Defence Force Retirement and Death Benefits Authority

38

Department of Agriculture

39

Department of Communications

40

Department of Defence

41

Department of Education

42

Department of Employment

43

Department of Finance

44

Department of Foreign Affairs and Trade

45

Department of Health

46

Department of Human Services

47

Department of Immigration and Border Protection

48

Department of Industry

49

Department of Infrastructure and Regional Development

50

Department of Parliamentary Services

51

Department of Social Services

52

Department of the Environment

53

Department of the House of Representatives

54

Department of the Prime Minister and Cabinet

55

Department of the Senate

56

Department of the Treasury

57

Department of Veterans’ Affairs

58

Fisheries Research and Development Corporation

59

Food Standards Australia New Zealand

60

Forest and Wood Products Australia

61

Grape and Wine Research and Development Corporation

62

Health Workforce Australia

63

Indigenous Business Australia

64

Indigenous Land Corporation

65

National Disability Insurance Scheme Launch Transition Agency

66

National Film and Sound Archive of Australia

67

National Library of Australia

69

National Native Title Tribunal

70

National Portrait Gallery of Australia

71

National Transport Commission

72

Northern Land Council

73

Parliamentary Budget Office

74

Private Health Insurance Administration Council

75

Repatriation Commission

75A

Repatriation Medical Authority

76

Royal Australian Air Force Veterans’ Residences Trust Fund

77

Royal Australian Air Force Welfare Trust Fund

78

Royal Australian Navy Central Canteens Board

79

Royal Australian Navy Relief Trust Fund

80

Rural Industries Research and Development Corporation

81

Screen Australia

82

Social Security Appeals Tribunal

83

Special Broadcasting Service Corporation

83A

Specialist Medical Review Council

84

Sugar Research and Development Corporation

85

Tiwi Land Council

86

Torres Strait Regional Authority

87

Veterans’ Review Board

88

Wheat Export Authority

89

Australian Grape and Wine Authority

90

Wreck Bay Aboriginal Community Council

 


Endnotes

Endnote 1—About the endnotes

The endnotes provide information about this compilation and the compiled law.

The following endnotes are included in every compilation:

Endnote 1—About the endnotes

Endnote 2—Abbreviation key

Endnote 3—Legislation history

Endnote 4—Amendment history

Endnotes about misdescribed amendments and other matters are included in a compilation only as necessary.

Abbreviation key—Endnote 2

The abbreviation key sets out abbreviations that may be used in the endnotes.

Legislation history and amendment history—Endnotes 3 and 4

Amending laws are annotated in the legislation history and amendment history.

The legislation history in endnote 3 provides information about each law that has amended (or will amend) the compiled law. The information includes commencement details for amending laws and details of any application, saving or transitional provisions that are not included in this compilation.

The amendment history in endnote 4 provides information about amendments at the provision (generally section or equivalent) level. It also includes information about any provision of the compiled law that has been repealed in accordance with a provision of the law.

Misdescribed amendments

A misdescribed amendment is an amendment that does not accurately describe the amendment to be made. If, despite the misdescription, the amendment can be given effect as intended, the amendment is incorporated into the compiled law and the abbreviation “(md)” added to the details of the amendment included in the amendment history.

If a misdescribed amendment cannot be given effect as intended, the amendment is set out in the endnotes.

 

Endnote 2—Abbreviation key

 

A = Act

orig = original

ad = added or inserted

par = paragraph(s)/subparagraph(s)

am = amended

    /sub‑subparagraph(s)

amdt = amendment

pres = present

c = clause(s)

prev = previous

C[x] = Compilation No. x

(prev…) = previously

Ch = Chapter(s)

Pt = Part(s)

def = definition(s)

r = regulation(s)/rule(s)

Dict = Dictionary

Reg = Regulation/Regulations

disallowed = disallowed by Parliament

reloc = relocated

Div = Division(s)

renum = renumbered

exp = expires/expired or ceases/ceased to have

rep = repealed

    effect

rs = repealed and substituted

F = Federal Register of Legislative Instruments

s = section(s)/subsection(s)

gaz = gazette

Sch = Schedule(s)

LI = Legislative Instrument

Sdiv = Subdivision(s)

LIA = Legislative Instruments Act 2003

SLI = Select Legislative Instrument

(md) = misdescribed amendment

SR = Statutory Rules

mod = modified/modification

Sub‑Ch = Sub‑Chapter(s)

No. = Number(s)

SubPt = Subpart(s)

o = order(s)

underlining = whole or part not

Ord = Ordinance

    commenced or to be commenced

 

Endnote 3—Legislation history

 

Number and year

FRLI registration

Commencement

Application, saving and transitional provisions

262, 2013

17 Dec 2013 (F2013L02126)

12 Mar 2014 (s 2)

 

8, 2014

4 Mar 2014 (F2014L00219)

12 Mar 2014 (s 2)

70, 2014

13 June 2014 (F2014L00707)

Sch 2 (item 2): 1 July 2014 (s 2(1) item 3)

10, 2015

2 Mar 2015 (F2015L00239)

Sch 1: 3 Mar 2015 (s 2)

58, 2015

1 May 2015 (F2015L00629)

2 May 2015 (s 2)

 

Endnote 4—Amendment history

 

Provision affected

How affected

Part 1

 

s 2........................................

rep LIA s 48D

s 5........................................

am No 58, 2015

s 13A...................................

ad No 10, 2015

Part 2

 

s 17......................................

rs No 58, 2015

s 18......................................

rs No 58, 2015

s 19......................................

rep No 58, 2015

Part 5

 

s 23......................................

ad No 8, 2014

 

am No 10, 2015

 

rep 1 Jan 2016 (s 23(2))

Schedule 1

 

Schedule 1...........................

am No 70, 2014; No 58, 2015

Schedule 2...........................

rep No 58, 2015

Schedule 3...........................

rep No 58, 2015

Schedule 4...........................

rep No 58, 2015

Schedule 5...........................

rep LIA s 48C