Privacy Amendment Act 2004
(49 of 2004)
An Act to amend the Privacy Act 1988, and for related purposes
[Assented to 21 April 2004]
The Parliament of Australia enacts:
1 Short title
This Act may be cited as thePrivacy Amendment Act 2004.
2 Commencement
This Act commences on the day on which it receives the Royal Assent.
3 Schedule(s)
Each Act that is specified in a Schedule to this Act is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms.
Schedule 1 Amendment of the Privacy Act 1988
Part 1 Extra-territorial application of National Privacy Principle 9
1 Paragraph 5B(1)(a)
Omit “the act”, substitute “subject to subsection (1A), the act”.
2 After subsection 5B(1)
Insert:
(1A) Paragraph (1)(a) does not apply in relation to National Privacy Principle 9.
Note: Because of subsection (1A), the extra-territorial application of National Privacy Principle 9 is not limited by the citizenship etc. requirement of paragraph (1)(a).
3 Application of amendments
The amendments made by items 1 and 2 apply to acts done, or practices engaged in, after the commencement of this Part.
Part 2 Extension of correction rights to non-Australians
4 Subsection 41(4)
Repeal the subsection.
5 Application of amendment
The amendment made by item 4 applies to acts done, or practices engaged in, after the commencement of this Part.
Part 3 Approved privacy codes
6 After section 18BA
Insert:
18BAA Privacy codes may cover exempt acts or practices
(1) Despite paragraph 7(1)(ee), a privacy code may be approved even if it covers exempt acts or practices.
(2) If an approved privacy code covers exempt acts or practices, this Act applies in relation to the code as if those acts or practices were not exempt acts or practices.
Note: Because of subsection (2), if an approved privacy code covers an act or practice that would usually be exempt:
(a) the act or practice, if done or engaged in by an organisation bound by the code, may constitute an interference with the privacy of an individual as defined in section 13A; and
(b) section 16A obliges an organisation bound by the code not to breach the code by doing or engaging in the act or practice; and
(c) the act or practice, if done or engaged in by an organisation bound by the code, may be the subject of a complaint and investigation under Part V.
Part 4 Use of government payroll identifiers
7 Subsection 100(2)
Omit “Before the Governor-General”, substitute “Subject to subsection (3), before the Governor-General”.
8 At the end of section 100
Add:
(3) Subsection (2) does not apply to the making of regulations for the purposes of paragraph 7.2(c) of the National Privacy Principles if:
(a) the regulations prescribe an organisation, or class of organisations; and
(b) the regulations prescribe an identifier, or class of identifiers, of a kind commonly used in the processing of pay, or deductions from pay, of Commonwealth officers, or a class of Commonwealth officers; and
(c) the circumstances prescribed by the regulations for the use or disclosure by the organisation, or an organisation in the class, of the identifier, or an identifier in the class, relate to the provision by the organisation of superannuation services for the benefit of Commonwealth officers; and
(d) before the regulations are made, the Minister consults the Commissioner about the proposed regulations.
(4) In subsection (3):
superannuation services includes the management, processing, allocation and transfer of superannuation contributions.
9 Subclause 7.2 of Schedule 3 (note)
Omit “subsection 100(2)”, substitute “subsections 100(2) and (3)”.
Part 5 Additional audit function for Privacy Commissioner
10 After paragraph 27(1)(h)
Insert:
(ha) to conduct audits of particular acts done, and particular practices engaged in, by agencies in relation to personal information, if those acts and practices, and those agencies, are prescribed by regulations made for the purposes of this paragraph;
11 Subsection 32(1)
After “(h),”, insert “(ha),”.