1.3.2 Privacy & confidentiality
This section explains the difference between confidentiality and privacy.
Confidentiality under PPLAct
The PPLAct sets out the circumstances in which protected information (1.1.P.270) can be obtained, recorded, disclosed and otherwise used. DHS staff can only deal with protected information in a manner consistent with the law.
'Protected information' is defined in the PPLAct to include information about a person that is or was held in the records of DHS. Protected information can be obtained, recorded, used and disclosed for certain purposes as authorised under the PPLAct.
In limited circumstances, protected information may also be disclosed if it is in the public interest.
It is a criminal offence to disclose protected information without authorisation. A breach of protected information is punishable by a maximum of 2 years imprisonment.
Explanation: Confidentiality provisions govern the actions of DHS staff.
Act reference: PPLAct Part 4-1 Division 3 Confidentiality
Policy reference: PPL Guide 7.1.2 Confidentiality
'Personal information' is defined in the Privacy Act to mean information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.
DHS is required to comply with the 13 Australian Privacy Principles (APPs) contained in the Privacy Act, including those relating to the collection, storage, access, use and disclosure of personal information. The APPs are grouped as follows:
- consideration of personal information privacy (APPs 1 and 2),
- collection of personal information (APPs 3, 4 and 5),
- dealing with personal information (APPs 6, 7, 8 and 9),
- integrity of personal information (APPs 10 and 11), and
- access to, and correction of, personal information (APPs 12 and 13).
DHS staff must comply with the APPs when dealing with personal information. Unauthorised collection, access, use or disclosure of personal information is a breach of the Privacy Act.
Explanation: Privacy provisions govern the practices of Government agencies and businesses.
Privacy (Tax File Number) Rule 2015
The Privacy (Tax File Number) Rule 2015 (TFN Rule), made under the Privacy Act section 17, regulates the collection, storage, use, disclosure, security and disposal of individuals' TFN information.
A breach of the TFN Rule is an interference with privacy under the Privacy Act. Individuals who consider their TFN information has been mishandled may make a complaint to the Information Commissioner. Where a breach is very serious, the Information Commissioner may seek to impose a civil penalty.
As well as constituting a breach of the TFN Rule, unauthorised use or disclosure of TFNs may constitute an offence under the Taxation Administration Act 1953, with a maximum penalty of an $18,000 fine (100 penalty units) or 2 years' imprisonment, or both.
DHS is an authorised recipient of TFN information for the purposes set out in the PPLAct.
More detailed information about privacy and the TFN Rule is available at the OAIC's website, and TFN queries or enquiries can be directed to the DSS Feedback and Complaints team using the following contact details:
- Email: email@example.com
- Telephone: 1800 634 035
- Post: DSS Feedback, GPO Box 9280, Canberra ACT 2601