State government agencies, local governments and universities should only collect personal information if it is needed to fulfil their functions and deliver their services.
If personal information is collected, it must be managed appropriately.
What is Personal Information?
Personal information is defined in the Information Privacy Principles Instruction (IPPI) as information or an opinion, whether true or not, relating to a natural person or the affairs of a natural person whose identity is apparent, or can reasonably be ascertained, from that information or opinion.
The IPPI is a Premier and Cabinet Circular and therefore only applies to state government agencies. It is recommended that local government councils and universities use a similar definition when producing privacy policies for their organisations.
- name
- address
- date of birth
- financial or health status
- signature
- ethnicity
- gender
- religion
- alleged behaviours
- licensing details
- photographs
- biometrics (fingerprints, retina scans, gait)
- video footage
Personal information may be collected in hard copy (a paper form), verbally (over the phone) or through electronic means such as email, online portals or mobile phone apps.
What is information privacy?
Information privacy is a person's right to control their own personal information. People place a high value on their privacy, their personal information and what it allows them to do. Some examples where personal information is needed include applying for finance, using a government service and voting.
The IPPI requires all state government agencies to safely and securely manage the personal information they hold and use. This includes having secure systems in place for access, disclosure, storage and disposal.
There can be negative consequences and potential harm to an individual if personal information is not handled appropriately.
With lost, stolen or misused personal information, harm can occur in a variety of ways such as emotional distress, financial risk or damage, intimidation and discrimination. The level of harm can differ depending on the individual and the information that has been accessed.
What might seem minor to one person, may be significant to another.
Accessing and correcting your personal information
The IPPI includes the right for an individual to access and amend their own personal information. This is done through the Freedom of Information Act 1991 (FOI Act) (see Part 4).
If you believe the personal information an agency holds on you is incomplete, incorrect, misleading or out-of-date, you can access your information by completing an Amendment Application Form, (fees may apply).
Complaints and breaches
If you believe a South Australian government agency has failed to comply with the IPPI and has breached your information privacy you should, in the first instance, contact that agency to try and resolve the issue.
Complaints take time to be resolved so it is best to allow the agency a reasonable time to respond.
If the agency is unable to help you, or you are dissatisfied with the response, you can lodge a complaint with the best placed authority to deal with your situation.
See Making a Privacy Complaint for more information.
How to reduce your risk of harm
If you are notified of a breach of your information privacy, there are some steps you can take to reduce your chances of experiencing harm.
- Identify what information has been affected. If you are unsure or don't know, ask the organisation who has notified you.
- For breaches that relate to contact and identity information
o Change your passwords
o Contact IDCare for support - For breaches that involve financial information
o Advise your financial institution
o Monitor your financial transactions and check your statements for unusual activity
o If your Tax File Number has been affected, contact the Australian Tax Office