Australian Privacy Principles and Commonwealth records

Australian Privacy Principle

The Australian Privacy Principles (APPs) regulate the handling of personal information. They came into effect in 2014 and apply to both Australian government agencies and private enterprise.

The APPs replaced the Information Privacy Principles (IPPs) had previously applied to Australian government agencies, and the National Privacy Principles (NPPs) which had previously applied to businesses.

The Office of the Australian Information Commissioner has developed APP Guidelines which provide detailed advice on the application of the APPs.

Intersections with the Archives Act 1983

There are three APPs (APP 4, APP 11 and APP 13) which intersect with provisions for the alteration or destruction of Commonwealth records under the Archives Act 1983. The APPs clearly state however that personal information contained in a Commonwealth record can only be destroyed or altered in accordance with the Archives Act.

The APP Guidelines include an overview of the requirements for the destruction and alteration of personal information in a Commonwealth record. The Guidelines also provide substantial information on the term 'Commonwealth record' under the 'Key Concepts' section.

Commonwealth records

For Australian government agencies, almost all personal information, whether unsolicited or actively collected in the course of business, is considered a 'Commonwealth record'. This is particularly relevant to APP 4 and 11 – both of which require the destruction or de-identification of personal information in certain circumstances. 

For information contained in a Commonwealth record, disposal and de-identification requirements under the APPs do not apply. The retention, destruction and alteration of Commonwealth records are specifically excluded from the APPs because these actions are governed by the Archives Act. 

As a general rule, a Commonwealth record can only be destroyed or altered in accordance with s24 of the Archives Act. The grounds on which this may be done are generally set out in a records authority, a general records authority or as a normal administrative practice. In some instances, agencies may also operate under specific legislation which requires the destruction of particular records.

The Archives Act 1983 defines a 'record' as a document, or an object, in any form (including any electronic form) that is, or has been, kept by reason of:

  1. any information or matter that it contains or that can be obtained from it; or
  2. its connection with any event, person, circumstance or thing.

'Commonwealth record' is defined as:

  1. a record that is the property of the Commonwealth or of a Commonwealth institution; or
  2. a record that is to be deemed to be a Commonwealth record by virtue of a regulation under subsection (6); or by virtue of section 22;

but does not include a record that is exempt material or is a register or guide maintained in accordance with Part VIII.

APP 4

APP 4 outlines the steps an APP entity must take if it receives unsolicited personal information. If the information could not have been collected under APP 3 and it is not contained in a Commonwealth record, it must, as soon as practicable, if lawful and reasonable to do so, be destroyed or de-identified. Any personal information that is contained in a Commonwealth record must not be destroyed under APP4 and must be managed in accordance with APP 5-11.

What does this mean for my agency?

APP 4.3 provisions for Commonwealth records ensures that the requirement for agencies to retain such information under s24 of the Archives Act will override destruction and de-identification requirements under the Privacy Act. Permission to destroy or de-identify a Commonwealth record is granted by the National Archives and is usually set out in a records authority, a general records authority or in accordance with normal administrative practice (NAP).

NAP allows staff to routinely destroy records that are not needed as evidence of their agency's business and are not needed to form part of its corporate records program. It is likely, given the short term, transitory nature of unsolicited information, that unsolicited personal information could be destroyed in line with your agency's NAP policy. Please consult your agency's NAP policy or staff in your agency's information and records management area before doing so.

APP 4 is not likely to result in any substantial change to agency practices. In general terms, almost all business information held in agencies is a Commonwealth record and thus it is excluded from the provisions of APP 4.

APP 11

APP 11 is concerned with the security of information and requires entities to take reasonable steps to protect personal information from misuse, loss and unauthorised access. It also includes the requirement to take reasonable steps to destroy or de-identify personal information when it is no longer required for business purposes.

What does this mean for my agency?

The destruction and de-identification requirements of APP 11.2 do not apply to personal information contained in a Commonwealth record. The grounds on which an agency can destroy or de-identify a Commonwealth record are the same as those outlined above for APP4.3.

The exclusion of Commonwealth records from APP 11 only applies to the destruction and de-identification requirements of APP 11. Commonwealth records are not excluded from the protection requirements of APP 11 and agencies must take all reasonable steps to protect information contained in a Commonwealth record from misuse, interference or loss, and unauthorised access, modification or disclosure.

APP 13

APP 13 states that an APP entity must take reasonable steps to correct personal information that it holds to ensure that it is accurate, up-to-date, complete, relevant and not misleading. However, special considerations apply to Commonwealth records, which can in general only be altered in accordance with the Archives Act.

What does this mean for my agency?

The APP Guidelines state that the 'decision as to what constitutes "reasonable steps" to correct personal information may span a range of options. These include making appropriate additions, deletions or alterations to a record, or declining to correct personal information if it would be unreasonable to take such steps. In some instances it may be appropriate to destroy or de-identify the personal information'.

A Commonwealth record can, as a general rule, only be altered in accordance with s24 of the Archives Act. This does not apply to standard business practices where there is a need to update or correct information, including personal information, for business purposes. In some instances it may be appropriate to retain a copy of the original information and to link a supporting statement indicating the relevant updates or changes. This will be particularly important where the original information informed a business decision or action.

APP 13 applies to all personal information an APP entity 'holds'. An entity 'holds' personal information if it has possession or control over a record that contains personal information. The term 'holds' extends beyond the physical possession of a record, and includes a record that the entity has the power or right to deal with. For example, if an agency has placed a record of personal information in the care of the Archives, that agency is still responsible for the possession and control of the record.

Under the Archives Act, records over 15 years old in the care of the National Archives or in the physical possession of an agency cannot be altered. Section 26 of the Archives Act makes it an offence to alter such records except with the permission of the Archives. For Commonwealth records older than 15 years, it may be reasonable (and consistent with statutory requirements) to:

  • retain a version of a record which contains incorrect personal information
  • associate a statement to clarify that, having regard to the purpose for which the personal information is held, the personal information is not accurate, up-to-date, complete, relevant or is misleading, and either include the correct personal information in the note or provide a cross reference to where it is held (such as in an attachment to the record).

More information