(1) promoting the awareness and understanding of the Ordinance's requirements;
(2) approving and issuing codes of practice giving practical guidance on compliance with the Ordinance;
(3) approving requests from data users on automated matching of personal data;
specifying classes of data users required to submit annual returns and to compile a register of data users for public inspection;
(4) inspection of personal data systems and making recommendations for compliance with provisions of the Ordinance; and
(5) investigation of suspected breaches of the Ordinance's requirements and issuing enforcement notices to data users as appropriate.

Data Protection Principles
Principle 1 -- Purpose and manner of collection This provides for the lawful and fair collection of personal data and sets out the information a data user must give to a data subject when collecting personal data from that subject.

Principle 2 -- Accuracy and duration of retention This provides that personal data should be accurate, up-to-date and kept no longer than necessary.

Principle 3 -- Use of personal data This provides that unless the data subject gives consent otherwise personal data should be used for the purposes for which they were collected or a directly related purpose.

Principle 4 -- Security of personal data This requires appropriate security measures to be applied to personal data (including data in a form in which access to or processing of the data is not practicable).

Principle 5 -- Information to be generally available This provides for openness by data users about the kinds of personal data they hold and the main purposes for which personal data are used.

Principle 6 -- Access to personal data This provides for data subjects to have rights of access to and correction of their personal data.

Exemptions
The Ordinance provides specific exemptions from the requirements of the Ordinance. They include:

(1) a broad exemption from the provisions of the Ordinance for personal data held for domestic or recreational purposes;
exemptions from the requirements on subject access for certain employment related personal data; and
(2) exemptions from the subject access and use limitation requirements of the Ordinance where their application is likely to prejudice certain competing public or social interests, such as: security, defence and international relations; prevention or detection of crime; assessment or collection of any tax or duty; news activities; and health.

Offences
There are a variety of offences, for example non-compliance with an enforcement notice served by the Privacy Commissioner carries a penalty of a fine at Level 5 (at present $25,001 to $50,000) and imprisonment for 2 years.

<<Back