LGBTIQ+ Privacy Rights
This resource outlines how Victorian privacy law may apply to the LGBTIQ+ communities.
The right to privacy is of particular importance to you as an individual in the LGBTIQ+ community because breaches of privacy can have significant consequences, including increased risk of discrimination.
The Privacy and Data Protection Act 2014 (Vic) (PDP Act) recognises this and gives protection to information about your sexuality, gender identity and sex.
Under the terms of the PDP Act, information about your sexuality is classified as ‘sensitive information’.
Information about your gender identity and sex is not classified as sensitive information. However, subsets of this information, such as whether you are a person with an intersex variation, trans gender diverse or non-binary, are still highly delicate and must be treated with extra care.
The Privacy and Data Protection Act
The PDP Act contains 10 Information Privacy Principles (IPPs) that outline how Victorian public sector (VPS) organisations must handle your personal information. These IPPs only apply to State government organisations, agencies, and services.
However, the PDP Act does not apply to:
- health information; or
- how Commonwealth government agencies (e.g. Centrelink, the Australian Tax Office etc.) and private organisations (e.g. companies and charities) should handle your personal information.
Instead, these are covered by other privacy laws.
Your rights when a Victorian public sector organisation asks for information about your sexuality, gender identity or sex
VPS organisations can only ask you for information about your sexuality, gender identity or sex to a VPS organisation unless it is necessary for the organisation to do its work.
Information about your sexuality is subject to additional protections. A VPS organisation may only collect information about your sexuality if it is necessary for the organisation to do its work and one of the following also applies:
- you consent to the collection;
- another law allows or requires this information to be collected;
- it is necessary to lessen or prevent a serious threat to health or safety;
- it is relevant to ongoing or future legal proceedings; or
- it is necessary for research, statistics, or provision of welfare or education services funded by the government.
Example: If you apply for a job with the Victorian Public Service, you do not have to provide information about your sexuality, unless one of the above exceptions apply.
Where a VPS organisation legitimately collects information about your sexuality, gender identity or sex, it should make you aware of the reason for the collection and tell you if it usually discloses the information to another organisation or individual.
Your rights over what a Victorian public sector organisation can do with information about your sexuality, gender identity or sex
If a VPS organisation has collected information about your sexuality, gender identity or sex for one reason, it should not be used or disclosed for a different reason.
Example: If a VPS organisation has collected information about your sexuality, gender identity or sex in order to provide you with a service, it should not disclose this information to a different organisation, because they assume you might be interested in their upcoming events.
Find more information about the 8 specific exceptions to this rule.
Your right to have information about your sexuality, gender identity or sex handled securely
VPS organisations that hold information about your sexuality, gender identity or sex should protect this information against loss or misuse.
Example: VPS organisations should have security measures to ensure information about your sexuality, gender identity or sex can only be accessed by specific employees who have a legitimate need to access it.
Information about your sexuality, gender identity or sex should be permanently de-identified or destroyed when it is no longer needed or where no other law requires it to be kept.
Your right to have information about your sexuality, gender identity or sex kept accurate and up to date
Information held by VPS organisations about your sexuality, gender identity or sex should be kept accurate, complete and up to date.
Example: If you have changed your name or gender identity and advised a VPS organisation of that change, the organisation should update and use your correct details when interacting with you.
You have the right to ask for access to information held by a VPS organisation about your sexuality, gender identity or sex, and request amendment if it is incorrect.
The easiest way to do this is to contact the organisation you believe holds the documents you seek and informally ask for them. If the organisation does not provide them, you should make a formal FOI request. Find more information on how to make an FOI request.
Your right to make a complaint
If you have concerns about how a VPS organisation has handled information about your sexuality, gender identity or sex, you have the right to make a complaint. You should first make a complaint to the organisation’s Privacy Officer and try to resolve the issue.
If you aren’t satisfied with the way the organisation has dealt with your concerns, you can make a complaint to OVIC and we will attempt to resolve it.
More information on your privacy rights
Find out more information about your privacy rights and the organisations that the PDP Act applies to.
If you have any questions you can contact us at firstname.lastname@example.org or on 1300 006 842.