There is no single or conclusive definition of privacy. It encompasses many connected but different ideas, including secrecy, confidentiality, freedom from surveillance, and having control over one’s own personal information. Importantly, privacy is not a fixed concept – it can mean different things to different people, and individuals will experience privacy in varied ways.
Privacy has been recognised broadly as a human right in various international treaties and conventions. In Victoria, a right to privacy is included in section 13 of the Victorian Charter of Human Rights and Responsibilities Act 2006, which states that everyone has the right to keep their lives private, and to not have their family, home or personal information interfered with.
Privacy of personal information has increasingly come into the spotlight in Australia and internationally, particularly as new and sophisticated technologies enhance the ability of governments and organisations to collect and store new and detailed types of personal information.
What is information privacy?
Numerous countries, including Australia, have laws to protect information privacy. Information privacy relates to an individual’s ability to determine for themselves when, how, and for what purpose their personal information is handled by others.
In Victoria, the Privacy and Data Protection Act 2014 (PDP Act) protects personal information held by Victorian government organisations. The Commonwealth Privacy Act 1988 protects personal information held by Australian government organisations and large private sector organisations.
Under the PDP Act, ‘personal information’ means “information or an opinion (including information or an opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion…”.
However, this does not include information relating to a person’s health. Instead, health information is covered by the Health Records Act 2001, which is administered by the Health Complaints Commissioner.
Under the PDP Act, information privacy protections are embodied in the 10 Information Privacy Principles (IPPs). The IPPs govern the collection, use and handling of personal information by Victorian public sector organisations, local councils and contracted service providers.
In relation to information privacy, the PDP Act aims to:
- balance the public interest in the free flow of information with the public interest in protecting the privacy of personal information in the public sector;
- promote awareness of responsible personal information handling practices in the public sector; and
- promote the responsible and transparent handling of personal information in the public sector.
For more information on the IPPs, see our summary of the Information Privacy Principles.