Whether you can access information about yourself or whether an organisation or person can access information about you, will depend on what that information is and who has the information. There are three broad groups which collect information on people:
There is no general right for people to see the information held by businesses or other individuals. There is no common law right to privacy. In other words, just because a business or individual has a file on you does not automatically mean you have the right to see that file.
In contrast, Commonwealth and State legislation gives people the right to access information held by government departments and agencies (for example, the Australian Taxation Office, Centrelink, the Police and Commonwealth and State health departments) and certain private sector entities.
The Privacy Act 1988 (Cth) outlines how, why and what information the Commonwealth Government can compile and store, and ensures that information collected is safely held and not abused (for example, it ensures that information not provided to a particular Commonwealth department or organisation is not transferred to another department or organisation without the knowledge or consent of that person, except in limited circumstances). Some private bodies, such as health organisations, must comply with similar requirements under this law.
At present, there is no privacy legislation applying to State Government departments although Cabinet has issued privacy instructions to departments giving a measure of protection to South Australians. There are also limits under the Public Sector Act 2009 (SA) on what public servants can do with information and various Acts also contain confidentiality provisions in relation to personal information.
None of these laws bind private individuals. The only limitations on an individual invading someone's privacy are contained within other specific legislation. For example, stalkingand recording private conversations or activity.
Office of the Australian Information Commissioner (OAIC)
Can help individuals in relation to their rights under the Privacy Act and related legislation. Can investigate complaints about interferences with privacy under the Privacy Act by Commonwealth government agencies or private sector organisations, including health service providers, credit providers and credit reporting agencies.
GPO Box 5288 Sydney NSW 2001
Telephone: 1300 363 992
TTY: 1300 555 727
Email: enquiries@oaic.gov.au
Ombudsman (Commonwealth)
Has the power to investigate administrative actions and decisions of Commonwealth (federal) government agencies and prescribed private sector agencies to see if they are wrong, unjust, unlawful, unfair or discriminatory. This includes complaints about Freedom of Information decisions, delays in processing of requests and complaints about charges.
Ombudsman (South Australia)
Can investigate and review Freedom of Information decisions and actions of a state government agency concerning access to documents and amendment of records.
Level 8, 95 Grenfell Street Adelaide SA 5000
Telephone: (08) 7322 7020 or 1800 182 150 (outside metro SA only)
Email: ombudsman@ombudsman.sa.gov.au
Administrative Review Tribunal (formerly the Administrative Appeals Tribunal)
Can review Freedom of Information decisions of Commonwealth government agencies to refuse or grant access to documents.
Level 2, 1 King William Street, Adelaide SA 5000
GPO Box 9955 Adelaide SA 5001
Telephone: 1800 228 333
TTY users: contact National Relay Service on 1300 555 727 and ask for 1800 228 333
Email: reviews@art.gov.au
There is currently no legislation in South Australia creating a general right of privacy although there is a Cabinet Administrative Instruction (Information Privacy Principles Instruction) which came into operation on 1 July 1989 and has been re-issued a number of times, including in May 2020. The instruction is not law but represents policy developed at the highest level of State Government and is binding on the public sector. The instruction is similar to the Privacy Act 1988 (Cth) in that it protects against information misuse. Unlike the Commonwealth Act, the instruction does not allow enforcement of the instruction in a court of law. All references in this part are to this instruction unless stated otherwise.
The privacy instruction is designed to protect a person's privacy by ensuring that certain measures are fulfilled when information is:
In general terms the instruction requires that personal information should not be collected unlawfully or unfairly. People should be told the purpose of collecting the information. An agency should not collect information that is inaccurate, irrelevant or excessively personal. An agency must take reasonable steps to ensure that information is securely stored and not misused. Once information is held by an agency, it must not be used except for a relevant purpose.
Perhaps the most important provision in the instruction prohibits an agency from disclosing personal information about a person to anyone else except where specific conditions have been satisfied. One such condition is when the person consents. Another, is that the disclosure is required to prevent or lessen a serious threat to the life or health of some person.
Most of the principles in the instruction have a retrospective effect and apply to information collected before 1 July 1989 when the instruction came into operation.
When the Cabinet Administrative Instruction (Information Privacy Principles Instruction) was announced Cabinet also created a small committee, known as the Privacy Committee of SA, whose chief function is to monitor the implementation of the Privacy Instruction. The committee consists of five public servants who work in very different areas of the public sector, plus one member of the public.
The Privacy Committee meets occasionally with public agencies to discuss problems that arise in interpreting or applying the Cabinet Administrative Instruction. The committee can also consider complaints (usually in writing) from the public although it does not automatically allow people to attend a meeting of the committee .
The committee does have the power in exceptional cases to grant exemptions from the requirements of the instruction. To date, very narrow exemptions have been given to certain agencies to cover very specific circumstances. For example, the Department for Education has been given permission to release academic progress reports to the non-residential parents of children enrolled in State schools. For more information about the Committee visit the Privacy Committee page on the State Records SA website.
As indicated already, the privacy instruction is not law and therefore it does not give a person any right to pursue compensation or a legal remedy.
A person who believes that there has been a breach of privacy by a State Government department or agency should firstly approach the department. A list of contact details for all South Australian Government Departments can be found on the SA Gov website.
If no satisfactory response is achieved, then a complaint can be lodged with the Privacy Committee. Complaints must be in writing. For information on how to make a complaint, see the State Records SA information on Making a Privacy Complaint.
Significant changes were made to the Privacy Act 1988 (Cth) which came into effect on 12 March 2014.
For detailed information on Commonwealth Government Agencies and Non-Government privacy obligations see the website of the Office of the Australian Information Commissioner(OAIC).
The OAIC have produced the following short videos which provide general information:
The Privacy Act 1988 (Cth) gives effect to the Organisation for Economic Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data and the International Covenant on Civil and Political Rights (Article 17). The OECD guidelines cover the collection of personal information, its use and access to and alteration of, the information.
The Act has three areas of operation where the OECD guidelines provide legally binding standards:
It also covers Health Information.
The Privacy Act 1988 (Cth) sets out rules of conduct called Australian Privacy Principles (APPs) which establish standards for the collection and handling of 'personal information' (as defined by the Act) by Commonwealth agencies. The APPs comprise a code of conduct for privacy of personal information in areas [Privacy Act 1988 (Cth) s 14] including:
Under the Act agencies must comply with the APPs and a breach of an APP by an agency is deemed to be an interference with the privacy of an individual [s 13]. The Office of the Australian Information Commissioner (OAIC) may issue a public interest determination to allow practices which would otherwise be a breach (eg. publication of Telstra's white pages telephone directory).
The APPs and many useful publications about them and about how to make a complaint about breaches of them are available from the Office of the Australian Information Commissioner's website.
The Office of the Australian Information Commissioner (OAIC) administers the Privacy Act 1988 (Cth) and is able to assist individuals who have complaints regarding privacy issues relating to Commonwealth Government agencies, private organisations, consumer credit reporting activities, tax file numbers and spent convictions.
Since 12 March 2014 the Commissioner has had powers to develop and register codes in the public interest that are binding on specified agencies and organisations.
The Commissioner has broad powers to ensure privacy [s 27] including:
Most investigations into breaches of the IPPs and NPPs result from complaints. Investigations may also occur in matters that come to the Commissioner's attention in other ways [s 40]. The Office of the Australian Information Commissioner has broad powers to obtain information and documents [s 44], to enter premises, to examine witnesses [s 45] and to compel attendance at compulsory conferences [s 46].
Having investigated, the Office of the Australian Information Commissioner may determine whether there has been an interference with a person's privacy and make various declarations, including payment of compensation to the person concerned [s 52]. However, for the OAIC's determinations to be enforced a new action must be taken in the Federal Court.
Due to the changes to the Privacy Act 1988 (Cth) that came in on 12 March 2014 the Commissioner has new complaint handling powers and to provide further enforceable remedies such as the ability to conduct an assessment of an APP entity’s maintenance of personal information, accepting written undertakings about compliance with the Act, power to recognise external dispute resolution services, conciliate complaints, make determinations including orders that the Commissioner considers necessary or appropriate.
If you wish to make a complaint about an agency's or an organisation's practices which you think amounts to an arbitrary or unreasonable interference with your privacy, you should contact the Commissioner with details of the practices which you think interfere with your privacy.
For information regarding data breaches, see Consumer Data - Breaches and Rights.
Office of the Australian Information Commissioner (OAIC)
Telephone 1300 363 992
E-mail: enquiries@oaic.gov.au
The Office of the Australian Information Commissioner (OAIC) also has a number of specific functions relating to the tax file number system including:
See Privacy Act 1988 (Cth) ss 17-18, 28A, 33C(1)(c), 49(1).
For further detail on how the Privacy Act 1988 (Cth) protects consumer credit information, including when the information is given to a credit reporting agency, see Credit Ratings.
Guidelines for data matching by Commonwealth government agencies were issued in February 1998 under s 27(1)(e) of the Privacy Act 1988 (Cth). They are not legally binding but are very persuasive particularly when considering an agency's obligations under the Australian Privacy Principles. The guidelines apply to any agency involved in larger computerised comparisons of two or more databases containing information on more that 5000 individuals, and relate to such requirements including to:
Data matching is carried out regularly and frequently in an overnight 'data dump' by the following major Commonwealth agencies: Centrelink, Australian Tax Office, Department of Veterans Affairs, Department of Home Affairs, and Department of Education and Training. Any match found may lead to investigation of fraud or overpayment, or of breaches of immigration laws such as overstaying an entry permit.
In 2018 the Commonwealth Government reviewed the former eHealth Record System and replaced it with an opt-out system known as the My Health Record system.
Australians have until 31 January 2019 to opt-out of having a My Health Record automatically created for them. Every person who has a Medicare or Department of Veterans' Affairs card and who does not opt-out by 31 January 2019 will have a record automatically created.
The electronic record will store a person's health records and will be accessible (in accordance with access controls) by the individual, their doctor(s), hospital, and other healthcare providers. Individuals will be able to access their record online.
The law about the My Health Record system is found in the My Health Records Act 2012 (Cth), My Health Records Regulations 2012 (Cth) and My Health Records Rules 2016 (Cth).
For information on the opt-out system of My Health Records, the My Health Record Helpline can be contacted on: 1800 723 471.
Detailed information on the My Health Record system can be located on the OAIC website via their factsheets and FAQs (link opens new window).
Commencing on 25 April 2020, the Federal Government launched the COVIDSafe contact tracing app for smart phones.
From 7 August 2022, the use of the COVIDSafe app is no longer required to prevent or control COVID-19 in Australia [Privacy (Public Health Contact Information) (End of the COVIDSafe data period) Determination 2022]. No further information will be collected from the COVIDSafe app and the COVIDSafe app will no longer be available to download.
The COVIDSafe website recommends that the COVIDSafe app be uninstalled on all devices.
See Privacy Policy for COVIDSafe Application on the COVIDSafe website for more information.
The Office of the National Data Commissioner (NDC) and the National Data Advisory Council administer the Data Availability and Transparency Act 2022 (Cth) (the DAT Act). The DAT Act commenced on 1 April 2022, and will cease to have effect on 1 April 2027 (unless extended) [s 143].
The DAT Act provides for the controlled sharing of public sector statistical data with accredited users. Applications for accreditation commenced on 1 June 2022.
Data can only be shared pursuant to the DAT Act for the following purposes [s 15(1)]:
Information cannot be shared for a precluded purpose, including an enforcement related purpose [s 15(2)-(4)]. There are also restrictions on the entities who can share data, with some government entities specifically excluded. This includes the Australian Federal Police, the Australian Security Intelligence Organisation and the Office of National Intelligence [s 11(3)].
The relevant entities must enter into a Data Sharing Agreement [s 19] which must be registered with the NDC before data sharing can commence [s 18(4)]. The register of Data Sharing Agreements is maintained by the NDC, and some information must be made available to the public, including the description of data to be shared and whether any personal information is to be shared [s 130(2)].
Data Sharing Agreements must comply with the privacy protections [Part 2.4], which include:
There are civil and criminal penalties for unauthorised data collection, use and/or sharing [ss 14A, 14].
Complaints about data sharing or sharing entities can be made to the NDC by participants [s 88] and affected persons or entities[s 94]. The NDC has a broad range of investigative and regulatory powers to address complaints.
The National Data Advisory Council holds an advisory role to the NDC relating to the use of public sector data.
Pursuant to the Data Availability and Transparency (Consequential Amendments) Transitional Rules 2022 which commenced on 29 September 2022, the transitional entities include the Australian Bureau of Statistics, the Australian Institute of Family Studies, the Commonwealth Social Services Department*, and the Victorian Department of Health*.
* These entities have conditions on their accreditation.
For more information, visit the National Data Commissioner website. See also the Data Availability and Transparency Code 2022 (Cth).
The Surveillance Devices Act 2016 (SA) commenced operation on 18 December 2017 and regulates the recording of a private conversation or activity through the use of surveillance devices.
Surveillance devices include devices that record audio or vision, track a location, or record computer data.
While there are some exceptions, it is generally prohibited to do the following actions:
The maximum penalties for committing an offence under the above sections is a fine of up to $75 000 for a body corporate or a fine of up to $15 000 or imprisonment for a maximum of three years for an individual.
The parties to the conversation or activity may give either express or implied consent for the surveillance device to be used.
Other than the information here, you may also find useful the information sheet produced by the Attorney-General's Department "What you should know about the Surveillance Devices Act 2016"
A private conversation or activity is one where at least one party would not reasonably want or expect to be overheard or observed by anyone aside from those present [Surveillance Devices Act 2016 (SA) s 3].
Activities which occur in a public place, or in a location or vehicle which can reasonably be observed from a public place, are not considered private for the purposes of the Act.
Conversations, however, that occur in a public place could potentially still be considered private for the purposes of the Act.It depends on whether the parties could reasonably expect the conversation to be overheard by someone else. This may, in turn, depend on factors such as the volume of their speech and whether there is anyone else within earshot.
Because private activity cannot occur in a public place for the purposes of the Surveillance Devices Act 2016 (SA), there are no general restrictions on the taking of photo or film in a public place or from a public place.
Some specific restrictions on the taking of photos or film may still apply, however. Applicable restrictions could include:
Section 3 of the Surveillance Devices Act 2016 (SA) defines a public place to include:
However, it may be a condition of entry to a public place that no photography or film be taken. The taking of photos of film would then be a breach of that condition, but not a breach of the Surveillance Devices Act 2016 (SA). There is also nothing to stop someone taking photos or film of private property from a public place outside that property.
Under section 48F of the Health Care Act 2008 (SA) it is an offence to publish or distribute a recording that identifies (or is likely to identify) a person approaching, entering or leaving protected premises at which abortions are lawfully performed. This includes any public area located within 150 metres of the protected premises. It is also an offence to publish information that identifies, or contains information tending to identify, a person who has sought a termination under the Termination of Pregnancy Act 2021 (SA) [ss 18-19]. See Abortions - Safe Access Zones.
Many filming devices also have audio recording capability; in these cases it is necessary to ensure it is not recording a private conversation without consent. Unlike private activity, a private conversation may take place in a public place as long as the circumstances still suggest that at least one party would not reasonably want or expect to be overheard by anyone aside from those present. See Private conversation and private activity.
A person or body (police officer or other investigating authority) may be authorised to use a surveillance device under an Act, such as the following:
See sections 4(2)(b),(d),(e),(h); s 5(4)(a),(c),(d),(f); s 7(2)(a), and s 8(2) of the Surveillance Devices Act 2016 (SA); regulation 10A of the Surveillance Devices Regulations 2017 (SA).
There are exceptions to the use of listening or optical surveillance devices without a person’s consent if the use is to protect a person’s lawful interests [see Surveillance Devices Act 2016 (SA) 4(2)(ii) and 5(4)(b)] or is in the public interest [s 6].
What constitutes a lawful interest or what is in the public interest will be determined objectively by considering the context and circumstances of the surveillance device being used, and weighing this against competing interests such as the need to protect personal privacy.
Therefore, there may be scope, for example, for a land owner to install CCTV cameras on their property without the consent of their neighbour (whose private activities may be within range), as long as it can be demonstrated that the cameras are directed to protect their lawful interests in their property. The land owner could then bring any relevant recordings to the attention of police, see further below Publication of information in lawful interests.
However, the courts have previously determined that it is not ordinarily considered to be a lawful interest to use a device for the purpose of gaining an advantage in civil proceedings, for example [Thomas & Anor v Nash [2010] SASC 153]. See also Nanosecond Corporation Pty Ltd & Anor v Glen Carron Pty Ltd & Anor [2018] SASC 116 where it was held that some of the recordings were made for the protection of the lawful interests of the plaintiffs, whilst others were not, and were hence found to be unlawful.
The court has accepted, however, that the recording of a private conversation was in the person's lawful interest where the person had a genuine fear for their safety [Groom v Police [2015] SASC 101]. In Groom v Police, a protected person made audio recordings of her former partner who contacted her in a way that was a breach of an intervention order. In this case the Supreme Court held that the recording was allowed to be admitted into evidence as it was both protecting her lawful interest and in the public interest.
Use of a device to protect a lawful interest
Where certain surveillance devices are used to protect a person’s lawful interests, the information obtained can only be used, communicated or published in specific circumstances. This includes, amongst other things:
If none of the circumstances apply, then a maximum penalty of a fine of up to $50,000 for a body corporate or a fine of up to $10,000 for an individual applies [s 9(1)].
Publication of information in public interest
Where information derived from a listening or optical surveillance device is obtained in the public interest, it cannot be used, communicated or published except in three circumstances. Those three circumstances are:
Maximum penalty of a fine of up to $50,000 for body corporate or a fine of up to $10,000 for an individual applies for a breach of these provisions [s 10(1)].
Order from Supreme Court
It is possible to apply to the Supreme Court for an order to allow the use, communication or publication of information [s 11]. This is likely to be necessary where a person wishes to use the information obtained from a surveillance device for civil proceedings. Applications are governed by Chapter 4 Part 6 of the Uniform Special Statutory Rules 2022 (SA). Filing fees will apply.
A person will be in breach of the Surveillance Devices Act 2016 (SA) if they knowingly use, communicate or publish information derived from the use of a surveillance device if the lawful interest of public interest exceptions do not apply [see s 12].
Information which is obtained through the use of a surveillance device which was not used for a lawful interest or in the public interest cannot be used, communicated or published except in circumstances where [s 12(2)]:
A maximum penalty of a fine of up to $75,000 for a body corporate and a fine of up to $15,000 or a maximum term of imprisonment of three years for an individual applies.
However, if the information is obtained by means other than using the surveillance device unlawfully, the person may communicate or publish it, even if it is the same as that obtained unlawfully [s 12(3)]. This means that a person who was a party to the conversation, and heard it with their own ears or saw it with their own eyes, may publish the information as to their conversation or activity.
A person must not knowingly communicate or publish information or material derived from the use of a listening device in contravention of section 4 of the Listening and Surveillance Device Act 1972 (SA) (as in force immediately prior to the commencement of the Surveillance Devices Act 2016 (SA)).
Maximum penalty : $10,000 or imprisonment for 2 years
Surveillance devices are currently used for many legitimate purposes, such as the use of CCTV cameras within a workplace or the monitoring of computer usage of employees by an employer. To ensure compliance with the Surveillance Devices Act 2016 (SA), workplaces should develop and make available to all employees clear policies regarding their use of surveillance devices, or obtain the consent of employees prior to use. There may be evidentiary issues should an employer attempt to rely in disciplinary proceedings against the employee, upon information obtained through the use of a surveillance device when the consent of the employee has not been obtained and/or there is no governing workplace policy.
There are a number of personal documents that you may need to replace if they are lost or destroyed.
Justice Connect's Get ePrepared resource can help you learn how to store electronic copies of your important documents to prevent their complete loss or destruction.
Birth, death, marriage and change of name certificates
Replacement certificates can be ordered from the Registry of Births, Deaths and Marriages online or by telephone 131 882.
Medicare cards
Replacement medicare cards can be ordered from your medicare online account, through MyGov, through the general inquiries line 132 011, by post (with proof of identity) or by visiting your local Medicare office (with proof of identity). For more information about the options, see the Department of Human Services website.
Driver’s licence
There are different procedures in South Australia depending on whether a photograph is required. If you know your licence number and do not require a new photograph, a replacement can be ordered online through your mySAGOV account. If you cannot apply online, then you should attend a service centre, complete an application for replacement driver's licence form and provide proof of your identity. If you're unable to attend a service centre, you may need to request a licence photo kit. For more information, telephone 13 10 84 or see the South Australian Government website.
Insurance documents
It is not necessary to have all your documents on hand in order to initiate an insurance claim as many insurance companies keep records electronically. The Insurance Council of Australia has a disaster hotline (telephone: 1800 734 621) to help people who are unsure what insurer they are with and with general questions about the claims process. Most insurance companies have 24 hour call centres. For more information see the Insurance Council of Australia's disaster response website.
Tenancy agreement
A tenancy agreement continues even if the document recording the agreement has been destroyed. Landlords are required to keep a copy of these agreements up to 2 years from the date of termination. If their copy has also been destroyed a new document can be created to record the agreement.