Victorian Consolidated Legislation

[Index] [Table] [Search] [Notes] [Noteup] [Previous] [Next] [Download] [Help]

Information Privacy Act 2000 - SECT 18 

PART 4 CODES OF PRACTICE

Codes of practice

18. Codes of practice



(1) An organisation can discharge its duty to comply with an Information
Privacy Principle in respect of personal information collected, held, managed,
used, disclosed or transferred by it by complying with a code of practice
approved under this Part and binding on the organisation.

(2) A code of practice may-

   (a)  modify the application of any one or more of the Information Privacy
        Principles by prescribing standards, whether or not in substitution
        for any Information Privacy Principle, that are at least as stringent
        as the standards prescribed by the Information Privacy Principle; or

   (b)  prescribe how any one or more of the Information Privacy Principles
        are to be applied, or are to be complied with.

(3) A code of practice may apply in relation to any one or more of the
following-

   (a)  any specified information or class of information;

   (b)  any specified organisation or class of organisation;

   (c)  any specified activity or class of activity;

   (d)  any specified industry, profession or calling or class of industry,
        profession or calling.

(4) A code of practice may also-

   (a)  impose controls on an organisation that matches data for the purpose
        of producing or verifying information about an identifiable
        individual; or

   (b)  in relation to charging-

   (i)  set guidelines to be followed in determining charges; or

   (ii) prescribe circumstances in which no charge may be imposed; or

   (c)  prescribe-

   (i)  procedures for dealing with complaints alleging a contravention of the
        code, including the appointment of an independent code administrator
        to whom complaints may be made; or

   (ii) remedies available where a complaint is substantiated; or

   (d)  provide for the review of the code by the Privacy Commissioner; or

   (e)  provide for the expiry of the code.

(5) Subsection (1) applies also to a public sector agency or a Council in
seeking to discharge its duty to comply, so far as is reasonably practicable,
with an Information Privacy Principle in relation to a public register as
imposed by section 16(4) and this Part has effect accordingly.

[Index] [Table] [Search] [Notes] [Noteup] [Previous] [Next] [Download] [Help]