Search

Victorian Current Acts

Search AustLII

Search Options
  • Advanced Search…
×
Close
  • Specific Year
    Any

PRIVACY AND DATA PROTECTION ACT 2014 - SECT 21 Codes of practice

PRIVACY AND DATA PROTECTION ACT 2014 - SECT 21

Codes of practice

    (1)     An organisation may discharge its duty to comply with an Information Privacy Principle in respect of personal information collected, held, managed, used, disclosed or transferred by it by complying with a code of practice approved under this Division and binding on the organisation.

    (2)     A code of practice may—

        (a)     modify the application of any one or more of the Information Privacy Principles by prescribing standards, whether or not in substitution for any Information Privacy Principle, that are at least as stringent as the standards prescribed by the Information Privacy Principle; or

        (b)     prescribe how any one or more of the Information Privacy Principles are to be applied or complied with.

    (3)     A code of practice may apply in relation to any one or more of the following—

        (a)     any specified information or class of information;

        (b)     any specified organisation or class of organisation;

        (c)     any specified activity or class of activity;

        (d)     any specified industry, profession or calling or class of industry, profession or calling.

    (4)     A code of practice may also—

        (a)     impose controls on an organisation that matches data for the purpose of producing or verifying information about an identifiable individual; or

        (b)     in relation to charging—

              (i)     set guidelines to be followed in determining charges; or

              (ii)     prescribe circumstances in which no charge may be imposed; or

        (c)     prescribe—

              (i)     procedures for dealing with complaints alleging a contravention of the code, including the appointment of an independent code administrator to whom complaints may be made; or

              (ii)     remedies available where a complaint is substantiated; or

S. 21(4)(d) amended by No. 20/2017 s. 106(5).

        (d)     provide for the review of the code by the Information Commissioner; or

        (e)     provide for the expiry of the code.

    (5)     Subsection (1) applies also to a public sector agency or a Council in seeking to discharge its duty to comply, so far as is reasonably practicable, with an Information Privacy Principle in relation to a public register as imposed by section 20(2) and this Part has effect accordingly.



Navigate

Print

Download

Cited By

Join the discussion