33.1 The application of the Privacy Act 1988 (Cth) is limited by a number of exemptions and exceptions. This Report distinguishes between exemptions and partial exemptions to the requirements set out in the Privacy Act, and exceptions to the privacy principles.An exemption applies where a specified entity or a class of entity is not required to comply with any of the requirements in the Privacy Act. For example, intelligence agencies, such as the Australian Security Intelligence Organisation (ASIO), are exempt from compliance with the provisions of the Privacy Act. A partial exemption applies where a specified entity or a class of entity is required to comply with either: some, but not all, of the provisions of the Privacy Act; or some or all of the provisions of the Privacy Act, but only in relation to certain of its activities. For example, the federal courts are partially exempt as they only are required to comply with the Privacy Act in relation to their administrative activities. An exception to the privacy principles operates where a requirement in the privacy principles does not apply to any entity in a specified situation or in respect of certain conduct. For example, there is an exception to the prohibition against an organisation using or disclosing personal information for a secondary purpose where the individual in question has given his or her consent.
33.2 This chapter provides an overview of the exemption provisions in the Privacy Act, outlines the exemptions under international instruments and considers issues concerning the existing exemptions from the Act. The remaining chapters in Part E examine specific exemptions from the Privacy Act in the public and private sectors, and consider whether new exemptions or exceptions should be included in the Act. The broad application of exceptions to the privacy principles is discussed in Part D.