36.1 Currently, a number of agencies that are exempt from the operation of the Freedom of Information Act 1982 (Cth) (FOI Act) are wholly or partially exempt from the requirements of the Privacy Act 1988 (Cth).[1] This chapter describes the functions of some of these agencies and considers whether they should remain exempt from the operation of the Privacy Act.

36.2 It should be noted that all Australian Government agencies, including the agencies discussed in this chapter, are required to comply with the Protective Security Manual (PSM 2005).[2] The PSM 2005 is a policy document that sets out guidelines and minimum standards in relation to protective security for agencies and officers, as well as for contractors and their employees who perform services for the Australian Government. In particular, Part C of the PSM 2005 provides ‘guidance on the classification system and the protective standards required to protect both electronic- and paper-based security classified information’.[3] It also sets out minimum standards addressing the use, access, copying, storage, security and disposal of classified information.

36.3 The PSM 2005 also requires Australian Government agencies to comply with the Australian Government Information and Communications Technology Security Manual (ACSI 33). The ACSI 33 has been developed by the Defence Signals Directorate (DSD) to provide policies and guidance to Australian Government agencies on the protection of their electronic information systems.[4]

36.4 Although the PSM 2005 addresses some issues that are dealt with under the Information Privacy Principles (IPPs) of the Privacy Act, the privacy protection under the PSM 2005 guidelines is restricted to a particular type of information, namely, security classified information. Further, it does not deal with other matters under the IPPs, such as the accuracy of personal information.

[1]Privacy Act 1988 (Cth) ss 7(1)(a)(i)(A)–(C), (b), (c), s 7A.

[2] Australian Government Attorney-General’s Department, Protective Security Manual (PSM 2005) <> at 8 April 2008.

[3] Ibid.

[4] Australian Government Defence Signals Directorate, Australian Government Information and Communications Technology Security Manual (ACSI 33) (2007).