Interaction with the Privacy Act

73.19 It is possible that information intercepted or accessed under the Telecommunications (Interception and Access) Act could constitute ‘personal information’ for the purposes of the Privacy Act.Accordingly, the handling of information under the Telecommunications (Interception and Access) Act also could be regulated under the Privacy Act.

73.20 The acts and practices of ASIO are completely exempt from the requirements of the Privacy Act.[38] Consequently, the handling of personal information that has been intercepted or accessed by ASIO will be regulated under the Telecommunications (Interception and Access) Act and guidelines issued by the Attorney-General under the Australian Security Intelligence Organisation Act 1979 (Cth).[39]

73.21 Most Australian Government law enforcement agencies, such as the Australian Federal Police, are subject to the Information Privacy Principles (IPPs) under the Privacy Act.[40] The acts and practices of these agencies in relation to the handling of personal information, therefore, are regulated by the Telecommunications (Interception and Access) Act and the Privacy Act.

73.22 The handling of personal information in accordance with the Telecommunications (Interception and Access) Act generally will fall within an exception to one of the IPPs, and therefore comply with the Privacy Act. For example, the use and disclosure of personal information pursuant to the Telecommunications (Interception and Access) Act will be a use or disclosure that is ‘required or authorised by or under law’ under IPP 10 and IPP 11—and the ‘Use and Disclosure’ principle under the model Unified Privacy Principles (UPPs).[41] If a law enforcement agency engages in an act or practice that does not comply with the Telecommunications (Interception and Access) Act, the act or practice would not be ‘authorised by or under law’ and so may breach the privacy principles.

73.23 Similarly, a telecommunications service provider that discloses personal information to ASIO or a law enforcement agency in a way that is authorised under the Telecommunications (Interception and Access) Act will not be in breach of National Privacy Principle (NPP) 2. An act or practice engaged in pursuant to any of the exceptions under the Telecommunications (Interception and Access) Act is an act or practice that is ‘authorised by or under law’ for the purposes of NPP 2.[42]

[38]Privacy Act 1988 (Cth) s 7(1)(a)(i)(B), (2)(a). See Ch 34.

[39]Australian Security Intelligence Organisation, Attorney-General’s Guidelines in relation to the Performance by the Australian Security Intelligence Organisation of its Functions relating to Politically Motivated Violence <www.asio.gov.au/About/Content/AttorneyAccountability.aspx> at 21 May 2008. See discussion in Ch 34.

[40] See discussion in Ch 37.

[41] See Ch 25.

[42] See Chs 25 and 71.