What are the principles of Use and Disclosure in Information Security?

Use and reveal personal information simply for the primary goals for which it was composed or a related reason the person would sensible expect. It can use for some specific secondary purposes without approval is allowed.

This principle positions limits on the need of personal data for secondary reasons. Simply, use for an unconnected secondary goals or one that the person cannot expect should only appear with the person’s approval or if a powerful public interest needs it. This principle includes the following which are as follows −

  • An agency should not use or disclose personal information about an individual for a reason (the secondary reason) other than the main goals for collecting it, unless one or more of the following use −

    (a) If the data is receptive information - the secondary reason is directly linked to the primary reason; and the individual would reasonably predict the organization to use or reveal the data for the secondary goals.

    (b) If the data is not receptive information, the secondary reason is associated to the main goals and the individual would reasonably predict the organization to use or disclose the information for the secondary reason.

    (c) The individual approval to the need or revelation of the information.

    (d) An agency sensibly understand that the use or revelation is essential to lessen or avoid a serious and imminent threat to the individual’s or another individual’s life, health or safety; or a serious danger to public health or public safety.

    (e) An agency has motive to suspect that unlawful event has been, is being or can be occupied in and uses or disclose the information as an essential part of its investigation of the element or in documenting its problem to relevant persons or authorities.

    (f) The use or revelation is required or authorized by law.

    (g) An agency sensibly believes that the use or disclosure is sensibly important for one or more of the following by or on behalf of a law enforcement agency −

    • It can be preventing, detecting, investigating, prosecuting or punishing an offence or a breach of a prescribed law.
    • It can be enforcing a law relating to the confiscation of proceeds of crime.
    • It can be protecting public revenue.
    • It can be preventing, detecting, investigating or remedying seriously improper conduct or prescribed conduct.
    • It can be preparing for or conducting events before a court or tribunal or implementing the orders of a court or tribunal.
  • An agency is also accountable to the requirement of IPP 9 if it transfers personal information to a person external the Territory.

  • If an agency needs or revelations personal information to a law enforcement agency, the agency should make a documented note of the use or revelation.