PRIVACY ACT 1988

PART VIA - DEALING WITH PERSONAL INFORMATION IN EMERGENCIES AND DISASTERS  

Division 3 - Provisions dealing with the use and disclosure of personal information  

SECTION 80P   AUTHORISATION OF COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION  

80P(1)  
At any time when an emergency declaration is in force in relation to an emergency or disaster, an entity may collect, use or disclose personal information relating to an individual if:


(a) the entity reasonably believes that the individual may be involved in the emergency or disaster; and


(b) the collection, use or disclosure is for a permitted purpose in relation to the emergency or disaster; and


(c) in the case of a disclosure of the personal information by an agency - the disclosure is to:


(i) an agency; or

(ii) a State or Territory authority; or

(iii) an organisation; or

(iv) an entity not covered by subparagraph (i), (ii) or (iii) that is, or is likely to be, involved in managing, or assisting in the management of, the emergency or disaster; or

(v) a responsible person for the individual; and


(d) in the case of a disclosure of the personal information by an organisation or another person - the disclosure is to:


(i) an agency; or

(ii) an entity that is directly involved in providing repatriation services, medical or other treatment, health services or financial or other humanitarian assistance services to individuals involved in the emergency or disaster; or

(iii) a person or entity prescribed by the regulations for the purposes of this paragraph; or

(iv) a person or entity specified by the Minister, by legislative instrument, for the purposes of this paragraph; and


(e) in the case of any disclosure of the personal information - the disclosure is not to a media organisation.

80P(2)  
An entity is not liable to any proceedings for contravening a secrecy provision in respect of a use or disclosure of personal information authorised by subsection (1), unless the secrecy provision is a designated secrecy provision (see subsection (7)).

80P(3)  
An entity is not liable to any proceedings for contravening a duty of confidence in respect of a disclosure of personal information authorised by subsection (1).

80P(4)  


An entity does not breach an Australian Privacy Principle, or a registered APP code that binds the entity, in respect of a collection, use or disclosure of personal information authorised by subsection (1).

80P(5)  
(Repealed by No 197 of 2012)

80P(6)  
A collection, use or disclose of personal information by an officer or employee of an agency in the course of duty as an officer or employee is authorised by subsection (1) only if the officer or employee is authorised by the agency to collect, use or disclose the personal information.

80P(7)  


In this section:

designated secrecy provision
means any of the following:


(a) sections 18, 18A, 18B and 92 of the Australian Security Intelligence Organisation Act 1979 ;


(b) section 34 of the Inspector-General of Intelligence and Security Act 1986 ;


(c) sections 39, 39A, 40, 40B to 40H, 40L, 40M and 41 of the Intelligence Services Act 2001 ;


(ca) sections 42 to 44 of the Office of National Intelligence Act 2018 ;


(d) a provision of a law of the Commonwealth prescribed by the regulations for the purposes of this paragraph;


(e) a provision of a law of the Commonwealth of a kind prescribed by the regulations for the purposes of this paragraph.

entity
includes the following:


(a) a person;


(b) an agency;


(c) an organisation.





This information is provided by CCH Australia Limited Link opens in new window. View the disclaimer and notice of copyright.