16.08.2010
24.2 The Information Privacy Principles (IPPs) and National Privacy Principles (NPPs) both set out openness requirements. IPP 5.1 provides that a record-keeper, in possession or control of records containing personal information, must take such steps as are reasonable in the circumstances to enable any person to ascertain:
whether the record-keeper has possession or control of any records that contain personal information; and, if so
the nature of the information, the main purposes for which it is used and how to gain access to the record containing the information.
24.3 The record-keeper does not need to comply with IPP 5.1 if required or authorised to refuse to give that information by a federal law that provides for access to documents.[1] A record-keeper is also required to maintain a record setting out: the nature of the records of personal information it keeps; the purpose for which each type of record is kept; the classes of individuals about whom records are kept; the period for which each type of record is kept; who is entitled to access the personal information, and upon what conditions; and how persons can access the information. The record-keeper is to make the record setting out the above information available for public inspection, and is to give the Privacy Commissioner a copy of the record in June each year.[2]
24.4 NPP 5 provides that an organisation must set out in a document clearly expressed policies on its management of personal information. The organisation must make the document available to anyone who asks for it. On request, an organisation must take reasonable steps to let a person know, generally, what sort of personal information it holds, for what purposes, and how it collects, holds, uses and discloses that information.