Express law No. 49

7 December 2006

Amendments to the Privacy Act

The Privacy Legislation
Amendment (Emergencies and Disasters) Act 2006 has today
received Royal Assent. The Act amends
the Privacy Act 1988 to make provision for the collection,
use and disclosure of personal information in emergencies
and disasters. In this Express law we highlight the key

Privacy Legislation Amendment (Emergencies and
Disasters) Act 2006

The Act introduces a new Part VIA to
the Privacy Act, which facilitates information exchange
between Australian Government
agencies, state and territory agencies, non government
organisations and the private sector in emergency or disaster
situations. Part VIA does not require or compel any entity
to collect, use or disclose personal information, but rather
provides that disclosure is permitted in certain circumstances.
The legislation was introduced into Federal Parliament
in response to criticism concerning impediments to disclosure
of personal information under the Privacy Act following
the tsunami disaster of December 2004.

Declaration of emergency

The provisions of Part VIA are
triggered by a declaration of emergency by either the Prime
Minister or the Attorney-General.
A declaration can be made if the Prime Minister or the
Attorney-General is satisfied that an emergency or disaster
has occurred either in or outside Australia, that has affected
one or more Australian citizens or permanent residents
and that is of such a kind that warrants the exchange of
personal information. A declaration of emergency made under
Part VIA can operate for up to 12 months.

Collection, use
or disclosure of personal information

At any time when an
emergency declaration is in force, a person, agency, or
organisation may collect, use or disclose
personal information relating to an individual if:

  • the entity reasonably believes that the individual
    concerned may be involved in an emergency or disaster
  • it is for a permitted purpose, and
  • it is not a disclosure to a media organisation.

A person,
agency or organisation may only disclose the information
to certain specified authorities and entities.

A 'permitted
purpose' is defined in the Act
to be a purpose that directly relates to the Commonwealth's
response to an emergency or disaster in respect of which
an emergency declaration is in force. The Act provides
a non-exhaustive list of permitted purposes, including:

  • identifying individuals who are or may be injured,
    missing or dead as a result of the emergency or disaster,
    are or may be otherwise involved in the emergency or
  • assisting individuals involved in the emergency or
    disaster to obtain services, such as repatriation services,
    treatment and financial or other humanitarian assistance
  • assisting with law enforcement in relation to the
    emergency or disaster
  • coordination or management
    of the emergency or disaster.

There are protections for
persons, agencies and organisations against prosecution
for contravention of certain secrecy
provisions and against civil liability for breach of

Disclosure of information – offence

Part IVA creates
an offence for unauthorised disclosures of personal information.
A person commits an offence
if they receive personal information pursuant to Part
and then subsequently disclose the information to another
entity, unless this disclosure occurs in prescribed

Text of the Bill is available at:

further information please contact:

Justin Hyland
Senior Executive Lawyer
T 02 62537417 F 02 62537380

Important: The material in Express law is
provided to clients as an early, interim view for general
information only, and further analysis on the matter
may be prepared by AGS. The material should not be
relied upon for the purpose of a particular matter.
Please contact AGS before any action or decision is
taken on the basis of any of the material in this message.