Express law

7 December 2006

Amendments to the Privacy Act

The Privacy Legislation Amendment (Emergencies and Disasters) Act 2006 has today received Royal Assent. The Act amends the Privacy Act 1988 to make provision for the collection, use and disclosure of personal information in emergencies and disasters. In this Express law we highlight the key changes.

Privacy Legislation Amendment (Emergencies and Disasters) Act 2006

The Act introduces a new Part VIA to the Privacy Act, which facilitates information exchange between Australian Government agencies, state and territory agencies, non government organisations and the private sector in emergency or disaster situations. Part VIA does not require or compel any entity to collect, use or disclose personal information, but rather provides that disclosure is permitted in certain circumstances. The legislation was introduced into Federal Parliament in response to criticism concerning impediments to disclosure of personal information under the Privacy Act following the tsunami disaster of December 2004.

Declaration of emergency

The provisions of Part VIA are triggered by a declaration of emergency by either the Prime Minister or the Attorney-General. A declaration can be made if the Prime Minister or the Attorney-General is satisfied that an emergency or disaster has occurred either in or outside Australia, that has affected one or more Australian citizens or permanent residents and that is of such a kind that warrants the exchange of personal information. A declaration of emergency made under Part VIA can operate for up to 12 months.

Collection, use or disclosure of personal information

At any time when an emergency declaration is in force, a person, agency, or organisation may collect, use or disclose personal information relating to an individual if:

  • the entity reasonably believes that the individual concerned may be involved in an emergency or disaster
  • it is for a permitted purpose, and
  • it is not a disclosure to a media organisation.

A person, agency or organisation may only disclose the information to certain specified authorities and entities.

A ‘permitted purpose’ is defined in the Act to be a purpose that directly relates to the Commonwealth’s response to an emergency or disaster in respect of which an emergency declaration is in force. The Act provides a non-exhaustive list of permitted purposes, including:

  • identifying individuals who are or may be injured, missing or dead as a result of the emergency or disaster, or are or may be otherwise involved in the emergency or disaster
  • assisting individuals involved in the emergency or disaster to obtain services, such as repatriation services, medical treatment and financial or other humanitarian assistance
  • assisting with law enforcement in relation to the emergency or disaster
  • coordination or management of the emergency or disaster.

There are protections for persons, agencies and organisations against prosecution for contravention of certain secrecy provisions and against civil liability for breach of confidence.

Disclosure of information – offence

Part IVA creates an offence for unauthorised disclosures of personal information. A person commits an offence if they receive personal information pursuant to Part IVA, and then subsequently disclose the information to another entity, unless this disclosure occurs in prescribed circumstances.

Text of the Bill is available at:

For further information please contact:

Justin Hyland
Senior Executive Lawyer
T 02 62537417 F 02 62537380

Important: The material in Express law is provided to clients as an early, interim view for general information only, and further analysis on the matter may be prepared by AGS. The material should not be relied upon for the purpose of a particular matter. Please contact AGS before any action or decision is taken on the basis of any of the material in this message.