Saturday, 24th of February, 2018

Tasmania - Privacy


In Tasmania, privacy is regulated by the Right to Information Act 2009 which is covered in the ‘Right to Information’ section, and the Personal Information Protection Act 2004. Other legislation that impacts on privacy includes the Telecommunications (Interception) Tasmania Act 1999, the Police Powers (Controlled Operations) Act 2006, and the Police Powers (Surveillance Devices) Act 2008.

The Tasmanian Ombudsman investigates complaints concerning all of these acts, and also reviews decisions issued under the Right to Information Act.

Privacy is important in all areas of the law, including the criminal law. It is a balance between the interests of the state in preventing and punishing crime, and the rights of citizens, no matter whether they are under investigation for possible criminal offences. Just as personal information held by government bodies is protected from general and unregulated dissemination, so is information held by the police where that information has been obtained by an invasion of privacy, such as by use of a surveillance device. Rights of access to such information are diminished because of the necessity of the administration of justice, in contrast to the access permitted to private citizens seeking disclosure from government authorities concerning their personal information.

Personal Information Protection Act 2004 (Tas)

The Personal Information Protection Act (the PIP Act) is subordinate to other legislation where its provisions are inconsistent with other legislation. This means that the Right to Information Act will take precedence over the PIP Act if there is an inconsistency in the provisions.

The PIP Act allows a person to apply for and have access to personal information held by a personal information custodian (Schedule 1 – Clause 6). There are three points to address in terms of this right to apply for access. Firstly, an application isn't guaranteed to result in access. Access MAY be granted, but it is not a MUST. Secondly, access to personal information is not access to the document that contains the personal information. Personal information, when provided under a request through the PIP Act, will usually be provided in the form of an extract of the document containing the information. This personal information can be both or either information or an opinion about a person. Furthermore, the person's identity must be apparent or reasonably ascertainable (Guideline 1/2013). Thirdly, ‘personal information custodian’ (PIC) is a very broad term, and can refer to:

  • A public authority
  • Any body, organisation or person who has entered into a personal information contract relating to personal information
  • A prescribed body

In relation to the second dot point, a personal information contract can be between a government body/public authority, such as the Hobart City Council or DPIPWE, and a private company. For example, the HCC might enter into a contract with a private company to collect and store information on dog owners. This would mean that the private company would be a personal information custodian for the purposes of a person who wants to access information stored about them and their ownership of dogs.

A request to a PIC to access personal information must be in writing. You may also request that information held is amended if you find it is incorrect (s17A). If a personal information custodian refuses your request to see your personal information or does not respond within 20 working days then on receipt of a second written request they must treat your request as an application for assessed disclosure under the Right to Information Act 2009 and the timelines and review rights under that Act apply. At the end of the process, if there has been no grant of access, an applicant can make a complaint to the Ombudsman, be it either under section 44 of the Right to Information Act 2009 or the PIP Act section 18.

The PIP Act has two sets of personal information: personal information collected before the commencement of the Act, and personal information collected after. Personal information collected after the commencement of the Act is to be treated in accordance with all the principles set out in Schedule 1 of the Act (s6). The principles exclusive to information collected after commencement are:

  • A personal information custodian must not collect personal information unless the information is necessary for one or more of its functions or activities
  • A personal information custodian must not assign a unique identifier to an individual unless it is necessary for it to carry out any of its functions efficiently.
  • Anonymity: Wherever it is lawful and practicable, individuals must have the option of not identifying themselves when entering transactions with a personal information custodian.
  • A personal information custodian must not collect sensitive information about an individual unless the individual has consented, or the collection is required or permitted by law; or the collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual.

Information collected before the commencement of the Act is to be governed in accordance with principles 2, 3, 4, 5, 6 and 9 only.

There is a requirement in the Act that all personal information custodians comply with these Personal information protection principles (ss16 and 17). Complaints are managed by the Ombudsman.

There are exemptions to the provisions of the Act. These are:

  • Courts and tribunals;
  • Public information;
  • Law enforcement information where non-compliance is reasonably necessary for law enforcement functions and activities;
  • Employee information;
  • Unsolicited information – information given without being sought to a public information custodian; and
  • The use of information for basic purposes, such as storage, communication with a public sector body, and the information is basic personal information (such as name and age).

Criminal Procedure Legislation

The Telecommunications (Interception) Tasmania Act 1999, the Police Powers (Controlled Operations) Act 2006, and the Police Powers (Surveillance Devices) Act 2006 are statutes that concern criminal procedure: the activities of police in investigating criminal matters.

Police powers under these Acts tend to be concerned with listening to, observing, or recording the interactions of people, some of who will be under a criminal investigation, and others who are incidental to that criminal investigation by association. The Telecommunications (Interception) Tasmania Act 1999 enables the Tasmania Police Service to be classified as an agency for the purposes of the Commonwealth Act of the same name. The Commonwealth Act creates powers to intercept telecommunications, i.e. listen to conversations. The Tasmanian Act creates obligations to do with storage of records, inspection of records, and the keeping and destruction of restricted records. A restricted record is a record in the possession of the Tasmania Police, created pursuant to the Act.

Section 8 of the Telecommunications Act stipulates that restricted records are required to be kept in secure place to prevent access by people not entitled to deal with it, and these records must be destroyed once the Commissioner of Police is satisfied that there is no likely permitted use for the records.

The Police Powers (Controlled Operations) Act 2006 concerns operations conducted or intended to be conducted for the purpose of obtaining evidence that may lead to a prosecution of a person for a relevant offence, that also involves or may involve controlled conduct. Controlled conduct is conduct that would otherwise constitute a criminal offence. This Act involves authorisation of, for example, undercover officers to engage in criminal conduct in an investigation, or even something as simple as trespass. Obviously, this can impinge on the privacy of people investigated.

There are strict requirements for authorisation of controlled operations (s9). Enough information must be provided to allow the decision maker to decide whether or not to grant the application. This would be information that illustrated the likelihood of obtaining evidence, the type of offences suspected, and the public interest in preventing the continuation of the offences.

Importantly, the Act contains provisions to do with record keeping (Part 4, Division 2), and unauthorised disclosure of information (s26). A person investigated and a person investigating have protection in that a person who discloses any information to do with a controlled operation is guilty of an offence punishable by up to 2 years imprisonment. Document keeping requires record keepers to maintain all the documentation relating to authorisation of controlled operations under the Act. However, there are no requirements for destruction of documents.

The Police Powers (Surveillance Devices) Act 2006 contains controls on the use, communication and publication of information obtained through use of a surveillance device warrant issued under the Act. Section 33(1) is directed toward where information, whether protected or not, is published, whether or not it jeopardises an investigation. The penalty is up to 2 years imprisonment. Section 33(2) where publication of information prejudices or will prejudice the effective conduct an investigation or the health and safety of any person attracts a maximum penalty of 10 years imprisonment. Both provisions require intentionality of the act or recklessness. These provisions do not apply to information that has been disclosed in court or have entered the public domain (s33(3)). Section 34(1)(b) provides for the destruction of records or reports obtained by use of a surveillance device if it is not likely to be used for an investigation, making a decision to prosecute or other deliberations, investigation of a complaint, or any criminal proceeding (see: s33(4)).

Complaints - Privacy

Complaints about privacy involving state organisations can be made to the State Ombudsman.


This does not constitute legal advice and the Tasmanian Law Handbook should not be used as a substitute for legal advice. No responsibility is accepted for any loss, damage or injury, financial or otherwise, suffered by any person acting or relying on information contained in it or omitted from it.