Special privacy rules for specific areas and issues
Privacy codes of practice for specific areas
The Privacy Commissioner has the power to issue codes of practices. These may modify the usual privacy laws (the privacy principles) to take account of the special characteristics of particular industries or particular types of information.
Three existing codes of practice are discussed below.
Health Information Privacy Code 2020
This code sets out specific rules that regulate the handling of health information by health agencies.
Your “health information” includes information about:
- your health – for example, your medical history,
- any disability you have, or used to have, and
- any health or disability services that have been provided to you.
The aims of the code are to:
- give extra protection to health information (because most people think health information is particularly sensitive), and
- take account of the particular characteristics of the health sector and health information – for example, the code allows for a representative to act on your behalf if you’re unable to exercise your rights under the code because you’re unconscious or for some other reason.
The rules in the code include, for example, that health professionals can share information about you when there’s a serious threat to your life or well-being.
Telecommunications Information Privacy Code 2020
This code sets out specific rules regulating telecommunications agencies to provide better protection for individual privacy. It mainly covers the telecommunications industry in its dealings with the information of customers and users.
For example, one of the rules in the code concerns where a phone company offers a number display service that allows you to see the number of the person calling you – commonly called “caller ID” or “caller display,” but in the code called “Caller Line Identification Presentation”. In these cases, the phone company must provide the caller with the ability to block their number from appearing on the phone of the person they’re calling.
Credit Reporting Privacy Code 2020
This code sets out specific rules regulating credit reporters. Credit reporting agencies are businesses that gather and sell information about individuals’ credit histories. Credit histories include individuals’ failures to pay bills and any historic bankruptcies.
For more information about credit reports, see: “Debt recovery and enforcement”.
The Credit Reporting Privacy Code deals with:
- what information can be reported about you,
- who the information can be reported to,
- how long credit reporters can continue to report on things after they happen,
- when your permission is needed for credit reporters to report information,
- your rights to access and correct information that credit reporters hold about you, and
- how to complain about a breach of this code.
The Credit Reporting Privacy Code allows banks, finance companies, and phone and power companies to share repayment information with credit reporters, subject to a number of conditions.
Credit reporting agencies can only give your credit history information to lenders, prospective landlords, employers and insurers if you have consented first. However, credit reporting agencies don’t need your consent in order to give your credit history information to debt collectors, people involved in court proceedings against you, and certain government agencies.
Credit reporting agencies must take reasonable steps to make sure the information they hold about you is accurate, up-to-date, complete, relevant, and not misleading.