Special privacy rules for specific areas and issues
Privacy codes of practice for specific areas
The Privacy Commissioner has the power to issue codes of practices, which may modify the usual privacy laws (the privacy principles) to take account of the special characteristics of particular industries or particular types of information.
Three existing codes of practice are discussed below.
Health Information Privacy Code 1994
This code sets out specific rules that regulate the handling of health information by health agencies.
Your “health information” includes information about:
- your health – for example, your medical history
- any disability you have, or used to have
- any health or disability services that have been provided to you.
The aims of the code are to:
- give extra protection to health information, as most people see that as being highly sensitive
- take account of the particular characteristics of the health sector and health information – for example, the code allows for a representative to act on your behalf if you’re unable to exercise your rights under the code because you’re unconscious or for some other reason.
The rules in the code include, for example, that health professionals can share information about you when there’s a serious threat to your life or well-being.
Telecommunications Information Privacy Code 2003
This code sets out specific rules regulating telecommunications agencies to provide better protection for individual privacy. It mainly covers the telecommunications industry in its dealings with the information of customers and users.
For example, one of the rules in the code concerns where a phone company offers a number display service that allows you to see the number of the person calling you – commonly called “caller ID” or “caller display”, but in the code called “Caller Line Identification Presentation”. In these cases the phone company must provide the caller with the ability to block their number from appearing on the phone of the person they’re calling.
Credit Reporting Privacy Code 2004
This code sets out specific rules regulating credit reporters. Credit reporters are businesses that gather and sell information about individuals’ credit histories, including failing to pay bills and being going into bankruptcy.
There’s more about credit reporting in this manual. See “Debt recovery and enforcement” in the chapter “Credit and debt”.
The Credit Reporting Privacy Code deals with:
- what information can be reported about you
- who the information can be reported to
- how long credit reporters can continue to report on things after they happen
- when your permission is needed for credit reporters to report information
- your rights to have access to and correct information that credit reporters hold about you
- how to complain about a breach of this code.
The Credit Reporting Privacy Code allows banks, finance companies, and phone and power companies to share repayment information with credit reporters, subject to a number of conditions.
People who can get access to your credit history information may include lenders, prospective landlords, employers and insurers, but you have consent before they be given the information. However, credit reporting agencies generally don’t need your consent in order to disclose reports to debt collectors, people involved in court proceedings against you, and certain government agencies.
Credit reporting agencies must take reasonable steps to make sure the information they hold about you is accurate, up-to-date, complete, relevant, and not misleading.