Right to privacy

Part of the Privacy and right to information topic.

Queensland's Information Privacy Act 2009 (IP Act) provides for the fair collection and handling of personal information by Queensland Government agencies.

On this page

What you should know

Queensland Government agencies are required to comply with the Queensland Privacy Principles (QPPs) within the IP Act. There are some specific circumstances where compliance with the QPPs is not required.

The IP Act sets out rules forhow agencies must handle information:

  • storage
  • access
  • amendment (correction)
  • management
  • transfer
  • use
  • disclosure.

The IP Act also includes rules for:

  • disclosing information outside of Australia
  • binding contracted services providers to the privacy principles
  • notifying of an eligible data breach.

If you believe a Queensland Government agency has not handled your personal information in a way that's consistent with the privacy principles, you can complain to the relevant government agency.

If you're not happy with the response from the relevant government agency, or if you haven't received a response 45 days after the date of your complaint, you can complain to the Office of the Information Commissioner.

What is personal information

Personal information is any information that does, or can reasonably, identify a living person. Examples include:

  • name
  • address
  • phone number
  • date of birth
  • medical records
  • blank account details
  • employment details
  • commentary or opinions made by, or about, the individual.

Privacy principles

See Schedule 3 of the Information Privacy Act 2009 for the full Queensland Privacy Principles details. The following is a summary.

Consideration of personal information privacy

See the QPP 1 – open and transparent management of personal information

Agencies must have an up-to-date Privacy Policy.

QPP 2 – anonymity and pseudonymity

Agencies must provide you with the option of not identifying yourself when dealing with the agency.

Collection of personal information

QPP 3 – collection of solicited personal information

QPP 4 – dealing with unsolicited personal information

QPP 5 – notification of the collection of personal information

Agencies can only collect your personal information, including your sensitive information, if it is reasonably necessary for, and directly related to their functions and activities.

Collection of sensitive information

Your sensitive information cannot be collected by an agency unless you give your consent, or an exception in the IP Act applies.

Sensitive information is defined in the IP Act as:

  • racial or ethnic origin
  • political opinions or membership of a political association
  • religious beliefs or affiliations or philosophical beliefs
  • membership of a professional or trade association or membership of a trade union
  • sexual orientation or practices
  • criminal record
  • health information
  • genetic information
  • biometric information that is to be used for the purpose of automated biometric identification (e.g. fingerprints and retina scans) or biometric templates (used in facial recognition technology as a mathematical representation of features from biometric information).

No other types of information are 'sensitive' for the purposes of the IP Act.

Agency obligations for collecting personal or sensitive information

QPP 5 requires agencies to inform you of certain things when collection your personal information. See QPP 5.2 for a full list.

Use or disclosure of personal information

QPP 6 – use or disclosure of personal information

Agencies can use and disclose your personal information for the primary purpose it was collected, or a secondary purpose if an exception applies.

Integrity of personal information

QPP 10 – quality of personal information

Agencies must take reasonable steps to ensure your personal information is accurate, up-to-date and complete.

QPP 11 – security of personal information

Agencies must protect your personal information from misuse, interference, or loss, including unauthorised access, modification or disclosure.

Agencies must take reasonable steps to destroy or de-identify your personal information if the agency no longer needs the information and it is not contained in a public record.

Access to, and correction of, personal information

QPP 12 – access to personal information

An agency must give you access to your personal information, unless information unless it can be refused under another law in force in Queensland.

QPP 13 – correction of personal information

An agency must correct your personal information, unless the correction can be refused under another law in force in Queensland. If an agency refuses to correct your personal information you may request that a statement outlining your reasons for correcting the information is added to the agency's record.

Exceptions to privacy principles

Some entities, functions and documents are exempt from the privacy principles. For example:

  • Entities: Commissions of inquiry.
  • Functions: Judicial functions of courts.
  • Documents: Cabinet documents.
  • Ministerial advice: Information provided to a minister for portfolio responsibilities.

Additionally, only some privacy principles apply to:

  • personal information you have published or provided for publication
  • specific law enforcement activities.

Last updated:
18 June 2026