11TPP 11—security of personal information

11 TPP 11—security of personal information 11.1 If a public sector agency holds personal information, the agency must take reasonable steps to protect the information— (a) from misuse, interference or loss; and (b) from unauthorised access, modification or disclosure. 11.2 If— (a) a public sector agency holds personal information about an individual; and (b) the agency no longer needs the information for a purpose for which the information may be used or disclosed by the agency under the TPPs; and (c) the information is not contained in a territory record; and (d) the agency is not required by or under an Australian law, or a court or tribunal order, to retain the information; the agency must take reasonable steps to destroy the information or to ensure that the information is de-identified. Territory privacy principles Schedule 1 Access to, and correction of, personal information Part 1.5 Section 12 R13 16/12/25 Information Privacy Act 2014 Effective: 16/12/25 page 59 Authorised by the ACT Parliamentary Counsel—also accessible at www.legislation.act.gov.au Part 1.5 Access to, and correction of, personal information