VICIn ForceAct
Privacy and Data Protection Act 2014
20Organisations to comply with Information Privacy Principles
Start here
Get a plain-English read of 20
Turn the raw legal text into a practical explanation grounded in Privacy and Data Protection Act 2014.
20 Organisations to comply with Information Privacy Principles
(1) An organisation must not do an act, or engage in a practice, that contravenes an Information Privacy Principle in respect of personal information collected, held, managed, used, disclosed or transferred by it.
(2) A public sector agency or a Council must, in administering a public register, so far as is reasonably practicable, not do an act or engage in a practice that would contravene an Information Privacy Principle in respect of information collected, held, managed, used, disclosed or transferred by it in connection with the administration of the public register if that information were personal information.
(3) Subsections (1) and (2) do not apply if the act or practice is permitted under—
(a) a public interest determination; or
(b) a temporary public interest determination; or
(c) an approved information usage arrangement.
Division 3—Codes of practice