Sensitive information is a subset of personal information and is given a higher level of protection under Australia’s National Privacy Principles because it is highly personal and may give rise to unjustified discrimination against individuals.
‘Sensitive information’ is defined in the Australian Privacy Act to mean information or an opinion about an individual’s:
- racial or ethnic origin
- political opinion
- membership of a political association
- religious beliefs or affiliations
- philosophical beliefs
- membership of a professional or trade association
- membership of a trade union
- sexual preferences or practices; or
- criminal record.
Sensitive information also includes health information and genetic information about an individual that is not otherwise health information.
The higher level of privacy protection given to sensitive information includes:
• It may only be collected with consent, except in specified circumstances. Consent is generally not required to collect ‘personal information’ that is not ‘sensitive information’
• It must not be used or disclosed for a secondary purpose unless the secondary purpose is directly related to the primary purpose of collection and within the reasonable expectations of the individual
• It cannot be used for the secondary purpose of direct marketing
It cannot be shared by ‘related bodies corporate’ in the same way that they may share other ‘personal information’.