Protecting privacy as a supplier or provider
If you're working with us, you have responsibilities when handling our clients' information.
On this page
Your obligations under the Privacy Act 2020
All businesses have obligations under the Privacy Act 2020. You need to follow the 12 Information Privacy Principles and the Health Information Privacy Code. These cover the collection, handling and use of personal information.
You’re also required to have a Privacy Officer overseeing privacy in your business.
What we expect of you as our supplier
For suppliers who have access to personal or health information we expect you to:
- meet the requirements of related legislation
- work with us in a transparent way
- notify us of potential privacy risk
- notify us of a privacy breach or near miss
- contact us to help you make things right
- resolve issues as they arise
- keep a privacy register that includes breaches, near misses and remedial action plans.
What a privacy breach or near miss is
A breach is any breach of the Information Privacy Principles set out in the Privacy Act 2020.
A near miss is an action that would've led to a privacy breach but didn’t because the information wasn’t disclosed.
Tips for protecting privacy
The Office of the Privacy Commission has a full guide for agencies and organisations that hold personal information:
They also have a privacy checklist to help you get started:
Where you can go for more help
Your engagement and performance manager
If you're a health provider, contact your engagement and performance manager first. They'll help explain your responsibilities and give you helpful resources.
Our Privacy Officer
If you have a question or concern about our privacy, contact:
The Privacy Officer
Accident Compensation Corporation
PO Box 242
The Office of the Privacy Commissioner
The Privacy Commissioner oversees the Privacy Act 2020: