Privacy implications for Family History Societies

dot Despite what you may have been told, Family History Organisations are required to comply with the new private sector provisions of the Australian Privacy Act from 21 December 2001.

dot Section 6C(1) of the Privacy Act deems that the following entities are exempt from the provisions of the act:

  1. The entity carries on a small business and meets the test to be a small business operator.
  2. The entity is a registered political party.
  3. The entity is a Commonwealth Government 'agency'.
  4. The entity is a State or Territory authority or a prescribed instrumentality of a State or Territory.

dot Section 6C of the Privacy Act sets out the types of entities that may be an organisation subject to the act. These are:

  1. an individual;
  2. a body corporate;
  3. a partnership;
  4. any other unincorporated association; and
  5. a trust.

dot We would also point out that any one has always had the right under common law to take any organisation to task if they are aggrieved, regardless of any new privacy laws. The difference now is that the enactment of such laws has raised people's awareness and they may be tempted to undertake such a civil action. Regardless of whether they are successful or not, we suspect there would be very few FHS and their management keen to endure such an ordeal!

dot NZ members also have no option but to conform to the NZ legislation. This paper embraces the requirements for both NZ and Australian FHS.

dot The Privacy Act applies to 'personal information', which is information about any identifiable individual. Societies might hold personal information about members and former members, ranging from just the person's name, address and phone number through to offices held, awards, skills, references and so on. A FHS society will also hold personal information about people other than members. Society minutes and correspondence may contain further personal information. Clearly FHS hold considerable personal information about people.

dot We are now subject to the act and so we may as well get used to it! If you wish to make yourself more familiar with the issues, check out the web sites ...

  1. - The Office of the Federal Privacy Commissioner
  2. - The Office of the New Zealand Privacy Commissioner

dot It should be noted that Australia and NZ have an obligation to their people to legislate privacy protection in the private sector since they signed the OECD Privacy Guidelines.

dot There are a few principles that must be adopted by FHS who look to adopting best practice in their dealings with their members and the public and these are outlined below:


  1. To establish a single scheme relating to the appropriate collection, holding, use, correction, disclosure; and transfer of personal information held by government and private sector organisations.
  2. To meet international obligations in regard to personal information.
  3. To recognise the individual's interest in protecting their privacy.


  1. FHS should disclose to the individual how they will use their personal information before collecting this data.
  2. FHS should not use personal data for any reason other than they state.
  3. FHS should not knowingly pass on personal data to a third party without gaining specific written consent from the individual first unless the disclosure of the information is required by law.
    1. Blanket written consent to pass on personal data is inappropriate as neither the FHS or individual can foresee future needs.
    2. It is appropriate that FHS retain the records of written consent.
  4. FHS must keep personal data secure and allow appropriate access only.
  5. FHS must allow access by an individual to their own personal data.
  6. FHS must update or correct personal data when advised by the individual that it is incorrect.
  7. FHS must keep personal records up-to-date.
  8. FHS must not collect personal information held by a third party without the consent of that party and
        the individual concerned unless entitled to do so by law.
  9. FHS should prepare and distribute widely a Privacy Statement which should outline their rules and
        responsibilities about collecting personal data.



dot Australia's definition of personal information varies slightly from the NZ one and the NZ Act does not define sensitive information.

dot Personal information on a living individual (member or otherwise) covered by these criteria include using the person's name in conjunction with a:

  1. private address, and/or,
  2. telephone number, and/or,
  3. credit, financial and/or banking record or details, and/or,
  4. parent or child's name, and/or,
  5. record of birth, marriage or death, and/or,
  6. motor vehicle registration record, and/or,
  7. health or medical record, and/or,
  8. employment record, and/or,
  9. any material about the individual which may lead to disclosure of any of the above or any material deemed sensitive as defined in Section 6 of the Privacy Act or any material which an individual deems to be private and have advised accordingly.


dot Sensitive information is a subset of personal information. It means information or opinion about an individualís racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or health information about an individual.

dot The criteria only apply to living people except where as indicated in 4 above the identification of a deceased person may reveal personal data of a living person.

dot For the purposes of FHS research programs, the requirements of the Act are not retrospective and FHS need only address issues from 21 Dec 2001. There are examples where retrospectivity does apply to present and past living membersí records as outlined above.

dot Many FHS are involved in indexing projects which is an issue that is somewhat unique to these organisations and therefore is specifically expanded upon here. The Privacy Act applies to personal information collected from public sources. Some people might think that because personal information is publicly available and anyone can see it, there should be no controls on the way an organisation handles it. However this is not the approach the Privacy Act takes. The Privacy Act will apply at the point where the organisation moves the information out of the generally available publication into a record of its own creation. So for example, if the organisation then takes information out of the newspaper and enters it onto its database of information, the Privacy Act would apply to the collection of the information at that point.

dot Many of the problems encountered by FHS relate to the over generous use of the word index. If the index created was indeed just an index, ie a finding aid to locate a record, the problem would not exist as no personal information would have been extracted. However, many indexes created by FHS are much more than mere indexes in that they contain additional information from the original entry so that they are in effect a precis of the entry rather than an index.

dot FHS should look at the scope of the material they intend to collate in terms of privacy before embarking on any project to index material from other sources. If clarification is required about an issue it is suggested that the FHS contact an officer in the Office of the Privacy Commissioner.

Graham Jaunay
July 2002

Thanks to Colleen Clarke, Compliance Officer of the Office of the Federal Privacy Commissioner for advice and checking this statement for correctness. For more details visit the Privacy Commissioner's page on this subject.

Click Image to visit Members List

Last modified: 12 October 2015

Copyright © 2004, The Australasian Federation of Family History Organisations Inc.
GPO Box 1394, Canberra, ACT, 2601, Australia
ABN 31 076 496 332