RIGHT TO INFORMATION / INFORMATION PRIVACY (RTI/IP)
Evidence of Identity / Evidence of Authorisation requirements
for applicants and agents
This information sheet sets out the requirements for establishing 'evidence of identity' and 'evidence of authorisation', as
prescribed under the
Right to Information Act 2009 and the
Information Privacy Act 2009.
Key principles
Key Principles
To ensure the appropriate protection of personal information held by government, the
Right to Information
Act 2009 and the
Information Privacy Act 2009 both require that specific precautions are taken before
processing applications for access to, or amendment of, documents containing personal information.
These precautions include verifying the identity of applicants, and also verifying the identity and authority of
persons who state that they are acting as an applicant's agent, in relation to applications for access to, or
amendment of, personal information.
Statutory requirements
Statutory Requirements
Authority
Applications under the Information Privacy Act 2009
What is required
(IP Act)
Access application made by individual on own behalf
• Evidence of applicant's identity
s 43(3)(a)
Access application made by agent on behalf of applicant
• Evidence of applicant's identity
s 43(3)(a)
eg. - by solicitor on behalf of client
• Evidence of agent's identity
s 43(3)(b)
-
by parent or other person on behalf of child
• Evidence of agent's authorisation
s 43(3)(b)
Amendment application made by individual on own behalf
• Evidence of applicant's identity
s 44(5)(a)
Amendment application made by agent on behalf of applicant • Evidence of applicant's identity
s 44(5)(a)
eg. - by solicitor on behalf of client
• Evidence of agent's identity
s 44(5)(b)
-
by parent or other person on behalf of child
• Evidence of agent's authorisation
s 44(5)(b)
Applications under the Right to Information Act 2009*
Authority
*if the application is for access to a document containing
What is required
(RTI Act)
personal information of the applicant
Access application made by individual on own behalf
• Evidence of applicant's identity
s 24(3)(a)
Access application made by agent on behalf of applicant
• Evidence of applicant's identity
s 24(3)(a)
eg. - by solicitor on behalf of client
• Evidence of agent's identity
s 24(3)(b)
-
by parent or other person on behalf of child
• Evidence of agent's authorisation
s 24(3)(b)
What is sufficient ‘evidence of identity’ (for both applicant and agent)?
The evidence of identity prescribed* for a person is a document verifying the person’s identity, including, for
example–
(a) a passport; or
(b) a copy of a certificate or extract from a register of births; or
(c) a driver licence; or
(d) a statutory declaration from an individual who has known the person for at least 1 year; or
(e) if the person is a prisoner within the meaning of the
Corrective Services Act 2006 – a copy of
the person's identity card from the department administering the Act that is certified by a
corrective services officer.
If a document, other than a prisoner identity card (
see (e) above), is a photocopy of an original document,
the document must be certified by a qualified witness as being a correct copy of the original document.
qualified witness means—
(a) a lawyer or notary public; or
(b) a commissioner for declarations; or
(c) a justice of the peace.
* see
Information Privacy Regulation 2009, section 3;
Right to Information Regulation 2009, section 3
Prepared by: Privacy and Right to Information Unit, Department of Health
March 2013
What is sufficient ‘evidence of authorisation’ (for an agent)?
? No specific requirements have been prescribed by regulation. However, the
Information Privacy Act 2009
and
the
Right
to
Information
Act
2009
both
contain
the
following
examples*:
Examples of an agent’s authorisation—
• the wil or court order appointing the agent to act as the applicant’s guardian
• the client agreement authorising a legal practitioner to act for an applicant
• if the application is made on behalf of a child (in reliance on section 45 IPA; section 25 RTIA),
evidence the agent is the child’s parent
* see
Information Privacy Act 2009, section 43(3) (b);
Right to Information Act 2009, section 24(3) (b)
When must the evidence of identity and/or authorisation be provided? The
Information Privacy Act 2009 and the
Right to Information Act 2009 both require that evidence of the
applicant's identity, and where necessary, evidence of an agent's authorisation, must be provided
with the
application or within 10 business days after making the application.
What happens if the required documentation is not provided?
The evidence of identity / authorisation requirements in the
Information Privacy Act 2009 and the
Right to
Information Act 2009 are included in the list of "relevant application requirements" which must be satisfied in
order for an application to be considered valid.
If the required evidence is not provided, an RTI / IP officer will contact the applicant (or agent) to inform
them of the application's non-compliance with statutory requirements. If the applicant (or agent) has still not
provided the required documentation within a reasonable period, the only course open to the RTI / IP officer
is to make a decision refusing to deal with the application because it does not comply with all relevant
application requirements. This is a reviewable decision, subject to (
optional) internal review within the
department, and external review by the independent Office of the Information Commissioner.
This summary discusses general principles only.
If you need any additional information about the 'evidence of identity’ or 'evidence of
authorisation' requirements for RTI or IP applications made to the Department of Health,
please contact:
Privacy and Right to Information Unit
Corporate Services Division
Department of Health
GPO Box 48
BRISBANE QLD 4001
Phone: (07) 3082 0546
Email
: xxxxxxxxxxx@xxxxxx.xxx.xxx.xx
Prepared by: Privacy and Right to Information Unit, Department of Health
March 2013