Other legislation

Other than the Privacy Act 1988 (Privacy Act), there are a number of other Australian laws that relate to privacy. Due to their link to privacy, the following laws generally require the Australian Information Commissioner (Information Commissioner) to perform certain duties or activities or require certain agencies to consult the Information Commissioner on privacy matters.

Australian Capital Territory Privacy

The Information Privacy Act 2014 (ACT) regulates how personal information is handled by ACT public sector agencies. This Act includes a set of Territory Privacy Principles (TPPs), which cover the collection, use, storage and disclosure of personal information, and an individual’s access to and correction of that information. The Australian Information Commissioner has some regulatory responsibilities in relation to this Act, including handling complaints by individuals against ACT public sector agencies.

More information can be found on the Australian Capital Territory Privacy page.


Under the Telecommunications Act 1997 and the Telecommunications (Interception and Access) Act 1979 the Information Commissioner must be consulted and has monitoring and compliance functions in relation to the privacy of personal information held by telecommunications carriers, carriage service providers and others.

More information can be found on the Telecommunications page.


The National Health Act 1953 (NH Act) and legally binding privacy guidelines issued under the NH Act regulate the handling of Medicare and pharmaceutical benefits (MBS and PBS) information. Agencies that handle MBS and PBS information must inform the Information Commissioner about certain matters under the guidelines. A person may complain to the Information Commissioner if they believe that a breach of the guidelines has occurred.

More information can be found on the Medicare and pharmaceutical benefits page.


The Data-matching Program (Assistance and Tax) Act 1990 and legally binding guidelines issued under that Act regulate the use of tax file numbers (TFNs) in matching personal information held by the Australian Taxation Office and assistance agencies such as the Department of Human Services and the Department of Veterans' Affairs. A person may complain to the Information Commissioner if they feel that a breach of that Act or guidelines has occurred. The Office of the Australian Information Commissioner (OAIC) has also issued voluntary guidelines for agencies, which generally apply to data-matching that does not involve TFNs.

More information can be found on the Government data-matching page.

Criminal records

The  Crimes Act 1914 (Crimes Act) — Part VIIC of the Crimes Act relates to criminal records covered by the Commonwealth Spent Convictions Scheme, which provides protection for individuals with old minor convictions in certain circumstances. The Information Commissioner has the power to investigate breaches of the legislation and is also required to provide advice to the Attorney-General in relation to exemptions under the scheme. An individual may complain to the Information Commissioner if they believe that a person or a Commonwealth or State authority has breached the provisions of the Spent Convictions Scheme.

More information can be found on the criminal records page.

Anti-money laundering and counter-terrorism

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) aims to prevent money laundering and the financing of terrorism by imposing a number of obligations on the financial sector, gambling sector, bullion dealers and other professionals or businesses that provide particular 'designated services'. The Australian Transaction Reports and Analysis Centre (AUSTRAC) is the agency responsible for ensuring compliance with the AML/CTF Act, and must consult the Information Commissioner on matters that relate to the privacy of individuals.

More information can be found on the Anti-money laundering page.

Healthcare identifiers

The Healthcare Identifiers Act 2010 (HI Act) establishes the Healthcare Identifiers Service (HI Service) and prescribes how healthcare identifiers will be assigned and how they can be used and disclosed. The Information Commissioner has oversight and compliance functions under the HI Act, including investigating complaints about the mishandling of healthcare identifiers

More information can be found on the Healthcare identifiers page.


The Personally Controlled Electronic Health Records Act 2012 (PCEHR Act) and the rules and regulations issued under the PCEHR Act create the legislative framework for the Australian Government’s personally controlled electronic health (eHealth) record system. Under the eHealth record system the OAIC regulates the handling of personal information by individuals, Commonwealth government agencies, private sector organisations and some state and territory agencies (in particular circumstances).

More information is available on the eHealth records page.

Personal Property Securities Register

The Personal Property Securities Act 2009 (PPS Act) established a single, national, online Personal Property Securities Register (PPS Register). The PPS Register allows lenders and businesses to register their security interests over personal property. Registrations on the PPS Register may include personal information about individuals. 

More information is available on the Personal Property Securities Register page.

Share this page

Protecting information rights — advancing information policy