The Privacy Act

The Privacy Act 1988 (Privacy Act) is an Australian law which regulates the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information, and access to and correction of that information. The Privacy Act includes:

  • 13 Australian Privacy Principles that apply to the handling of personal information by most Australian and Norfolk Island Government agencies and some private sector organisations
  • credit reporting provisions that apply to the handling of credit-related personal information that credit providers are permitted to disclose to credit reporting bodies for inclusion on individuals’ credit reports.

The Privacy Act also:

  • regulates the collection, storage, use, disclosure, security and disposal of individuals' tax file numbers
  • permits the handling of health information for health and medical research purposes in certain circumstances, where researchers are unable to seek individuals' consent
  • allows the Information Commissioner to approve and register enforceable APP codes that have been developed by an APP code developer, or developed by the Information Commissioner directly
  • permits a small business operator, who would otherwise not be subject to the Australian Privacy Principles (APPs) and any relevant privacy code, to opt-in to being covered by the APPs and any relevant APP code
  • allows for privacy regulations to be made.

Share this page

Protecting information rights — advancing information policy