Who is governed by the privacy act

The rest of the principles govern how you use and share personal information. Make sure information is accurate, and you use and share it appropriately. Using and sharing personal information. Some industries and types of personal information have codes of practice which change how the Act applies to them. There are six codes of practice in operation:. If another law says something different to the privacy principles, that law overrides the Privacy Act. For example, if another statutory provision allows you to disclose information, in those circumstances, you won't be in breach of the Privacy Act by disclosing the information regardless of what principle 11 says.

Information for privacy officers. Privacy resources for agencies. If you want to know more about privacy, the Act, or our work in general, contact our enquiries line:. Send us an enquiry using our online form. Failure to attend etc. Failure to give information etc Protection from civil actions Power to enter premises Identity cards Certain documents and information not required to be disclosed Application of this Part to former organisations Part VI—Public interest determinations and temporary public interest determinations Division 1—Public interest determinations Power to make, and effect of, determinations Application by APP entity Publication of application etc Draft determination Conduct of conference Determination of application Making of determination Division 2—Temporary public interest determinations Temporary public interest determinations Effect of temporary public interest determination Commissioner may continue to consider application Division 3—Register of determinations Register of determinations Part VIA—Dealing with personal information in emergencies and disasters Division 1—Object and interpretation Meaning of permitted purpose Division 2—Declaration of emergency Declaration of emergency—events of national significance Declaration of emergency—events outside Australia Form of declarations When declarations take effect When declarations cease to have effect Division 3—Provisions dealing with the use and disclosure of personal information Authorisation of collection, use and disclosure of personal information Division 4—Other matters Disclosure of information—offence Operation of Part Severability—additional effect of Part Compensation for acquisition of property—constitutional safety net Part VIB—Enforcement Division 1—Civil penalties Civil penalty provisions Division 2—Enforceable undertakings Enforceable undertakings Division 3—Injunctions Establishment and membership Leave of absence Removal and resignation of members Disclosure of interests of members Meetings of Advisory Committee Travel allowance Obligations of confidence to which Part applies Application of Part Effect of Part on other laws Extension of certain obligations of confidence Relief for breach etc.

Jurisdiction of courts Division 1—Preliminary Object of this Part Constitutional basis of this Part COVID app data on communication devices Extended geographical jurisdiction for offences COVID app data not to be retained Deletion of registration data on request Deletion of data received in error Division 4—Application of general privacy measures COVID app data is taken to be personal information Breach of requirement is an interference with privacy Breach of requirement may be treated as an eligible data breach Commissioner may share information with State or Territory privacy authorities Application to State or Territory health authorities Agencies may be determined to be data store administrator Reports by the Commissioner Operation of other laws Part IX—Miscellaneous Medical research guidelines Guidelines for Australian Privacy Principles about health information Guidelines for Australian Privacy Principles about genetic information..

Requirements for Commonwealth contracts Disclosure of certain provisions of Commonwealth contracts Review by the Administrative Appeals Tribunal Treatment of partnerships Treatment of unincorporated associations Treatment of trusts Conduct of directors, employees and agents Schedule 1—Australian Privacy Principles Overview of the Australian Privacy Principles Part 1—Consideration of personal information privacy Australian Privacy Principle 1—open and transparent management of personal information Australian Privacy Principle 2—anonymity and pseudonymity Part 2—Collection of personal information Australian Privacy Principle 3—collection of solicited personal information Australian Privacy Principle 4—dealing with unsolicited personal information Australian Privacy Principle 5—notification of the collection of personal information Part 3—Dealing with personal information Australian Privacy Principle 6—use or disclosure of personal information Australian Privacy Principle 7—direct marketing Australian Privacy Principle 9—adoption, use or disclosure of government related identifiers Part 4—Integrity of personal information Australian Privacy Principle 10—quality of personal information..

Australian Privacy Principle 11—security of personal information Part 5—Access to, and correction of, personal information Australian Privacy Principle 12—access to personal information Australian Privacy Principle 13—correction of personal information Endnotes Endnote 1—About the endnotes Endnote 2—Abbreviation key Endnote 3—Legislation history Endnote 4—Amendment history An Act to make provision to protect the privacy of individuals, and for related purposes.

AND WHEREAS, by that Covenant, Australia has undertaken to adopt such legislative measures as may be necessary to give effect to the right of persons not to be subjected to arbitrary or unlawful interference with their privacy, family, home or correspondence:. AND WHEREAS the Council of that Organisation has recommended that member countries take into account in their domestic legislation the principles concerning the protection of privacy and individual liberties set forth in Guidelines annexed to the recommendation:.

Part I — Preliminary. This Act may be cited as the Privacy Act This Act commences on a day to be fixed by Proclamation. It is the intention of the Parliament that this Act is not to affect the operation of a law of a State or of a Territory that makes provision with respect to the collection, holding, use, correction or disclosure of personal information including such a law relating to credit reporting or the use of information held in connection with credit reporting and is capable of operating concurrently with this Act.

Note: Such a law can have effect for the purposes of the provisions of the Australian Privacy Principles that regulate the handling of personal information by organisations by reference to the effect of other laws. Chapter 2 of the Criminal Code except Part 2. Note: Chapter 2 of the Criminal Code sets out the general principles of criminal responsibility.

This Act extends to all external Territories. Note: The act or practice overseas will not breach an Australian Privacy Principle or a registered APP code if the act or practice is required by an applicable foreign law see sections 6A and 6B.

Power to deal with complaints about overseas acts and practices. Note: This lets the Commissioner take action overseas to investigate complaints and lets the ancillary provisions of Part V operate in that context. Part II — Interpretation. Division 1 — General definitions. APP code has the meaning given by section 26C. APP code developer means:. APP complaint means a complaint about an act or practice that, if established, would be an interference with the privacy of an individual because it breached an Australian Privacy Principle.

APP entity means an agency or organisation. Australian law means:. Australian link has the meaning given by subsections 5B 2 and 3. Australian Privacy Principle has the meaning given by section Bankruptcy Act means the Bankruptcy Act Codes Register has the meaning given by subsection 26U 1.

Commissioner means the Information Commissioner within the meaning of the Australian Information Commissioner Act Commission of inquiry means:. Commonwealth contract means a contract, to which the Commonwealth or an agency is or was a party, under which services are to be, or were to be, provided to an agency.

Note: See also subsection 9 about provision of services to an agency. Commonwealth enactment means:. Commonwealth officer means a person who holds office under, or is employed by, the Commonwealth, and includes:. Commonwealth record has the same meaning as in the Archives Act COVIDSafe means an app that is made available or has been made available including before the commencement of this Part , by or on behalf of the Commonwealth, for the purpose of facilitating contact tracing.

CP derived information about an individual means any personal information other than sensitive information about the individual:. CRB derived information about an individual means any personal information other than sensitive information about the individual:. CR code has the meaning given by section 26N. CR code developer means:.

Defence Department means the Department of State that deals with defence and that is administered by the Minister administering section 1 of the Defence Act Department means an Agency within the meaning of the Public Service Act Examples of personal information relating to the employment of the employee are health information about the employee and personal information about all or any of the following:.

Federal Court means the Federal Court of Australia. Note: For ancillary offences, see section Health Department means the Department administered by the Health Minister. Note: See section 10 for when an agency is taken to hold a record.

Immigration Department means the Department administered by the Minister administering the Migration Act Norfolk Island agency means:. Norfolk Island enactment means:. Ombudsman means the Commonwealth Ombudsman. State contract means a contract, to which a State or Territory or State or Territory authority is or was a party, under which services are to be, or were to be, provided to a State or Territory authority. Note: See also subsection 9 about provision of services to a State or Territory authority.

State or Territory authority has the meaning given by section 6C. State or Territory health authority means the State or Territory authority responsible for the administration of health services in a State or Territory.

State or Territory privacy authority means a State or Territory authority that has functions to protect the privacy of individuals whether or not the authority has other functions.

No breach—disclosure to the National Archives of Australia. For the purposes of this Act, an act or practice breaches the registered CR code if, and only if, it is contrary to, or inconsistent with, the code. Note 1: Under section LA of the Telecommunications Interception and Access Act , service providers are, in relation to their activities relating to retained data, treated as organisations for the purposes of this Act.

Note: 2: Regulations may prescribe an instrumentality by reference to one or more classes of instrumentality. See subsection 13 3 of the Legislation Act Example: Regulations may prescribe an instrumentality of a State or Territory that is an incorporated company, society or association and therefore not a State or Territory authority. Legal person treated as different organisations in different capacities.

In each of those capacities, the person is taken to be a different organisation. Example: In addition to his or her personal capacity, an individual may be the trustee of one or more trusts. In his or her personal capacity, he or she is one organisation. As trustee of each trust, he or she is a different organisation. State or Territory authority means:. Making regulations to stop instrumentalities being organisations.

State does not include the Australian Capital Territory or the Northern Territory despite subsection 6 1. Private affairs of small business operators who are individuals. What is the annual turnover of a business for a financial year? Note: The annual turnover for a financial year of a business carried on by an entity that does not carry on another business will often be similar to the total of the instalment income the entity notifies to the Commissioner of Taxation for the 4 quarters in the year or for the year, if the entity pays tax in annual instalments.

Note: The regulations may prescribe different modifications of the Act for different small business operators. See subsection 33 3A of the Acts Interpretation Act Small business operator that is a protected action ballot agent under the Fair Work Act Small business operator that is an association of employees that is registered or recognised under the Fair Work Registered Organisations Act Small business operator that is accredited for the consumer data right regime.

Regulations treating a small business operator as an organisation. Note 1: The regulations may prescribe different modifications of the Act for different small business operators. Note 2: Regulations may prescribe a small business operator by reference to one or more classes of small business operator. Regulations treating a small business operator as an organisation for particular acts or practices.

Note 1: The regulations may prescribe different modifications of the Act for different acts, practices or small business operators. Note 2: Regulations may prescribe an act, practice or small business operator by reference to one or more classes of acts, practices or small business operators. Note: A small business operator may revoke such a choice by writing given to the Commissioner. See subsection 33 3 of the Acts Interpretation Act However, the Commissioner must not make available to the public in the register information other than that described in subsection 3.

Regulations treating a State instrumentality etc. Note 1: The regulations may prescribe different modifications of the Act for different authorities or instrumentalities. Note 2: Regulations may prescribe an authority or instrumentality by reference to one or more classes of authority or instrumentality. Making regulations to treat instrumentality etc.

The following information is health information :. Division 2 — Key definitions relating to credit reporting. Subdivision A — Credit provider. Subdivision B — Other definitions. Credit information about an individual is personal information other than sensitive information that is:. Division 3 — Other matters. A Schedule 1;. B Division 1 of Part I of Schedule 2;. Regulations for this purpose may prescribe an agency only if it is specified in Part I of Schedule 2 to the Freedom of Information Act Note: This puts the organisation in the same position as a small business operator as far as its activities that are not for the purposes of a Commonwealth contract are concerned, so the organisation need not comply with the Australian Privacy Principles, or a registered APP code that binds the organisation, in relation to those activities.

Subcontractors for organisations covered by subsection 1 etc. Effect of subsection 4 on other operation of Act. Meaning of electoral law and Parliament. Note: To avoid doubt, this section does not make exempt for the purposes of paragraph 7 1 ee an act or practice of the political representative, contractor, subcontractor or volunteer for a registered political party involving the use or disclosure by way of sale or otherwise of personal information in a way not covered by subsection 1 , 2 , 3 or 4 as appropriate.

The rest of this Act operates normally in relation to that act or practice. Where, but for this section, a provision of this Act:. Note: Subsection 27 4 applies in relation to an investigation of an act or practice referred to in subsection 29 1 of the Healthcare Identifiers Act Part III — Information privacy.

Division 1 — Interferences with privacy. Note: Other Acts may provide that an act or practice is an interference with the privacy of an individual.

Acts or practices that are not interferences with privacy. Note: Subsection 1 lets related bodies corporate share personal information. However, in using or holding the information, they must comply with the Australian Privacy Principles and a registered APP code that binds them. For example, there is an interference with privacy if:. Note: Subsection 1 lets personal information be passed on from an old to a new partnership. Sections 13B, 13C and 13D do not prevent an act or practice of an organisation from being an interference with the privacy of an individual under subsection 13 2 , 4 or 5.

An act or practice that is not covered by section 13 is not an interference with the privacy of an individual. An entity contravenes this subsection if:. Division 2 — Australian Privacy Principles. Nothing in the Australian Privacy Principles applies to:. The collection, use or disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim.

The collection, use or disclosure is reasonably necessary for the purposes of a confidential alternative dispute resolution process. The entity reasonably believes that the collection, use or disclosure is necessary for any of the following occurring outside Australia and the external Territories:. Division 4 — Tax file number information. The Commissioner must, by legislative instrument, issue rules concerning the collection, storage, use and security of tax file number information.

A file number recipient shall not do an act, or engage in a practice, that breaches a rule issued under section Division 1 — Introduction. In general, this Part deals with the privacy of information relating to credit reporting.

Divisions 2 and 3 contain rules that apply to credit reporting bodies and credit providers in relation to their handling of information relating to credit reporting. Division 4 contains rules that apply to affected information recipients in relation to their handling of their regulated information. Division 5 deals with complaints to credit reporting bodies or credit providers about acts or practices that may be a breach of certain provisions of this Part or the registered CR code.

Division 6 deals with entities that obtain credit reporting information or credit eligibility information by false pretence, or when they are not authorised to do so under this Part. Division 7 provides for compensation orders, and other orders, to be made by the Federal Court or Federal Circuit Court. The " Overview of the Privacy Act of , Edition " is a comprehensive treatise of existing Privacy Act case law. Any questions regarding the Overview may be directed to the Office of Privacy and Civil Liberties staff.

Was this page helpful? Yes No.