THE OFFICE OF THE PRIVACY COMMISSIONER
Spacer GifHOME > Federal Privacy Law Spacer Gif Spacer Gif Spacer Gif Spacer Gif
Spacer Gif
Spacer Gif Federal Privacy Law
Spacer Gif Bullet Privacy Act
Spacer Gif Bullet Privacy Act Regulations
Spacer Gif Bullet Public Interest Determinations
Spacer Gif Bullet Guidelines
Spacer Gif Bullet Complaint Case Notes & Determinations
Spacer Gif Bullet Audits
Spacer Gif Bullet Information Privacy Principles
Spacer Gif Bullet National Privacy Principles
Spacer Gif Bullet Private Sector Codes and Opt-in Registers
Spacer Gif Bullet Credit Reporting
Spacer Gif Bullet Health
Spacer Gif Bullet Telecommunications
Spacer Gif Bullet Tax File Numbers
Spacer Gif Bullet Spent Convictions
Spacer Gif Bullet Data-matching
Spacer Gif Bullet Privacy Advisory Committee
Spacer Gif Bullet Private Sector Review 2005
Spacer Gif Bullet ALRC Privacy Inquiry 2006 - 08
Spacer Gif Bullet Privacy Law History
Spacer Gif SPECIFIC PRIVACY
INFORMATION FOR:
Spacer Gif > Individuals
Spacer Gif > Business
Spacer Gif > Health
Spacer Gif > Government
Horizontal Rule
Spacer Gif > Federal Privacy Law
Spacer Gif > About the Office
Spacer Gif > Frequently Asked Questions
Spacer Gif > IT and Internet Issues
Spacer Gif > Media and Speeches
Spacer Gif > Publications
Spacer Gif > Privacy Links
Spacer Gif > International
Spacer Gif > Contact us

Spacer Gif

Federal Privacy Law

View printable version of this page

This page consolidates the legislation, regulations, codes, determinations and guidelines which affect private sector business, health service providers and Australian and ACT government agencies.

The federal Privacy Act contains eleven Information Privacy Principles (IPPs) which apply to Australian and ACT government agencies. It also has ten National Privacy Principles (NPPs) which apply to parts of the private sector and all health service providers. Part IIIA of the Privacy Act regulates credit providers and credit reporting agencies. The Privacy Commissioner also has some regulatory functions under other legislation, including the Telecommunications Act 1997 (Cth), National Health Act 1953 (Cth), Data Matching Program (Assistance and Tax) Act 1990 (Cth) and the Crimes Act 1914 (Cth).

(Please note: Some States in Australia have also enacted privacy legislation. For information on these privacy regimes please visit our State Privacy Laws page.)

Private Sector Business

From 21 December 2001 the private sector amendments to the Privacy Act 1988 (Cth) (the "Act") became operative. The new provisions provide for ten National Privacy Principles (NPPs), found in Schedule 3 of the Act, which apply to the private sector.

The NPPs are in addition to existing legislation and guidelines which affect parts of the private sector. Part IIIA of the Act applies to credit providers and credit reporting agencies. The Credit Reporting Code of Conduct also applies to credit providers and credit reporting agencies. This Code was issued by the Privacy Commissioner (the "Commissioner") under section 18A of the Act in 1991 and is complementary to Part IIIA of the Act.

The Commissioner has also issued credit reporting determinations which are legislative instruments.

Three other significant areas which are monitored by the Commissioner which affect parts of the private sector are:

  • the collection, storage, use and security of personal tax file numbers by organisations that are authorised or approved to record such information under taxation, assistance agency or superannuation law;
  • the disclosure of personal information to law enforcement agencies under Part 13, Division 5 of the Telecommunications Act 1997 (Cth); and
  • the handling of personal information under the Anti-Money Laundering and Counter-Terrorism Legislation. Under s6E (1A) of the Privacy Act 1988 (Cth) certain activities of some small businesses previously exempted are brought within coverage of the Privacy Act.

The Commissioner has issued Tax File Number Guidelines pursuant to section 17 of the Act.

The private sector is also given the opportunity to create its own privacy codes which can be submitted to the Commissioner for approval. Once approved they become binding for organisations covered by the Privacy Act and who have subscribed to the code. The Code provisions and replace the NPPs.

Those private sector organisations which are not bound by the Act for various jurisdictional reasons can choose to be bound by the Act, by opting-in.

Please visit our Business section for more information on privacy regulation in respect to private sector business.

Back to Top

Health Service Providers

From 21 December 2001 the private sector amendments to the Privacy Act 1988 (Cth) became operative. The provisions provide for ten National Privacy Principles (NPPs), found in Schedule 3 of the Act, which apply to health service providers.

Since the NPPs came into effect, several public interest determinations relating to the health sector have been issued by the Commissioner.

Four other significant areas which are monitored by the Commissioner which affect parts of the health sector are in relation to:

  • the storage, use, disclosure and retention of individuals' claims information under the Pharmaceutical Benefits Scheme and the Medicare program;
  • privacy standards in the conduct of human medical research in Australia;
  • the collection, use and disclosure of personal medical information in relation to the conduct of research, compilation and analysis of statistics relevant to public health, safety or health service management activities; and
  • the collection, storage, use and security of personal tax file numbers by organisations that are authorised or approved to record such information under taxation, assistance agency or superannuation law.

Under section 135AA of the National Health Act 1953 (Cth) the Commissioner has issued the Medicare and Pharmaceutical Benefits Program Privacy Guidelines.

In addition, the Commissioner has approved guidelines issued by the NHMRC under sections 95 and 95A of the Privacy Act 1988.

The Commissioner has also issued Tax File Number Guidelines (PDF, Word) pursuant to section 17 of the Act.

Please visit our Health section for more information on privacy regulation in respect to health service providers.

Back to Top

Australian and ACT government agencies

When the Privacy Act 1988 (Cth) was first enacted it provided for eleven Information Privacy Principles (IPPs) found in section 14 of the Act. This initially applied only to Australian Government agencies, but through the passing of the Australian Capital Territory Government Service (Consequential Provisions) Act 1994 (Cth) it became applicable to ACT agencies as well.

Since the IPPs came into effect, a number of public interest determinations relating to the government sector have been issued by the Commissioner.

Three other significant areas which are monitored by the Commissioner which affect parts of the government sector are in relation to:

  • the collection, storage, use and security of personal tax file numbers by organisations that are authorised or approved to record such information under taxation, assistance agency or superannuation law;
  • data-matching programs; and
  • spent convictions

The Commissioner has issued Tax File Number Guidelines pursuant to section 17 of the Act and advisory Guidelines on the use of data matching in Commonwealth administration and Data Matching Program (Assistance and Tax) Guidelines pursuant to section 12 of the Data-Matching Program (Assistance and Tax) Act 1990 (Cth).

Additionally the Commissioner investigates breaches under Part VIIC of the Crimes Act 1914 (Cth). The Spent Convictions Scheme in Part VIIC provides protection for individuals with old minor convictions in certain circumstances.

Please visit our Government section for more information on privacy regulation in respect to Australian and ACT government agencies.

Back to Top



Spacer Gif> Privacy Policy Spacer Gif> Copyright Spacer Gif> Site map Spacer Gif> Join Email List Spacer Gif> Glossary Spacer Gif> Calendar Spacer Gif> Newsletter