Private Sector - Business

View printable version of this page

This section of the web site contains information relevant to organisations covered by the private sector provisions of the Privacy Act.

The private sector provisions of the Privacy Act apply to organisations (including not-for-profits) with an annual turnover of more than $3 million. The provisions also apply to all health service providers regardless of turnover and some small businesses with an annual turnover of $3 million or less.

Information for health service providers can be found in the health section of this web site.

Information for contractors to the Australian or ACT governments can be found in the Government section of this web site.

The private sector provisions of the Privacy Act centre around 10 National Privacy Principles (the NPPs) that set out how private sector organisations should collect, use, keep secure and disclose personal information. The principles give individuals a right to know what information an organisation holds about them and a right to correct that information if it is wrong.

The Privacy Commissioner has written Guidelines to the National Privacy Principles to assist organisations to meet their obligations in the handling of personal information.

A series of information sheets has also been developed and provides more detailed explanations and good practice or compliance tips on various aspects of the National Privacy Principles and the Private Sector provisions.

In addition to having to comply with the National Privacy Principles, private sector organisations have other privacy obligations including:

• Credit Reporting requirements under Part IIIA of the Privacy Act; and
• Tax file number requirements

The Privacy Act allows organisations and industries to have and to enforce their own privacy codes that continue to uphold the privacy rights of individuals while allowing some flexibility of application for organisations. Please go to the privacy codes page for further information.

As well as responding to complaints lodged with the Privacy Commissioner some organisations covered by the Privacy Act can be the subject of audit by the Office of the Privacy Commissioner. These audits relate to Credit Reporting and the handing of Tax File Numbers. As well, section 27(3) of the Privacy Act provides that any organisation covered by the Privacy Act can request the Office of the Privacy Commissioner to examine their records to ascertain that they are being maintained in accordance with the National Privacy Principles or, if relevant, a Privacy Code. For more information on Audits see: www.privacy.gov.au/act/audits/index.html.

The Office of the Privacy Commissioner has conducted research into business, community and government attitudes towards privacy. Details of this research is available in the research section of this web site.

Section 6EA of the Privacy Act allows small business operators, who would otherwise not be covered by the Act, to choose to be treated as an organisation for the purposes of the Act. See: Opting-In to Coverage by the Privacy Act.

The Telecommunications Act 1997 (Cth) contains a number of provisions dealing with the privacy of personal information held by carriers, carriage service providers and others.  Further information regarding privacy and the Telecommunications Act can be found on the Telecommunications page of this web site.

The Office has established a network or people who are interested in privacy issues. For details of what the network does and how to join go to the Privacy Connections Network page of this web site.

A number of FAQs have also been produced to provide advice to frequently asked questions about privacy from businesses or about business activities.

Back to Top