How do I comply?
If your business is covered by the Privacy Act, you need to comply with the National Privacy Principles or ‘NPPs'. The NPPs are 10 rules that set out how businesses may collect, use, store and disclose personal information. They also give your customers a right to access the information you hold about them and correct it if it's wrong.
If your business is a health service provider, there are a few additional requirements you need to know about. Visit our health service providers page.
Similarly, credit providers and credit reporters are covered by some additional rules. Visit our credit reporting page to find out more.
We provide plenty of guidance material to help you comply with the NPPs:
- Want to know exactly what the NPPs are and how to comply with them? Take a look at our Guidelines to the National Privacy Principles. They contain the NPPs in full and a useful explanation of each one.
- Is there a particular area of the NPPs that you want more detail on? See if our private sector information sheets deal with your issue.
- Want some general tips on good privacy practice and how to comply with the Privacy Act. Take a look at 10 steps to protecting other people's personal information.
- See how the Privacy Act is applied in practice. Read our complaint case notes.
- Still got questions? Chances are someone's asked them before. Take a look at our frequently asked questions for business.
Other places to go...
- Planning a project or initiative that involves handling of personal information. You may want to do a privacy impact assessment. Developed for government agencies, our Privacy Impact Assessment Guide may also be useful for your business to help you identify and address privacy impacts.
- If your business sustains a data breach, you should take steps to mitigate risks to people's personal information. Check out our Data breach notification: Guide to handling personal information security breaches.