Site Changes

On 1 November 2010 the Office of the Privacy Commissioner was integrated into the Office of the Australian Information Commissioner and a new website established at www.oaic.gov.au.

Note 1: Major changes to the Privacy Act 1988 will come into effect in March 2014. Agencies, businesses and not for profits need to start preparing for these changes. For more information go to our privacy law reform page at www.oaic.gov.au
Note 2: From 12 March 2013 content is no longer being added to, or amended, on this site, consequently some information may be out of date. For new privacy content visit the www.oaic.gov.au website.

Answer 8 (no)

Question 8:

Is your complaint about:

a private health service provider; or
a private organisation with an annual turnover greater than $3 million; or
a credit provider or credit reporting agency?

Your answer: No

Sorry, it is unlikely that the Commissioner can investigate your complaint, though there are some exceptions.

However, if you are unsure of your answer ie: you do not know if the annual turnover of a private organisation is greater than $3 million, please contact our Hotline on 1300 363 992 for assistance.

The Commissioner may be able to investigate if:

the respondent trades in personal information

Trading in personal information happens when businesses collect or disclose your personal information for a benefit, service or advantage. For example, they buy or sell a list of personal information for income, concessions or some other return. However, the Privacy Act does not apply where the trading happens with your consent or is authorised or required by law (Sections of the Privacy Act to read: 6D(4)(c) & (d) and 6D (7) & (8)).

the respondent is a contracted service provider or subcontractor for a federal government contract

At times federal government agencies contract out (outsource) a function that requires a small business contractor to collect and handle your personal information on behalf of the agency. However, only the acts and practices involving your personal information relating to the contract with the federal government agency are regulated by the Privacy Act (Section of the Privacy Act to read: 6D (4)(e)).

the respondent is related to a body corporate that carries on a business that is not a small business operator

If a smaller business is related to an organisation which is covered by the Privacy Act, the smaller business is required to abide by the Privacy Act due to its relationship with that organisation.

A body corporate is related (as defined in the Corporations law) to another body corporate if it is the holding company, subsidiary or subsidiary of a holding company of that body corporate.

Please note that in some circumstances businesses appear to be large organisations but are in fact numerous small businesses which are part of a franchise. In this case, the businesses are not usually related to each other (Section of the Privacy Act to read: 6D (9)).

the respondent has opted to be bound by the Privacy Act

The Privacy Act allows private sector entities that would not otherwise be regulated by the Privacy Act to choose to be bound by it to show their commitment to privacy. The register of businesses that have opted to be bound by the National Privacy Principles can be found on our website. (Section of the Privacy Act to read: 6EA)

the respondent is a member of an Approved Code and the Commissioner is nominated as the Code Adjudicator

The Register of Approved Privacy Codes provides details about Approved Codes and their Code Adjudicators (Section of the Privacy Act to read: 18BG).

Disclaimer

Click here to return to the start of the ComplaintChecker

Click here to return to Question 8