Site Changes

On 1 November 2010 the Office of the Privacy Commissioner was integrated into the Office of the Australian Information Commissioner and a new website established at www.oaic.gov.au.

Note 1: Major changes to the Privacy Act 1988 will come into effect in March 2014. Agencies, businesses and not for profits need to start preparing for these changes. For more information go to our privacy law reform page at www.oaic.gov.au
Note 2: From 12 March 2013 content is no longer being added to, or amended, on this site, consequently some information may be out of date. For new privacy content visit the www.oaic.gov.au website.

Can an organisation keep the personal information it has collected about me forever?

No. However, the Privacy Act does not set a specific time period for the destruction of personal information. The National Privacy Principles do say that organisations should take reasonable steps to destroy or permanently de-identify personal information if they no longer need it for any purpose consistent with the Principles. It is up to the organisation to decide what is reasonable in its case. For more information on this topic please go to National Privacy Principle 4 (NPP 4) and Information Sheet 6 - Security and Personal Information.

If the organisation still holds personal information about you, you will be able to get access to it in most circumstances under National Privacy Principle 6. This Principle also allows you to seek to correct personal information about you that is incorrect. More information can be found in National Privacy Principle 6 (NPP 6) and Information Sheet 4 - Access and Correction. For more information about both Security and Personal Information, and Access and Correction of Personal Information go to the Guidelines to the National Privacy Principles.

For more general information about what the Privacy Act means for you go to My Privacy, My Choice - Your New Privacy Rights.