Site Changes

On 1 November 2010 the Office of the Privacy Commissioner was integrated into the Office of the Australian Information Commissioner and a new website established at www.oaic.gov.au.

Note 1: Major changes to the Privacy Act 1988 will come into effect in March 2014. Agencies, businesses and not for profits need to start preparing for these changes. For more information go to our privacy law reform page at www.oaic.gov.au
Note 2: From 12 March 2013 content is no longer being added to, or amended, on this site, consequently some information may be out of date. For new privacy content visit the www.oaic.gov.au website.

How does the Privacy Act apply to commercial electronic messages and spam?

The Privacy Act only applies to some commercial electronic messages. This will depend on:

whether the sender is covered by the Privacy Act
whether personal information is used to send the message.

Remember, In general, businesses and other organisations, including government bodies, must comply with the Spam Act, even if they are not covered by the Privacy Act.

Is the sender covered by the Privacy Act?

The Privacy Act applies to organisations that:

are based in Australia, and
have an annual turnover of more than $3 million or
are private sector health service providers, such as a GP, private hospital or clinic or
are particular types of smaller businesses specified in the Act (for example, if the business trades in personal information).

To find out more about which organisations are covered by the Privacy Act, go to www.privacy.gov.au/materials/types/infosheets/view/6544.

Is the sender using personal information?

The Privacy Act only applies to 'personal information' - in other words, information that can identify you. Some kinds of information, such as your email address or mobile phone number, will not always be 'personal information'. This will depend on whether the organisation can work out who you are from the information it is holding about you or by linking it to other pieces of information.

Example: What is personal information?

Kristy creates a hotmail account for herself, and chooses a meaningless nickname as her username. She signs up to a fashion retailer's email newsletter, but does not give them any other information about herself. In this case, the fashion retailer has no way of linking the username to Kristy. It is not personal information.

That same username may be personal information if used differently. For example, if Kristy gives it to a company (such as her mobile phone provider), together with her name and address. In this case, the phone provider can connect the username back to Kristy by linking it with her name and address.

The application of the Privacy Act to commercial electronic messages is explained under Are all commercial electronic messages covered by the Spam Act?

More information

For more information about spam and the Privacy Act, see Information Sheet 26.
More information about spam is also available from the Australian Communications and Media Authority at www.spam.acma.gov.au, as well as from www.scamwatch.gov.au.

Back to Spam FAQs