The Privacy Act gives you rights in relation to the way your personal information is handled by many private sector organisations, including all large organisations and private health service providers, and some small businesses. 

In the private sector, your privacy rights are protected by ten National Privacy Principles (or 'NPPs') which are contained in the Privacy Act. 

These principles set out the rules organisations and small businesses must observe when collecting, storing, using, disclosing and transferring personal information about you.  There are also principles about your rights of access and correction, the quality of the information and your right to be anonymous in particular circumstances.

Which businesses are covered by the Privacy Act?

Most private sector organisations are covered by the Privacy Act, unless they are a small business.

Generally, small businesses (businesses with an annual turnover of $3 million or less) are not covered by the Privacy Act, but there are some exceptions to this rule. For example, all health service providers are covered by the Privacy Act, regardless of their annual turnover.

For more information on coverage of, and exemptions to, the Privacy Act, see our Complaints section.

What do businesses that are covered by the Privacy Act have to do?

Businesses covered by the Privacy Act have to comply with the National Privacy Principles in the Privacy Act. Generally, this means they have to make sure you understand:

• the purpose for which they are collecting your personal information
• how they are going to use it
• who they are going to give it to
• how you can access and correct the information they hold about you.

They must also make sure that they collect your personal information in a fair and lawful way, and that the personal information they hold on you is accurate, up-to-date and secure.

How do the National Privacy Principles help me?

The National Privacy Principles give you more control over what happens to your personal information. You can:

• know why your personal information is being collected and how it will be used
• ask for access to your records, including your health information
• take up opportunities to stop receiving direct marketing material
• correct inaccurate information about you
• know which organisations will be given your personal information
• ensure organisations only use your information for purposes they have told you about
• find out what information an organisation holds on you and how they manage it.

Credit Providers and Credit Reporting Agencies

Credit providers, like banks and building societies, provide reports about people's bad debts and credit applications to central databases managed by credit reporting agencies.

Part IIIA of the Privacy Act deals with credit reporting and sets out rules about what information credit providers can report and who the credit reporting agency can give that information to.

For more information about Part IIIA, see Credit reporting. Or for general information about banking, credit reporting and privacy, see Credit and finance.

Other places to go

• Plain English summary of the National Privacy Principles: Want a snapshot of the NPPs with links to more detailed guidance? Follow this link...
• My Privacy My Choice: This pamphlet tells you about your privacy rights under the NPPs.
• My health information: Find out about how the Privacy Act protects your health information.
• Privacy codes: Some business sectors have developed a privacy code. Find out more...
• Opting in to the Privacy Act: Some businesses (that are not already covered by the Act) have voluntarily 'opted in' to coverage by the Privacy Act. Find out more...
• Complaints: Find out more about making a privacy complaint.