CONTACT US: 
Site Changes
On 1 November 2010 the Office of the Privacy Commissioner was integrated into the Office of the Australian Information Commissioner and a new website established at www.oaic.gov.au.
- Note 1: Major changes to the Privacy Act 1988 will come into effect in March 2014. Agencies, businesses and not for profits need to start preparing for these changes. For more information go to our privacy law reform page at www.oaic.gov.au
- Note 2: From 12 March 2013 content is no longer being added to, or amended, on this site, consequently some information may be out of date. For new privacy content visit the www.oaic.gov.au website.
Sitemap
- About us
- About privacy
- Privacy law
- Materials and resources
- Complaints
- What can I complain about?
- Who can I complain about?
- Australian and ACT government agencies
- Private sector organisations
- Credit providers and credit reporting agencies
- Spent convictions
- Tax File Numbers
- Data-matching
- Privacy codes
- Businesses that have opted in to the Privacy Act
- ComplaintChecker
- Question 1
- Question 2
- Question 3
- Question 4
- Question 5
- Question 5a
- Question 6
- Question 7
- Question 8
- Answer 1 (more)
- Answer 2 (more)
- Answer 1 (no)
- Answer 2 (no)
- Answer 3 (more)
- Answer 4 (more)
- Answer 3 (no)
- Answer 4 (yes)
- Answer 5 (more)
- Answer 5a (no)
- Answer 5a (yes)
- Answer 6 (more)
- Answer 7 (more)
- Answer 6 (yes)
- Answer 7 (yes)
- Answer 8 (no)
- Answer 8 (yes)
- Complaint Checker Disclaimer
- Personal Property Securities Register
- Before you make a complaint
- How to make a complaint
- What happens to your complaint
- Possible outcomes
- Appeal rights
- Languages
- Arabic
- Arabic - Complaint form
- Arabic - Contact
- Chinese
- Chinese - Complaint form
- Chinese - Contact
- French
- French - Complaint form
- French - Contact
- German
- German - Complaint form
- German - Contact
- Greek
- Greek - Complaint form
- Greek - Contact
- Italian
- Italian - Complaint form
- Italian - Contact
- Korean
- Korean - Complaint form
- Korean - Contact
- Russian
- Russian - Complaint form
- Russian - Contact
- Serbian
- Serbian - Complaint form
- Serbian - Contact
- Spanish
- Spanish - Complaint form
- Spanish - Contact
- Thai
- Thai - Complaint form
- Thai - Contact
- Turkish
- Turkish - Complaint form
- Turkish - Contact
- Vietnamese
- Vietnamese - Complaint form
- Vietnamese - Contact
- Complaints and enquiries statistics
- Privacy topics
- FAQs
- Your Privacy Rights FAQs
- Can the names of people be mentioned in public prayers?
- Are there laws about spam?
- What is Spam?
- What can I do if I’m being threatened, harassed or defamed online?
- What can I do if someone posts information about me on a social networking site that I want removed?
- Can my doctor share my genetic information without my consent?
- I received a letter from a doctor which says I might be at risk of inheriting a genetic disease. How did the doctor get my contact details?
- What can I do to protect my privacy when using social networking sites?
- How long does my information stay on social networking sites?
- Are organisations allowed to use the personal information I post on social networking sites?
- I have a privacy-related complaint about a social networking site. Who can I complain to?
- Do I have rights under the Privacy Act when I use social networking sites?
- Where can I go for more help?
- Why do I have a listing on my credit file when I only made an enquiry with a credit provider?
- How does the Privacy Act apply to commercial electronic messages and spam?
- Can a business send me commercial electronic messages without my consent?
- Can private schools disclose non-education related personal information about students to their parents?
- Is ID scanning legal under the Privacy Act?
- Why are people so worried about ID scanning?
- What is ID scanning?
- Can I get access to the personal information an organisation holds about me?
- Do I always have to give my name and other personal information when I am doing business with an organisation?
- Why won`t an organisation tell me how much is owing on an account?
- Can non-custodial parents whose children attend a private school/college get access to their children`s school reports?
- Can couples get access to information about each other`s bank accounts?
- I am an individual researching my family history. Do I need to consider the Privacy Act in doing this?
- What can I do to stop a business sending me commercial electronic messages?
- Are all commercial electronic messages covered by the Spam Act?
- Are there rules about recording or monitoring my telephone conversations?
- How do I get a copy of my credit report?
- When can a default be listed on my credit file?
- Why isn`t an overdue payment removed from my credit file after I`ve paid the default?
- Why do organisations always seem to ask for my date of birth when I ring them to discuss my business?
- Can an organisation keep the personal information it has collected about me forever?
- Can parents whose children attend a private school/college still get access to their children`s school reports?
- Are private schools and colleges covered by the new private sector provisions of the Privacy Act 1988?
- What information must commercial electronic messages contain?
- Who can I complain to about receiving spam?
- How can I protect myself against spam?
- Can I get access to my referee reports?
- The Australian Bureau of Statistics (ABS) has asked me to complete a survey. Do I have to answer the questions in the survey?
- Can I authorise someone to act on my behalf when dealing with a business?
- If I think a business is scanning ID inappropriately, what can I do?
- There`s a lot of information on my ID. Is all of it allowed to be collected?
- I guess I`m comfortable showing my ID, but does it have to be scanned? Can`t it just be looked at?
- Do I have to give my ID?
- Does a business have to tell me how I can stop getting their unsolicited mail (`junk` mail) every time they contact me?
- Can I ask a business to stop sending me unsolicited mail (`junk` mail)?
- What are social networking sites?
- Are there any privacy risks associated with using social networking sites?
- What should an organisation tell me when it is collecting personal information about me?
- What organisations are covered by the Privacy Act?
- Does the Privacy Act cover health information in the Private Sector?
- I`m worried about security once my ID is scanned. What obligations do businesses have?
- I am responsible for someone who lacks capacity to make decisions. Can their doctor share their health information with me?
- How will privacy be protected on the Personal Property Securities Register?
- Business FAQs
- Can I use my customer database to send a customer a Christmas Card?
- Can personal information be collected for AML/CTF purposes from sources other than the individual concerned?
- What can Alternative Dispute Resolution Schemes use and disclose another person`s (a third party`s) information for?
- Do Alternative Dispute Resolution Schemes have to give access to any personal information they hold about an individual?
- Can Alternative Dispute Resolution Schemes collect sensitive information about another person (a third party)?
- When do Alternative Dispute Resolution Schemes have to notify other people (third parties) that they have collected their information?
- Centrelink has requested information from my organisation about an individual. Will I breach the Privacy Act if I give out this information?
- Where can I find more information about privacy for private sector organisations?
- Can an individual correct their Know Your Customer information?
- How much information can be collected for AML/CTF purposes?
- How does personal information for AML/CTF purposes need to be stored?
- What do I need to think about if I want to put photos on the web?
- I am a financial adviser (authorised representative) acting for a dealer group (`A`). I am considering transferring to another dealer group (`B`). What are the key privacy obligations towards clients to whom I provide advice?
- When is business information covered by the Privacy Act?
- How do I know if the country I am sending personal information to has privacy rules consistent with the Privacy Act?
- Can sensitive information be collected for AML/CTF purposes?
- What are my obligations in relation to providing individuals with access to information collected for AML/CTF purposes?
- What happens when personal information for AML/CTF purposes is used or disclosed?
- What happens if personal information for AML/CTF purposes changes?
- Does your business have privacy obligations in relation to AML/CTF?
- Small Business FAQs
- Can a business use the electronic white pages; or the electoral roll; or land titles information; to get information to assist with cold calling?
- Can sporting clubs disclose information about a player`s injury?
- Can a business build up personal profiles of business associates or clients as part of developing a relationship with them (for example by recording information they provide about their interests)?
- Can a business take information from public sources and use it to approach potential customers?
- I operate a small business. How do I know if I am covered by the Privacy Act?
- If a business obtains information about its customers in the course of providing them with goods and services, can it use that information for marketing purposes?
- If I am running a business as a genealogist researching other people`s family histories, do I need to comply with the Privacy Act?
- How does a prospective purchaser comply with the Privacy Act in a due diligence process?
- How does a vendor comply with the Privacy Act in a due diligence process?
- Does the Privacy Act affect due diligence if I am selling an exempt small business?
- What does it mean to get `the consent of all the individuals`?
- What does `trading in personal information` mean?
- What happens if I sell my small business including a customer database?
- What happens if I buy a small business including a customer database?
- Are sporting clubs covered by the new private sector provisions of the Privacy Act 1988?
- Can a business use random number dialling to market products?
- Government FAQs
- Do the new private sector provisions (National Privacy Principles) apply to local councils or State or Territory governments?
- Is it possible under the IPPs for my agency to contact clients to conduct market research?
- What privacy issues should supervisors in Australian and ACT government agencies take into account when providing referee reports?
- I am concerned that a Australian or ACT government agency is using my personal information incorrectly. What can I do?
- As a Australian or ACT government employee, where can I get more information about my agency`s privacy obligations?
- Can a Australian or ACT government agency disclose my personal information to my partner or another family member?
- When should an agency or Privacy Contact Officer approach the Office of the Privacy Commissioner for advice?
- Now that we have issued our IPP 2 Notice, how does this affect the way we use and disclose personal information?
- What does my agency have to make an individual aware of when collecting personal information? (`IPP 2 Notice`)
- Health FAQs
- Are counselling services offered by charitable and welfare organisations subject to the new private sector provisions of the Privacy Act 1988?
- Is a document in a patient`s record accessible by them, if it has been written by a health professional from outside your organisation and it includes a statement that it was provided to you `in confidence`?
- Can a health service provider, like a private hospital, disclose a patient`s personal information to chaplaincy, pastoral care, and similar services?
- Can a health service provider refuse to give a patient access to their medical record on the basis that it would pose a threat to someone’s life or health?
- Does my doctor always need my consent to share my health information with another health service provider for my treatment?
- I think my doctor is charging me too much to give me access to my medical records. What can I do?
- Can my health service provider waive or discount the cost of providing access if I can`t afford it?
- Who owns my medical records?
- If I am injured and unconscious, can my doctor share my health information with my loved ones?
- Can a private hospital use or disclose my health information for its own business or management purposes without my consent?
- Can I get access to my medical records?
- How should a request for access to medical records be made?
- Can an organisation charge an individual a fee for providing access to the individual`s medical records and how much should that fee be?
- How much time does an organisation have to meet a request for access to an individual`s medical record?
- Can a health service provider disclose personal health information it has collected to an accreditation agency during health service accreditation processes?
- What privacy concerns should health service providers be aware of when providing health services to individuals in places such as pharmacies or waiting rooms?
- What is an individual healthcare identifier?
- Can my health information, when held by a private sector organisation, be used without my consent for research, the collection and analysis of statistics or for health service management?
- Can my personal information, when held by a Commonwealth government agency, be used without my consent for medical research purposes?
- If an individual gives consent to medical treatment does this automatically imply consent to further use of their health information by the treating health service provider?
- Does an individual always have to give their name when seeking a service from a health service provider?
- What should a health service provider tell an individual when it collects health information from an individual?
- Who are the Guidelines on Privacy in the Private Health Sector for?
- Are there restrictions on how the Medicare number can be handled by health service providers?
- Must a health service provider give an individual access to their medical records if it contains information collected before 21 December 2001?
- How does a health service provider proceed when they have privacy obligations under the Commonwealth Privacy Act 1988, as well as under State or Territory privacy law and/or their profession`s ethical code of practice?
- What is a health service provider required to do when an individual asks for his or her medical records to be corrected?
- Is a health service provider required to give a representative of an individual access to that individual`s medical records?
- What is the relationship between a health service provider`s professional obligations of confidentiality and their obligations under the Privacy Act 1988?
- What should an organisation do with the health information it no longer uses?
- Can private sector health service providers use the Medicare number (or other Commonwealth government-assigned identifiers, such as the DVA number) for their own purposes, including for managing their clients` health records?
- Which privacy issues need to be considered when the business circumstances of a health service provider change?
- Should a health service provider retain health information about an individual who has died?
- If you are a health service provider and a patient seeks access to their record, which includes reports or letters written by other health professionals (such as specialists), do you have to give the patient access to these documents?
- Where can I get further information about healthcare identifiers?
- Why am I being issued with a healthcare identifier?
- What information will be held in the HI Service database?
- Is my IHI an electronic health record?
- Will being issued with an IHI affect how my health information is handled?
- For what purposes can my healthcare identifier be used and disclosed?
- Will my healthcare identifier be a de-facto identity number?
- Is my healthcare identifier safe?
- What do I do if I think someone has inappropriately handled my IHI?
- Do healthcare providers need my consent to collect my healthcare identifier?
- Will I still be able to access healthcare anonymously?
- Am I able to access information that the HI Service holds about me?
- How will my IHI be used in my eHealth record?
- Will an IHI affect how my health information is handled?
- What can my healthcare identifier be used and disclosed for?
- Your Privacy Rights FAQs
- News and events
Get RSS feeds