What is Privacy Act (Australia)?

The Privacy Act 1988 is Australia's principal privacy law, governing the handling of personal information by Australian Government agencies, private sector organizations with annual turnover greater than 3 million AUD, and certain other organizations. The Act was significantly amended in 2014 to introduce the Australian Privacy Principles (APPs), which replaced the earlier National Privacy Principles and Information Privacy Principles.

The thirteen APPs cover the entire lifecycle of personal information: open and transparent management, anonymity and pseudonymity, collection of solicited personal information, dealing with unsolicited personal information, notification of collection, use or disclosure, direct marketing, cross-border disclosure, adoption use or disclosure of government identifiers, quality of personal information, security of personal information, access to personal information, and correction of personal information. "Sensitive information" including health information, biometric data, and racial or ethnic origin receives heightened protection.

The Office of the Australian Information Commissioner (OAIC) oversees compliance and can accept enforceable undertakings, make determinations, and seek civil penalties through the courts. The Australian Government has been pursuing significant reforms to the Privacy Act based on the 2022 Privacy Act Review report, with proposals including a direct right of action for individuals, a children's privacy code, and enhanced enforcement powers. IQWorks helps organizations comply with the APPs through ComplyIQ for regulatory tracking and ClassifyIQ for identifying sensitive information categories.