The Australian privacy Act 1988
The Privacy Act 1988 is the principal piece of Australian legislation protecting the handling of personal information about individuals. This Act of 1988 (Cth) is the primary piece of legislation that sets out the rules for how personal information can be collected, used, and disclosed by organizations, including government agencies.
The key aspect of the Australian privacy Act is that personal information is collected only for legal purposes.
This Australian act gives you the rights over your personal information. This law states how and what information we collect, and WHY we collect personal information!
Who must comply with the Privacy Act of 1988?
The Australian Privacy Act, in 1988, was originally enacted due to concerns about records being made available to unauthorized persons. The law underwent several changes in 2000, in 2014 and in 2022. This is how the act evolved. Today, the law covers any business that has an annual turnover of more than $3 million. And refers to businesses located in Australia as well as those located outside the country but have relations with Australian nationals.
Does your business need to comply with the Australian privacy act?
Privacy checklist for businesses that need to comply with the act:
- a health service provider
- if your business trades in personal information
- if your business is a contractor that provides services under a Commonwealth contract
- a business that is an operator of a residential tenancy database
- a credit reporting body
- if you are a reporting entity for the purposes of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006
- employee associations registered or recognized under the Fair Work (Registered Organizations) Act 2009
- a business that conducts protection action ballots
- a business accredited under the Consumer Data Right system
- related to a business the Privacy Act covers
- if the Privacy Regulation 2013 prescribes your business or a business that has opted in to be covered by the Privacy Act
But there are exceptions that companies, even if they do not meet the standard, may fall into the duties of the Australian Privacy Act. Such a case is in the following situations:
- Personal collected information that is revealed for the sake of service or benefit
- Giving an email address to activate the account of mobile applications
- Health service providers, and similar specialized institutions that work a large amount of sensitive data
The 2022 amendments to the law have increased the possibility of fines, expanded the reach as well as increased enforcement powers of the authorities and regulators.
Privacy Act 1988 protects the personal data regardless of the age
Personal data is protected by the Privacy Act of 1988, regardless of the age of the individual. The law does not set the age at which an individual can make their own privacy decisions. The only requirement is that the individual can consent.
Anyone who must comply with the Australian data protection law must adhere to the 13 privacy principles in it.
13 Australian Privacy Act principles
Make sure you consider these principles if you have part of your business in Australia. Let’s look at them:
- Be open and transparent
- Provide an anonymous or pseudo-anonymous option
- Know how to handle personal information
- Design an unsolicited personal information policy
- Keep users informed
- Address how to use or disclose personal information
- Do not disclose for direct marketing purposes
- Follow principles always, even when dealing outside Australia
- Limit government related identifiers
- Keep personal information up to date
- Maintain security precautions
- Allow individuals access to their own information
- Maintain a process for correcting personal information
What does the Privacy Act 1988 not include?
The Privacy Act applies only to information about individuals, not to information about corporate entities such as businesses, firms, or trusts.
Compliance with this law is mandatory for all businesses that handle personal information. And it is about protecting individuals, not corporate entities.