The Australian privacy Act 1988 - Actonic – Unfolding your potential
We have outsourced our Atlassian licensing and services business to the newly founded Seibert Solutions GmbH. Actonic's products will be further developed under the usual name.
Become an Atlassian Knowledge Champion

The Australian privacy Act 1988

The Privacy Act 1988 is the principal piece of Australian legislation protecting the handling of personal information about individuals. This Act of 1988 (Cth) is the primary piece of legislation that sets out the rules for how personal information can be collected, used, and disclosed by organizations, including government agencies.

The key aspect of the Australian privacy Act is that personal information is collected only for legal purposes.

This Australian act gives you the rights over your personal information. This law states how and what information we collect, and WHY we collect personal information!

Who must comply with the Privacy Act of 1988?

The Australian Privacy Act, in 1988, was originally enacted due to concerns about records being made available to unauthorized persons. The law underwent several changes in 2000, in 2014 and in 2022. This is how the act evolved. Today, the law covers any business that has an annual turnover of more than $3 million. And refers to businesses located in Australia as well as those located outside the country but have relations with Australian nationals.

Does your business need to comply with the Australian privacy act?

Privacy checklist for businesses that need to comply with the act:

  • a health service provider
  • if your business trades in personal information
  • if your business is a contractor that provides services under a Commonwealth contract
  • a business that is an operator of a residential tenancy database
  • a credit reporting body
  • if you are a reporting entity for the purposes of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006
  • employee associations registered or recognized under the Fair Work (Registered Organizations) Act 2009
  • a business that conducts protection action ballots
  • a business accredited under the Consumer Data Right system
  • related to a business the Privacy Act covers
  • if the Privacy Regulation 2013 prescribes your business or a business that has opted in to be covered by the Privacy Act


But there are exceptions that companies, even if they do not meet the standard, may fall into the duties of the Australian Privacy Act. Such a case is in the following situations:

  • Personal collected information that is revealed for the sake of service or benefit
  • Giving an email address to activate the account of mobile applications
  • Health service providers, and similar specialized institutions that work a large amount of sensitive data

The 2022 amendments to the law have increased the possibility of fines, expanded the reach as well as increased enforcement powers of the authorities and regulators.

Privacy Act 1988 protects the personal data regardless of the age

Personal data is protected by the Privacy Act of 1988, regardless of the age of the individual. The law does not set the age at which an individual can make their own privacy decisions. The only requirement is that the individual can consent.

Anyone who must comply with the Australian data protection law must adhere to the 13 privacy principles in it.

13 Australian Privacy Act principles

Make sure you consider these principles if you have part of your business in Australia. Let’s look at them:


  1. Be open and transparent
  2. Provide an anonymous or pseudo-anonymous option
  3. Know how to handle personal information
  4. Design an unsolicited personal information policy
  5. Keep users informed
  6. Address how to use or disclose personal information
  7. Do not disclose for direct marketing purposes
  8. Follow principles always, even when dealing outside Australia
  9. Limit government related identifiers
  10. Keep personal information up to date
  11. Maintain security precautions
  12. Allow individuals access to their own information
  13. Maintain a process for correcting personal information


What does the Privacy Act 1988 not include?

The Privacy Act applies only to information about individuals, not to information about corporate entities such as businesses, firms, or trusts.

Bottom line:

Compliance with this law is mandatory for all businesses that handle personal information. And it is about protecting individuals, not corporate entities.


Therefore, if you fall into one of the two listed categories, make sure that you comply with Australia’s privacy law. Minimize data collection, create secure protocols, and maintain a detailed and accurate privacy policy. 

Discover our Apps for Jira and Confluence