The Privacy Act

The Privacy Act 1988 was introduced to promote and protect the privacy of individuals and to regulate how Australian Government agencies and organisations with an annual turnover of more than $3 million, and some other organisations, handle personal information.

The Privacy Act includes 13 Australian Privacy Principles (APPs), which apply to some private sector organisations, as well as most Australian Government agencies. Such organisations and agencies are collectively known as ‘APP entities’. The Privacy Act also regulates the privacy component of the consumer credit reporting system, tax file numbers, and health and medical research.

History of the Privacy Act

Changes to the Privacy Act 1988 since it began, in brief

Rights and responsibilities

Who has rights under the Privacy Act and which organisations and agencies the Privacy Act covers

The Australian Government is conducting a review of the Privacy Act, see our submissions to the review (Privacy Act Review Issues Paper submission and Privacy Act Review Discussion Paper submission) and our Research publications on the Privacy Act.

Audits and investigations

Commissioner-initiated investigations

Why we open a Commissioner-initiated investigation and our current investigations

Privacy assessment powers

We audit privacy practices of APP entities to help ensure personal information is protected

Associated codes, regulations, rules and guidelines

Credit reporting

Consumer credit reporting under the Privacy Act, which is supported by a regulation and code

Health and medical research

When a health service provider can use or disclose genetic information, and when health and medical research can use personal information

Privacy regulations

Regulations issued under the Privacy Act

Rules and guidelines

Legally binding rules and guidelines we've made or approved under the Privacy Act

Tax file numbers

Privacy (Tax File Number) Rule 2015 and other obligations