The Australian Information Commissioner has powers under the Privacy Act 1988 and other legislation to make or approve legally binding guidelines and rules. These are legislative instruments and are generally required under the Legislative Instruments Act 2003 to be registered and published on the Federal Register of Legislative Instruments and tabled in the Parliament.
To assist agencies, businesses and individuals, the Office of the Australian Information Commissioner (OAIC) also issues non-binding guidelines, which can be found on the Advisory privacy guidelines page, and resources, which can be found in the Privacy resources section.
The Guidelines under section 95 of the Privacy Act 1988 (2014) have been issued by the National Health and Medical Research Council with the approval of the Privacy Commissioner. They outline requirements for the protection of privacy in the conduct of medical research.
The Guidelines approved under Section 95A of the Privacy Act 1988 (2014) (Section 95A guidelines) provide a framework for human research ethics committees to assess proposals to handle health information (without the consent of the subject). This handling is for the purposes of research, the compilation or analysis of statistics, or health service management. The Section 95A guidelines also require that ethics committees weigh the public interest in those activities against the public interest in the protection of privacy.
Use and disclosure of genetic information to a patient's genetic relatives under s 95AA of the Privacy Act: Guidelines for health practitioners in the private sector (2014) has been issued by the National Health and Medical Research Council with the approval of the Privacy Commissioner.
The Privacy (Persons Reported as Missing) Rule 2014 is a legislative instrument made under s 16A(2) of the Privacy Act and applies for the purposes of permitted general situation 3 in the s 16A(1) table. The Rule applies from 12 March 2014.
The Personally Controlled Electronic Health Records Act 2012 (the PCEHR Act) establishes the personally controlled electronic health record (PCEHR) system. The Australian Information Commissioner (the Information Commissioner) has various enforcement and investigative powers in respect of the PCEHR system, under both the PCEHR Act and the Privacy Act 1988 (Privacy Act).