State and territory privacy law

The Office of the Australian Information Commissioner (OAIC) mainly deals with issues that are covered by the Privacy Act 1988. That Act regulates the handling of personal information by Australian and Norfolk Island Government agencies, and some private sector organisations.

For information on privacy regulation in the States and Territories, please refer to the appropriate links below. You may contact the OAIC Enquiries line if you have further questions about what aspects of privacy are dealt with by the OAIC.

Australian Capital Territory

The Information Privacy Act 2014 (ACT) (which commenced on 1 September 2014) regulates how personal information (except for health records) is handled by ACT public sector agencies. For more detailed information see Australian Capital Territory Privacy

New South Wales

The NSW Information and Privacy Commission undertakes the privacy functions conferred by the Privacy and Personal Information Protection Act 1998 (NSW) and Health Records and Information Privacy Act 2002 (NSW).

Northern Territory

The Office of the Information Commissioner for the Northern Territory is the independent statutory body responsible for overseeing the freedom of information and privacy provisions of the Information Act 2002 (NT).


The Queensland Office of the Information Commissioner was initially established under the repealed Freedom of Information Act 1992 (Qld), and it continues under the Right to Information Act 2009 (Qld) (RTI Act) and Information Privacy Act 2009 (Qld) (IP Act). The Information Commissioner is supported by two other statutory office holders appointed by the Governor-in-Council: the Right to Information Commissioner and Privacy Commissioner.

South Australia

South Australia has issued an administrative instruction requiring its government agencies to generally comply with a set of Information Privacy Principles and has established a privacy committee.


The Tasmanian Ombudsman may receive and investigate complaints in relation to the Personal Information and Protection Act 2004 (Tas). This legislation applies to the public and local government sectors and the University of Tasmania.


The Office of the Victorian Privacy Commissioner is an independent statutory office created by the Information Privacy Act 2000 (Vic). This legislation covers the handling of all personal information, other than health information, in the public sector in Victoria.

Western Australia

The state public sector in Western Australia does not currently have a legislative privacy regime. Various confidentiality provisions cover government agencies and some of the privacy principles are provided for in the Freedom of Information Act 1992 (WA).

Share this page

Protecting information rights — advancing information policy