The Privacy Act 1988 (Privacy Act) gives the Australian Information Commissioner (Information Commissioner) the power to regulate the way that Australian, ACT and Norfolk Island government agencies and many private sector organisations collect, use, disclose and secure personal information. These powers are generally exercised by the Australian Privacy Commissioner.
One of the Office of the Australian Information Commissioner’s (OAIC) key roles is to investigate complaints made by individuals, where it is alleged that an Australian, ACT or Norfolk Island government agency or a private sector organisation has breached the Privacy Act. More on complaints can be found in the Privacy complaints section of this site.
Public interest determinations
The Information Commissioner has the power to issue Public interest determinations. A Public interest determination declares that a particular act or practice of an Australian or ACT Government agency or a private sector organisation, which may constitute a breach of an Information Privacy Principle, a National Privacy Principle or an approved privacy code, shall be regarded as not breaching that principle or approved code for the purposes of the Privacy Act. Public Interest Determinations are only issued in cases where the public interest in the act or practice being undertaken substantially outweighs the public interest in maintaining privacy protections.
For further information, see the Public Interest Determinations Register.
The Privacy Act allows organisations and industries to develop and enforce their own privacy codes. This allows for some flexibility in how organisations or industries approach their privacy obligations, while ensuring that minimum enforceable standards apply to the protection of personal information.
For further information, see the Privacy Codes Register.
Privacy Opt-in Register
The Privacy Act allows small business operators, who would otherwise not be covered by the Privacy Act, to choose to be treated as an organisation for the purposes of the Act and therefore subject to the National Privacy Principles. For more information about how to opt-in, the opt-in form and how to opt-out in see the Privacy opt-in register.
Privacy guidelines and rules
The OAIC issues guidelines to assist agencies and organisations to comply with the Privacy Act. These guidelines contain detailed information about particular aspects of the Privacy Act. Some guidelines are binding legislative instruments, such as the Tax File Number Guidelines, which agencies and organisations must comply with.
Privacy complaint determinations
The Information Commissioner can make a determination on a privacy complaint where conciliation has not resolved the matter. Complaint determinations also provide useful guidance about the application of the Privacy Act.
For further information, see the Privacy complaint determinations page.
The Information Commissioner has powers under the Privacy Act to audit Australian and ACT government agencies, and in some cases private sector organisations. The audit is a key method for determining the extent of compliance with the Privacy Act. The audit function promote good privacy practice amongst agencies and organisations that are subject to the Privacy Act.
For further information, see the Privacy audits page.
Privacy own motion investigations
The Information Commissioner has the power to investigate an agency or organisation that is covered by the Privacy Act on his own motion, that is, without someone making a complaint. For example, if the media reports a serious breach of privacy, the OAIC may take action and investigate before a complaint is made. The results of these investigations are published in Privacy own motion investigation reports.
Privacy case notes
The OAIC produces case notes, which are summaries of privacy complaint and own motion investigations. They are selected on the basis that they involve the interpretation of the Privacy Act or associated legislation in new circumstances, illustrate systemic issues, or illustrate the application of the law to a particular industry or subject area.
For further information, see the Privacy case notes page.