The Privacy Act 1988 (Privacy Act) is an Australian law which regulates the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information. The Privacy Act includes:.
- 11 Information Privacy Principles that apply to the handling of personal information by most Australian, ACT and Norfolk Island public sector agencies
- ten National Privacy Principles that apply to the handling of personal information by large businesses, all health service providers and some small businesses and non-government organisations
- credit reporting provisions that apply to the handling of credit reports and other credit worthiness information about individuals by credit reporting agencies, credit providers and some third parties.
The Privacy Act also:
- regulates the collection, storage, use, disclosure, security and disposal of individuals' tax file numbers
- permits the handling of health information for health and medical research purposes in certain circumstances, where researchers are unable to seek individuals' consent
- allows organisations to have and to enforce their own privacy codes. It also permits small business operators, who would otherwise not be subject to the National Privacy Principles, to opt-in to being covered by the Privacy Act. More information on codes and opting-in is available on the privacy registers page
- has two sets of privacy regulations which generally relate to:
- the application of the National Privacy Principles to specific entities
- the authorised disclosure of personal information during emergencies.