1. Changes to the law
  2. Social media
  3. ID theft
  4. The truth about your credit report
  5. 10 top tips for privacy

On 12 March 2014, the federal Privacy Act 1988 (Privacy Act) changed. This law regulates how your personal information is handled by Australian Government agencies (not state and territory government agencies) and the private sector, including large businesses, credit bodies (like banks), not-for-profits and private health service providers.

Personal information is information or an opinion that identifies you or could identify you. Some examples are your name, address, telephone number, date of birth, medical records, bank account details and opinions about you.

There are a lot of changes to how agencies and businesses are allowed to collect, use, disclose and store your information, how you can access or correct your information, and when your personal information is allowed to be used for direct marketing or sent overseas.

But privacy isn’t just about the law. It’s about you and the choices that you make every day. How often do you think about your privacy when doing any of the following everyday things?

Using social networking sites

Do you ever stop to think about who’ll be looking at the information you post?

Have you adjusted your privacy settings?

Getting your ID scanned at bars and clubs

Do you wonder what’s going to be done with your digitised information?

Filling in a form

Do you read the terms and conditions before you sign up?

Shopping or banking online

Do you check the system is secure before providing account or credit card details?

Receiving junk mail, spam or telemarketing calls

Do you ask yourself how they got your details and how to get them to stop sending you stuff?

You probably don’t realise just how many decisions you make about your privacy every day. These decisions are your choices — you can make choices about privacy in a way that works for you.

Changes to the law

The new Privacy Act includes changes in three main areas.

A new set of privacy principles.

These are called the Australian Privacy Principles (APPs) and they govern how your personal information must be handled. There are a number of important changes, including in the areas of privacy policies, direct marketing and overseas disclosure of personal information.

Comprehensive credit reporting.

Changes to the credit reporting affect everyone — anyone who has a credit card, store card or uses a telecommunications service provider has a credit report, and the information that goes onto it now can have an impact on your ability to get credit in the future.

Enhanced powers for the Office of the Australian Information Commissioner (OAIC).

The OAIC now has greater powers to resolve investigations and promote privacy compliance.


You can’t exercise or enforce your rights if you don’t know what they are — visit the OAIC website to find out about changes to the law.

Privacy policies

It is now a requirement that all government agencies and private sector organisations that are covered by the Privacy Act must have a clearly expressed and up-to-date privacy policy.

Privacy policies can be long and complex, and most of us don’t read them, but a good policy will tell you what you need to know before you provide your personal information.

So, before you decide to share your personal information read the privacy policy to find out:

  • what personal information is collected
  • if sensitive information is likely to be collected
  • if your personal information is likely to be shared with a third party
  • if personal information will be disclosed overseas
  • how your personal information will be used and disclosed
  • how personal information is stored and managed
  • how you can access and correct your personal information
  • how you can make a privacy complaint.

Online shopping and banking, social media, mobile apps, e-Gov services, loyalty cards and competitions can provide benefits but make sure you’re not losing control of your personal information. You should never sign-up to something where you hand over your personal details without first reading the privacy policy.

Direct marketing

Australian Government agencies and private sector organisations are only allowed to use your personal information for direct marketing in certain circumstances.

If they do, they have to give you a simple way to opt-out, and they have to action your opt-out request within a reasonable period of time. They also have to tell you where they got your information if you ask.

Cross border disclosure

Many of the services we use on a daily basis have overseas components to their business.

If your personal information is held by an business or agency that is covered by the Privacy Act, and they disclose it to an overseas organisation or agency they need to make sure that it will be handled in accordance with Australian privacy law.

If your personal information is mishandled by the overseas recipient, the business or agency that disclosed your information may be legally responsible for this.

These obligations don’t apply in some circumstances, such as where you specifically agree to your information being disclosed to an overseas organisation or agency. So get informed, and make sure you know what you are agreeing to!

Access and correction

You now have greater rights to access your personal information, and to correct it if it’s wrong. Government agencies and organisations must respond to a request for access or correction within a reasonable period of time (this is 30 days for agencies, and the OAIC considers that 30 days is reasonable for businesses too), and they have to give you reasons in writing if they refuse to give you access.

> A fact sheet that summarises the changes is available on the OAIC website

Social media

Social networking sites are one of the key places for sharing personal information. There’s no problem with staying in touch with friends on social media but you need to be aware of the risks and protect yourself and your friends.

The 2013 OAIC Community attitudes to privacy survey shows that 60% of young people think that online services, including social media, are the greatest risk to privacy right now. And 33% of young people have posted something on social media that they later regretted.

Social media sites have privacy policies — so make sure you read the terms and conditions, and adjust your privacy settings, so that you are only sharing with friends and people you trust.

Think about the consequences of your actions — your digital identity is real, and once something is out there it’s almost impossible to take it back.

It’s also important to respect your friends and the people around you — think before you post, tag or share photos or information about other people.

ID theft

ID theft and fraud are on the rise in Australia, and the availability of personal information in the online environment makes it more important than ever to protect your identity.

If an organisation or person wants to collect personal information from you, ask why the information is required, what they will do with it and who will it be disclosed to:

  • Only give your personal information to an organisation that you trust
  • Only give out as much personal information as you need to.
  • Think twice before posting any personal information about yourself online.
  • Make sure the anti-virus software on your computer is up-to-date, and make sure your network is protected by a firewall.
  • Keep an eye on your credit card and bank statements for suspicious transactions.
  • Minimise the amount of personal information you carry around, especially at places where it is likely to get lost or stolen, such as the beach, clubs etc.
  • Shred all documents you no longer need that contain personal information
  • Use the privacy settings on social networking sites.
  • Watch out for scams! Consider signing up for SCAMwatch, or the StaySmartOnline alert service, which are free email alert services provided by the Australian Government
  • Check your credit report with the following major credit reporting bodies:

The truth about your credit report

These days, everyone uses credit on a daily basis — credit and store cards, Paypal, even utility bills are a credit line.

The ability to get credit is something we take for granted, but if something goes wrong it’s usually at the worst possible time — just as you’re about to commit to a large purchase, or even a house.

The 12 March 2014 changes to the Privacy Act included some big changes to the way that the credit system works in Australia. Some aspects remain the same, and some are different, but the key things to remember are:

  • You have the right to access and request corrections to the information held about you by credit reporting bodies (the organisations that track people’s credit worthiness) and credit providers (banks, mortgage brokers etc).
  • In some cases if you are more than 14 days late on a bill, this information may be added to your credit report — this is your repayment history. This is NOT a default.
  • If you are more than 60 days late on a bill, this is a default and may be recorded on your credit report if the credit provider has followed a certain procedure.
  • A default cannot be recorded for an amount that is less than $150, or if you are under 18.
  • If there is incorrect information in your credit report, you can directly request a correction — you do not need to use a ‘credit repair’ business to do this and its important to know that these businesses cannot get information that is correct removed from your credit report.

> A series of 15 detailed fact sheets about credit reporting are now available

> A one page summary fact sheet about credit reporting for those with limited time

Ten top tips for privacy

  1. Ask why your information is needed — what are they going to use it for?
  2. Think before you disclose — you may not need to hand out your personal information
  3. Don’t put large amounts of personal information on social networking sites
  4. Check your records — make sure the information held about you is correct and up-to-date
  5. Read privacy policies — can be boring, but informative!
  6. Don’t leave your personal information lying around — shred old mail and records that are no longer required
  7. Sign up to the ‘Do Not Call Register’ to stop direct market phone calls — visit
  8. Check for encryption and use secure payment methods when shopping online
  9. Tick the ‘opt out’ box on forms if you don’t want to receive marketing communications
  10. Know your privacy rights — visit

Share this page

Protecting information rights — advancing information policy