The Privacy Act 1988 (Privacy Act) regulates how personal information is handled. The Privacy Act defines personal information as:
…information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.
Common examples are an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details and commentary or opinion about a person.
The Privacy Act includes thirteen Australian Privacy Principles (APPs), which apply to some private sector organisations, as well as most Australian and Norfolk Island Government agencies. These are referred to as ‘APP entities’. For more information, see who is covered by privacy.
The APPs are not prescriptive. Each APP entity needs to apply the principles to its own situation. The principles cover:
- an individual having the option of transacting anonymously or using a pseudonym where practicable
- the collection of solicited personal information and receipt of unsolicited personal information including giving notice about collection
- how personal information can be used and disclosed (including overseas)
- maintaining the quality of personal information
- keeping personal information secure
- right for individuals to access and correct their personal information
The APPs place more stringent obligations on APP entities when they handle ‘sensitive information’. Sensitive information is a type of personal information and includes information about an individual's:
- health (including predictive genetic information)
- racial or ethnic origin
- political opinions
- membership of a political association, professional or trade association or trade union
- religious beliefs or affiliations
- philosophical beliefs
- sexual orientation or practices
- criminal record
- biometric information that is to be used for certain purposes
- biometric templates.
For more information about how the APPs apply, see the OAIC's APP guidelines.
The Privacy Act also covers more specific matters, such as:
The Information Commissioner also has powers to investigate the handling of your:
- ehealth record information under the Personally Controlled Electronic Health Records Act 2012 and Individual Healthcare Identifiers under the Healthcare Identifiers Act 2010
- old conviction information under the Commonwealth Spent Convictions Scheme
- personal information contained on the Personal Property Securities Register
The areas of privacy regulated by the Privacy Act are just one aspect of privacy. Other types of privacy can include territorial privacy and physical or bodily privacy, but these are not regulated by the Privacy Act.
Some other concepts that can be related to privacy are:
Confidentiality — this usually refers to communications between individuals with an inherently private relationship, such as a client and lawyer, patient and medical professional, source and journalist, or individual and their spiritual adviser.
Secrecy — generally refers to laws that impose an obligation of confidentiality in relation to the handling of government information.
Intellectual property — refers to the creation or property of your mind, and may include propriety knowledge.
Freedom of information — refers to the public’s right to access government information.
These matters are not regulated by the Privacy Act. In most cases there are other Australian laws that regulate these matters.