Who has rights under the Privacy Act?
The Privacy Act 1988 (Privacy Act) regulates the way in which the personal information of individuals is handled.
As an individual, the Privacy Act gives you greater control over the way that your personal information is handled. The Privacy Act allows you to:
- know why your personal information is being collected, how it will be used and who it will be disclosed to
- ask for access to your records (including your health information)
- stop receiving unwanted direct marketing material
- correct inaccurate information about you
- make a complaint about an agency or organisation, if you think that they have mishandled your personal information.
Who has responsibilities under the Privacy Act?
Australian, ACT and Norfolk Island government agencies and certain private sector organisations have responsibilities under the Privacy Act.
The types of private sector organisations that are covered by the Privacy Act include:
- businesses and non-government organisations with an annual turnover greater than $3 million
- private sector health service providers
- private schools, if they have an annual turnover greater than $3 million, or provide a health service
- private and ACT universities
- small businesses that have opted-in to the Privacy Act
- businesses covered by an approved privacy code
- businesses that sell or purchase personal information without the consent of the individual or where the disclosure or collection is not authorised or required by law
- credit providers and credit reporting agencies that handle personal credit file information, regardless of their annual turnover.
The Privacy Act also covers:
- anyone handling your tax file number
- anyone handling your personal information contained on the Personal Property Securities Register
- anyone handling your old conviction information under the Commonwealth Spent Convictions Scheme.
The Privacy Act does not cover:
- State or Northern Territory government agencies, including state and territory public hospitals and health care facilities (which are covered under State and territory legislation) except in relation to Personally Controlled Electronic Health Records and Individual Healthcare Identifiers in certain circumstances
- ACT Government agencies handling health information or health records
- individuals acting in their own capacity, including your residential neighbours
- universities, other than private and ACT universities
- public schools (except ACT public schools)
- the handling of personal information by organisations where it is contained in employee records
- small business operators, unless an exception applies
- media organisations acting in the course of journalism
- registered political parties and political representatives.