Who has rights under the Privacy Act?
The Privacy Act 1988 (Privacy Act) regulates the way individuals’ personal information is handled.
As an individual, the Privacy Act gives you greater control over the way that your personal information is handled. The Privacy Act allows you to:
- know why your personal information is being collected, how it will be used and who it will be disclosed to
- have the option of not identifying yourself, or of using a pseudonym in certain circumstances
- ask for access to your personal information (including your health information)
- stop receiving unwanted direct marketing
- ask for your personal information that is incorrect to be corrected
- make a complaint about an entity covered by the Privacy Act, if you consider that they have mishandled your personal information.
Who has responsibilities under the Privacy Act?
Most Australian and Norfolk Island Government agencies and some private sector organisations have responsibilities under the Privacy Act. The types of private sector organisations that are covered by the Privacy Act include:
- all businesses and not-for-profit organisations with an annual turnover greater than $3 million
- private sector health service providers, including child care centres, private schools and private tertiary educational institutions
- businesses that sell or purchase personal information
- participants in the credit reporting system (such as, credit providers (which includes energy and water utilities and telecommunication providers), credit reporting bodies and certain other third parties)
- contracted service providers for a Commonwealth contract
- small business operators that either:
- have opted-in to the Privacy Act
- are reporting entities under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 or
- are an association of employees registered or recognised under the Fair Work (Registered Organisations) Act 2009
The Privacy Act also covers specified persons handling your:
- tax file numbers under the Tax File Number Guidelines
- personal information contained on the Personal Property Securities Register
- old conviction information under the Commonwealth Spent Convictions Scheme
- ehealth record information under the Personally Controlled Electronic Health Records Act 2012 and Individual Healthcare Identifiers under the Healthcare Identifiers Act 2010
A different version of the Privacy Act applies to ACT Government agencies. The Privacy Act, as in force on 1 July 1994 (and as modified by the Australian Capital Territory Government Service (Consequential Provisions) Act 1994), applies to those agencies.
The Privacy Act does not cover:
- State or Northern Territory Government agencies, including state and territory public hospitals and health care facilities (which are covered under State and territory legislation) except in relation to Personally Controlled Electronic Health Records and Individual Healthcare Identifiers
- ACT Government agencies handling health information or health records
- individuals acting in their own capacity, including your neighbours
- universities, other than private and ACT universities and the Australian National University
- public schools (except ACT public schools)
- in some circumstances, the handling of employee records by an organisation in relation to current and former employment relationships
- small business operators, unless an exception applies
- media organisations acting in the course of journalism if the organisation is publicly committed to observing published privacy standards
- registered political parties and political representatives.