Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

Other legislation

Other than the Privacy Act 1988 (Privacy Act), there are a number of other Australian laws that relate to privacy. Due to their link to privacy, the following laws generally require the Australian Information Commissioner (Information Commissioner) to perform certain duties or activities or require certain agencies to consult the Information Commissioner on privacy matters.

Consumer Data Right

The Consumer Data Right (CDR) aims to provide greater choice and control for Australians over how their data is used and disclosed. It will allow consumers to access particular data in a usable form and to direct a business to securely transfer that data to an accredited data recipient.

Australian Capital Territory Privacy

The Information Privacy Act 2014 (ACT) regulates how personal information is handled by ACT public sector agencies. This Act includes a set of Territory Privacy Principles, which cover the collection, use, storage and disclosure of personal information, and an individual’s access to and correction of that information.


The Australian Information Commissioner (Information Commissioner) has a range of powers and obligations in regards to the administration of the Telecommunications Act 1997 and the Telecommunications (Interception and Access) Act 1979.

Criminal records

Criminal record information is classed as 'sensitive information' in the Privacy Act 1988 (Privacy Act). Sensitive information is a subset of personal information that is given additional protections.

Government data-matching

Data-matching involves bringing together data from different sources and comparing it. Agencies that carry out data-matching must comply with the Privacy Act 1988 (Privacy Act). Some data‑matching between certain agencies to detect incorrect payments is also subject to the requirements of the Data-matching Program (Assistance and Tax) Act 1990 (Data-matching Act) and relevant guidelines.

Anti-money laundering

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), and the Anti-Money Laundering and Counter-Terrorism Financing Rules (AML/CTF Rules) aim to prevent money laundering and the financing of terrorism by imposing a number of obligations on the financial sector, gambling sector, remittance (money transfer) services, bullion dealers and other professionals or businesses (known as ‘reporting entities’) that provide particular services (known as ‘designated services’). These obligations include collecting and verifying certain ‘know your customer’ (KYC) information about a customer's identity when providing those services.

Healthcare Identifiers

The OAIC is the independent regulator of the privacy aspects of the Healthcare Identifiers Act 2010 (HI Act) and the Healthcare Identifiers Regulations 2010 (HI Regulations).

My Health Records

The My Health Record system is the Australian Government’s digital health record system. It contains My Health Records which are online summaries of individuals' health information, such as medicines they are taking, any allergies they may have and treatments they have received. It was previously known as a Personally Controlled Electronic Health Record (PCEHR) or eHealth record.

Medicare and pharmaceutical benefits

The Privacy Act 1988 (and specific secrecy provisions in other legislation) protects information collected by the Australian Government through the Medicare and Pharmaceutical Benefits schemes (MBS and PBS).

Personal Property Securities Register

The Personal Property Securities Act 2009 (PPS Act) established a single, national, online Personal Property Securities Register (PPS Register). The PPS Register allows lenders and businesses to register their security interests over personal property.

Data-matching protocols received by the OAIC during the 2015-16 financial year