Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

Other legislation

Other than the Privacy Act 1988 (Privacy Act), there are a number of other Australian laws that relate to privacy. Due to their link to privacy, the following laws generally require the Australian Information Commissioner (Information Commissioner) to perform certain duties or activities or require certain agencies to consult the Information Commissioner on privacy matters.

Australian Capital Territory Privacy

The Information Privacy Act 2014 (ACT) regulates how personal information is handled by ACT public sector agencies. This Act includes a set of Territory Privacy Principles, which cover the collection, use, storage and disclosure of personal information, and an individual’s access to and correction of that information.


The Australian Information Commissioner (Information Commissioner) has a range of powers and obligations in regards to the administration of the Telecommunications Act 1997 and the Telecommunications (Interception and Access) Act 1979.

Criminal records

Criminal record information is classed as 'sensitive information' in the Privacy Act 1988 (Privacy Act). Sensitive information is a subset of personal information that is given additional protections.

Government data-matching

Data-matching involves bringing together data from different sources and comparing it. Agencies that carry out data-matching must comply with the Privacy Act 1988 (Privacy Act). Some data‑matching between certain agencies to detect incorrect payments is also subject to the requirements of the Data-matching Program (Assistance and Tax) Act 1990 (Data-matching Act) and relevant guidelines.

Anti-money laundering

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), and the Anti-Money Laundering and Counter-Terrorism Financing Rules (AML/CTF Rules) aim to prevent money laundering and the financing of terrorism by imposing a number of obligations on the financial sector, gambling sector, remittance (money transfer) services, bullion dealers and other professionals or businesses (known as ‘reporting entities’) that provide particular services (known as ‘designated services’). These obligations include collecting and verifying certain ‘know your customer’ (KYC) information about a customer's identity when providing those services.

Healthcare Identifiers

The Healthcare Identifiers Service (operated by Chief Executive, Medicare) issues unique identifiers to all individuals who receive healthcare in Australia. The aim is to help healthcare providers accurately communicate information with each other and identify and access patient records in the personally controlled electronic health (eHealth) record system.

eHealth records

Since July 2012, Australians have been able to choose to register for their own personally controlled electronic health (eHealth) record. An eHealth record is an electronic summary of a person’s health information. Healthcare providers are able to add information about a consumer's health to their eHealth record, in accordance with the consumer's access controls. This may include information such as medical history and treatments, diagnoses, medications and allergies.

Medicare and pharmaceutical benefits

The Privacy Act 1988 (and specific secrecy provisions in other legislation) protects information collected by the Australian Government through the Medicare and Pharmaceutical Benefits schemes (MBS and PBS).

Personal Property Securities Register

The Personal Property Securities Act 2009 (PPS Act) established a single, national, online Personal Property Securities Register (PPS Register). The PPS Register allows lenders and businesses to register their security interests over personal property.