On this page
- What privacy laws apply in each state and territory
- What privacy laws apply to private sector health service providers
- Who to complain to about a state agency or local council
- Who to complain to about a public hospital
The Office of the Australian Information Commissioner (OAIC) mainly deals with issues that are covered by the Privacy Act 1988 (Privacy Act). The Privacy Act is a federal law which does not cover local, state or territory government agencies, except the Norfolk Island administration.
Most Australian states and territories have equivalent legislation which covers their public sector agencies. Some state authorities and instrumentalities are bound by the Privacy Act.
If your inquiry or complaint is about a New South Wales (NSW), Queensland, Northern Territory, Tasmanian or Victorian public sector agency, including a local council, please contact the relevant commissioner using the links below.
Private sector health service providers
The Privacy Act applies to all private sector health service providers anywhere in Australia. It doesn’t apply to state and territory public sector health service providers, such as public hospitals.
In NSW, Victoria and the Australian Capital Territory (ACT) private sector health service providers must comply with both Australian and state or territory privacy laws when handling health information.
Queensland, the Northern Territory and Tasmania have privacy legislation that applies only to their public sector, including public sector health service providers.
Western Australia and South Australia do not have specific privacy legislation.
Australian Capital Territory
The OAIC exercises some of the functions of the Australian Capital Territory Information Privacy Commissioner. For more information see Privacy in the ACT.
The ACT Health Services Commissioner handles health record privacy complaints.
New South Wales
The NSW Information and Privacy Commission administers the Privacy and Personal Information Protection Act 1998 (NSW) and Health Records and Information Privacy Act 2002 (NSW).
The Office of the Information Commissioner Northern Territory oversees the privacy provisions of the Information Act 2002 (NT) and accepts complaints from consumers relating to the privacy of health information.
The Health and Community Services Complaints Commission also accepts complaints about health, disability and aged services in the Northern Territory.
The Queensland Office of the Information Commissioner receives privacy complaints under the Information Privacy Act 2009 (Qld) which covers the Queensland public sector.
Queensland’s Health Ombudsman can also receive and investigate complaints about health services and health service providers.
The South Australian privacy committee handles privacy complaints related to state government agencies’ compliance with a set of Information Privacy Principles
The Health and Community Services Complaints Commissioner also receives complaints about government, private and non-government health and community services.
The Tasmanian Ombudsman accepts complaints in relation to the Personal Information and Protection Act 2004 (Tas). This legislation covers the Tasmanian public sector, including public hospitals.
The Office of the Victorian Information Commissioner (OVIC) administers the Privacy and Data Protection Act 2014 (Vic).
The Office of the Health Services Commissioner administers the Health Records Act 2001 (Vic) and conciliates complaints between consumers and health care providers.
The Office of the Information Commissioner (WA) administers the Freedom of Information Act 1992 (WA) which includes some privacy principles related to the disclosure and amendment of personal information held by Western Australian State and local government agencies.
The Health and Disability Services Complaints Office is an independent statutory authority that also handles complaints relating to health and disability services in Western Australia.
Was this page helpful?
If you would like to provide more feedback, please email us at firstname.lastname@example.org