The Governor-General may issue regulations under s 100 of the Privacy Act 1988.

Privacy Regulation 2013

The Privacy Regulation 2013 relates to various provisions of the Privacy Act including:

  • the definition of various terms relevant to the credit reporting provisions in Part III A of the Privacy Act
  • permitted disclosures of credit information to a credit reporting body (see s 21D of the Privacy Act)
  • small business operators treated as organisations (see s 6E of the Privacy Act)
  • state authorities and state instrumentalities treated as organisations (see s 6F of the Privacy Act)
  • agencies treated as organisations (see s 7A of the Privacy Act)
  • exceptions to Australian Privacy Principle 9 (adoption, use or disclosure of government related identifiers)
  • Privacy Advisory Committee — travelling allowance (within Australia) payable to an appointed member of the committee (see s 88 of the Privacy Act)
  • the handling of personal information in emergencies and disasters — an entity will still be liable for contravening the secrecy provisions of the Census and Statistics Act 1905 if they use or disclose personal information that would otherwise be permitted under s 80P(1) of the Privacy Act
  • transitional provisions relating to the disclosure of information by credit reporting bodies — credit reporting bodies will be able to process information requests in accordance with the Privacy Act as it applied prior to the changes introduced by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 until 31 March 2014
  • a provision excepting energy and water utilities in the Australian Capital Territory from the requirement to be a member of a recognised external dispute resolution scheme before disclosing credit information to a credit reporting body, expiring 1 January 2019 (see s 21D(2)(a)(i) of the Privacy Act)