On this page
The Privacy Act allows small business operators, who would otherwise not be covered by the Privacy Act, to choose to be treated as an organisation for the purposes of that Act and therefore subject to the Australian Privacy Principles.
About the register
Most small businesses and not-for-profit organisations that have an annual turnover of $3 million or less and that are not health service providers or do not trade in personal information for benefit, service or advantage are not covered by the Privacy Act 1988 (Privacy Act). There are some other situations that bring a small business/not-for-profit under the coverage of the Privacy Act, either in whole of for some of its activities. For more information on which small businesses/not-for-profits are covered by the Privacy Act see Small Business.
Section 6EA of the Privacy Act allows small businesses/not-for-profits, who would otherwise not be covered by the Privacy Act, to choose to be treated as an organisation for the purposes of the Privacy Act and therefore subject to the Australian Privacy Principles and any relevant APP code.
Small businesses/not-for-profits opting-in to be covered by the Privacy Act are making a public commitment to good privacy practice. This option has been made available in order to provide small businesses/not-for-profits with the opportunity to benefit from any increase in consumer confidence and trust that may be derived from operating under the Privacy Act.
How to opt-in
After verification and assessment of the application, you will notified and the trading name of your business/not-for-profit and its ABN will be placed on the public Opt-in Register as required by s6EA(3) of the Privacy Act. You will not be charged any fees for opting-in.
How to opt-out
If you have opted in and for any reason you wish to revoke that decision, you may opt-out by notifying the OAIC in writing. Your details will then be removed from the Opt-in Register, and you will no longer be covered by the Privacy Act (assuming no other provisions of the Privacy Act apply to your business/not-for-profit). You will not be charged any fees for opting-out.
It is important to note that any acts and practices of your business/not-for-profit that occur while you are on the Opt-in Register may be the subject of a complaint to the OAIC, even if you subsequently opt out.
The OAIC will keep a list of organisations that have revoked their decision to opt-in to the Privacy Act, or have been removed from the Opt-in Register for some other reason, and will make this information available if asked.
By completing and submitting this application form you are choosing to have your small business/not-for-profit treated as an ‘organisation’ under the Privacy Act.
The application form must be signed by an authorised person. If at any time you decide to revoke your choice to be treated as an organisation covered by the Privacy Act, you will need to do so in writing to the OAIC.
For more information on what it means for your business/not-for-profit to be treated as an organisation under the Privacy Act, please refer to the Privacy section of this website, or contact the Enquiries line during business hours. Once completed this form can be mailed, emailed or faxed.
Was this page helpful?
If you would like to provide more feedback, please email us at email@example.com