In December 2000, the Privacy Amendment (Private Sector) Act 2000 extended coverage of the Privacy Act to some private sector organisations. The amendments commenced on 21 December 2001. These amendments introduced 10 National Privacy Principles into the Privacy Act, which set standards for private sector organisations when they collect, use and disclose, hold secure, give access to, and correct personal information.
2010 — The Office of the Australian Information Commissioner
The Australian Information Commissioner Act 2010 established the Office of the Australian Information Commissioner (OAIC) on 1 November 2010. The former Office of the Privacy Commissioner was integrated into the OAIC on 1 November 2010. The OAIC is headed by the Australian Information Commissioner, who is supported by two other statutory officers: the Freedom of Information Commissioner and the Privacy Commissioner. For more information about the OAIC, see Our Executive.
2011 — Norfolk Island
On 1 January 2011, the Privacy Act was extended to Norfolk Island Government agencies by the Territories Law Reform Act 2010.
the Australian Privacy Principles (APPs) regulate the handling of personal information by Australian and Norfolk Island Government agencies and some private sector organisations (they replaced the Information Privacy Principles and National Privacy Principles)
a new Part IIIA of the Privacy Act, which allows for more comprehensive credit reporting
a new requirement for a credit provider to be a member of an external dispute recognition scheme (EDR scheme) recognised under the Privacy Act to be able to participate in the credit reporting system
new laws on codes of practice about information privacy (APP codes) and a code of practice for credit reporting (the CR code); and enabling the Information Commissioner to develop and register binding codes that are in the public interest
new enforcement powers for the Information Commissioner
2014 – ACT privacy reforms
The Information Privacy Act 2014 (ACT), which commenced on 1 September 2014, introduced new privacy laws for Australian Capital Territory public sector agencies. The Information Privacy Act introduced the Territory Privacy Principles, which set out standards for handling personal information. They’re similar to the APPs. For more information about this change, see Australian Capital Territory Privacy.
2018 — The Notifiable Data Breaches scheme
The Privacy Amendment (Notifiable Data Breaches) Act 2017 established the Notifiable Data Breaches scheme for all organisations and agencies with existing personal information security obligations under the Privacy Act.
Other additions to our privacy functions
1990 — Spent convictions
The Privacy Commissioner was given compliance and advisory functions for spent conviction information when Part VIIC of the Crimes Act 1914 and came into effect on 30 June 1990. Part VIIC deals with the collection, use and disclosure of old conviction information. For more information see Criminal Records.
1990 — Tax file number data matching
The Data-matching Program (Assistance and Tax) Act 1990, and guidelines made under that Act, gave the Privacy Commissioner oversight and compliance functions for how the Australian Taxation Office and certain other agencies use tax file numbers to compare personal information to detect incorrect payments. For more information see Government Data Matching.
1991 — Medicare and pharmaceutical benefits schemes
2006 — Anti-money laundering and counter terrorism
The introduction of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) required the Australian Transaction Reports and Analysis Centre (AUSTRAC), the agency responsible for ensuring compliance with the AML/CTF Act, consult the Privacy Commissioner on privacy of individuals matters. For more information see Anti-Money Laundering.
2010 — Healthcare identifiers
The Privacy Commissioner was given oversight and compliance functions with the introduction of the Healthcare Identifiers Act 2010, including the investigation of complaints about the mishandling of healthcare identifiers.
