The Privacy Act covers organisations with an annual turnover more than $3 million and operating in Australia, and some other organisations. A number of factors go into deciding if an organisation operates in Australia, including if they have a presence in Australia or carry on a business in Australia.
What must be included
- their name and contact details
- what kinds of personal information they collect and store
- how they collect personal information and where it is stored
- the reasons why they need to collect personal information
- how they’ll use and disclose personal information
- how you can access your personal information, or ask for a correction
- how to lodge a complaint if you think your information has mishandled, and how they’ll handle your complaint
- if they are likely to disclose your information outside Australia and, if practical, which countries they are likely to disclose the information to.
If information handling practices change