3 March 2020

The Office of the Australian Information Commissioner (OAIC) is making preliminary inquiries into Alinta Energy’s handling of Australians’ personal information. Once those inquiries are completed, the OAIC will determine whether further regulatory action is required.

The OAIC regulates the Australian Privacy Act, which applies to most Australian Government agencies and organisations with an annual turnover of more than $3 million, as well as those that deal with sensitive information such as health information.

These regulated entities must comply with the Australian Privacy Principles (APPs), which cover:

  • open and transparent management of personal information, including having a privacy policy and practices, procedures and systems to ensure compliance with the Australian Privacy Principles (APP1)
  • collection of solicited personal information (APP3)
  • notification that personal information is being collected (APP5)
  • when an organisation can disclose personal information for direct marketing purposes (APP7)
  • how personal information can be used and disclosed (including overseas)  (APP8)
  • taking reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or exposure (APP11).