Australia’s Privacy Act 1988 has been updated many times in the 34 years since its passing, and centres around the application of the “Australian Privacy Principles” (APPs).
This article will explore how the Privacy Act applies and explain each of the APPs. We’ll also look at the reform of the Privacy Act, which could have a major impact on data protection in Australia.
Who is Covered by the Australian Privacy Act?
Australia’s Privacy Act 1988 applies to:
- Australian Government agencies.
- Organizations with an annual turnover of more than AUD 3 million (around USD 1.86 million).
- Some other organizations, regardless of turnover, including private sector healthcare providers, credit reporting agencies and organizations that have opted into compliance with the law.
Overseas organizations may be covered by the Privacy Act if they have an “Australian link”, which can include organizations that “carry on business” in Australia.
Australian Privacy Principles
Below is a summary of the 13 APPs, focusing on the principles as they relate to private sector bodies, known as “organizations” under the law:
Privacy Act Reforms
A review of the Privacy Act has been underway since December 2019. The outcome is likely to result in significant reforms to Australia’s data protection framework.
The review is considering changes to the scope of the act (which is currently unusually narrow for an advanced economy), which could mean that many more businesses are required to comply with the law.
The reforms also propose to strengthen the rules on data security, require organizations to conduct risk assessments in some circumstances, and enable individuals to opt out of targeted advertising or the sale of their personal information.