-
On this page
Privacy is a fundamental human right.
In recognition of this, Australia has laws which protect people’s privacy.
These laws set out rules around how people’s personal information is handled by organisations and the government.
The main national law which does this is the Privacy Act 1988.
Businesses and organisations with an annual turnover of more than $3 million are required to follow the Privacy Act. So are federal government agencies, health services, and some other organisations.
The Privacy Act sets out 13 Australian Privacy Principles. If these are not followed by governments, health services, businesses and organisations, penalties may apply.
There are also similar state and territory laws that governments and some health services are required to follow in those states and territories.
The right to privacy isn’t absolute. Sometimes other concerns are given priority, such as your safety, the safety of others, or the interests of justice. But it is important. That’s why rules apply in these situations.
Your rights under the Privacy Act
The Privacy Act gives you the general right to:
- know why your personal information is being collected, how it will be used and who it will be disclosed to
- have the option of not identifying yourself, or of using a pseudonym, in certain circumstances
- ask for access to your personal information (including your health information)
- ask for your personal information that is incorrect to be corrected
- make a complaint about an organisation or government agency, if you think they’ve mishandled your personal information.
In certain situations, the Privacy Act requires that an organisation or agency needs your consent to handle your personal information. For example, your consent is generally needed for the collection of your sensitive information.
What is personal information?
Personal information includes a broad range of information, or an opinion, that could identify someone.
For example, personal information may include:
- your name, signature, address, phone number or date of birth
- credit information
- employee record information
- photographs
- internet protocol (IP) addresses
- voice print and facial recognition biometrics
- location information from a mobile device
- sensitive information.
Sensitive information has a higher level of privacy protection than other personal information.
It includes things such as racial or ethnic origin, political opinions or associations, religious or philosophical beliefs, trade union membership or associations, sexual orientation or practices, health or genetic information, some aspects of biometric information, and criminal records.
Making a complaint
If you think that an organisation, business or government agency which is covered by the Privacy Act has mishandled your personal information, you can make a complaint to us – the Office of the Australian Information Commissioner (OAIC). We are the privacy regulator, and we are independent.
You will need to have contacted the organisation or agency you think mishandled your information about your complaint first. Organisations should generally respond to a complaint in 30 days. If they do not respond, or you are not satisfied with their response, you can complain to us.
Further information
More information is available on our website: www.oaic.gov.au/privacy
