Currently updated by Susan Walsh, Senior Associate, MinterEllison
Originally authored by Matthew Hall, Solicitor Director, Artifex advisor
The importance of privacy regulation has grown with the increased capabilities of technologies that allow businesses to capture, access and use an extensive amount of personal information from a range of access points.
Personal information is considered a highly valuable commodity to businesses in identifying their client base and their needs with a view to developing specifically tailored products. In this environment, the ability of individuals to control their personal information has raised concerns, leading to a comprehensive review of Australian privacy laws by the Australian Law Reform Commission (ALRC Report 108 For Your Information: Australian Privacy Law and Practice, 11 August 2008).
On 23 May 2012, the Commonwealth Government introduced its legislation to implement the first stage of its reforms to Australia's privacy laws. The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Privacy Amendment Act) received the Royal Assent on 12 December 2012 and some provisions came into force that day. However, the more substantial changes commenced on 12 March 2014. The Privacy Amendment Act introduced significant changes to the Australian privacy regime.
See Introduction to the privacy regime in Australia and the subtopic Plans for reform.
See Introduction to the privacy regime in Australia and Plans for reform.
Introduction to the privacy regime in Australia
There is currently no right to privacy, per se, in Australia. However, individuals have the right to be informed prior to disclosing information as to how and why an organisation collects personal information as well as the ways in which that information will be used.
This guidance note outlines the current regulatory framework in Australia, including the 13 new harmonised Australian Privacy Principles, which amalgamated and supplemented the previous information privacy principles and the national privacy principles, as well as proposed changes to the privacy regime.
See Introduction to the privacy regime in Australia.
The Australian Privacy Principles (APPs)
This guidance note details the obligations of private sector organisations meeting certain criteria and various agencies under the APPs, including collection, use and disclosure of personal information, integrity of personal information, and cross-border data flows and sensitive information.
See The Australian Privacy Principles (APPs).
State regimes
State and territory public sector agencies will only be bound by privacy obligations if there is a separate state or territory regime that applies. Despite the fact that it was an intention of the most recent reforms to unify privacy obligations, organisations may have to comply with a number of different regimes, at Commonwealth and state levels, depending on the location of the business or information, and the type of information collected.
This guidance note outlines the various privacy regimes and relevant legislation of the states and territories.
See State regimes.