Australia Privacy Act 1988

    Overview

    The Privacy Act 1988 is the main law regulating how personal information is handled in Australia. It aims to protect individuals' privacy by setting out standards for how personal data should be collected, used, and disclosed by various organizations. It also includes provisions about access to and correction of personal information. The Act supports transparency and responsible handling of data to maintain individuals' privacy rights.

     

    Regulation Summary

    Timeline
    • December 2, 1988 – January 1, 1989: The Privacy Act 1988 received Royal Assent and came into effect, establishing Australia’s data protection framework.
    • March 2014 – March 2024: Major reforms introduced the Australian Privacy Principles (APPs), followed by stricter penalties, new privacy protections, and expanded enforcement powers.
    • December 10–11, 2024: The Privacy and Other Legislation Amendment Act 2024 received Royal Assent, with most amendments, including increased penalties and doxxing laws, taking effect.
    • June 10, 2025 – December 10, 2026: The statutory tort for serious invasions of privacy becomes enforceable within six months, and new automated decision-making disclosure requirements take effect after two years.
    What Businesses Are Affected
    • Australian Government agencies.
    • Private sector organizations with an annual turnover exceeding AUD $3 million (approx. USD $2 million).
    • Small businesses handling sensitive information, such as health records.
    • Foreign organizations processing personal data of Australian residents.
    Exemptions
    • Small businesses with turnover below AUD $3 million, unless handling sensitive data.
    • Political parties and media organizations under certain conditions.
    • Employee records used for employment purposes.
    Responsibilities for Businesses
    • Accountability: Appoint a privacy officer to oversee compliance.
    • Consent: Obtain informed consent before collecting or using personal information.
    • Purpose Limitation: Use data only for stated purposes.
    • Transparency: Provide clear privacy policies explaining data collection and usage.
    • Security Measures: Implement safeguards to prevent unauthorized access, loss, or misuse.
    Specific Responsibilities for Website Owners
    • Cookie Consent: Obtain user consent for non-essential cookies.
    • Privacy Notices: Clearly disclose how personal data is collected and used.
    • Data Breach Notification: Report breaches to the Office of the Australian Information Commissioner and affected individuals as soon as possible.
    Additional Requirements
    • Cross-Border Data Transfers: Ensure adequate protections for international data transfers.
    • Retention and Disposal: Limit how long personal data is stored and dispose of it securely.
    • Children’s Data: Stronger protections for personal data of individuals under 18 years old.
    Data Subject Rights
    • Access: Request access to personal data.
    • Correction: Request corrections to inaccurate or incomplete data.
    • Erasure: Request deletion of personal data under certain conditions.
    • Objection: Object to the processing of personal information.
    • Automated Decision-Making: Challenge automated processing decisions.
    Enforcement
    • Overseen by the Office of the Australian Information Commissioner.
    • Fines of up to AUD $50 million (approx. USD $33 million) or 30% of adjusted annual turnover for serious breaches.
    • Introduction of a tort for serious invasions of privacy, allowing individuals to seek compensation.
    • New criminal penalties for doxxing, with imprisonment of up to 6 years, or 7 years if motivated by bias (e.g., race, religion, gender).
    • Increased investigative powers for the Office of the Australian Information Commissioner to enforce compliance.
    illustration of contact means

    Questions?

    If you would like to learn more, our compliance experts are happy to support you.

    Leave us a Message
    support@clym.io
    +1 980 446 8535 +1 866 275 2596