Privacy act 1988

The Privacy Act 1988 is an Australian law that regulates how organisations handle personal information. It sets out principles for the collection, use, storage, and disclosure of personal data to protect individuals’ privacy rights. The Act applies to most government agencies, private sector organisations with annual turnover above three million dollars, and some smaller businesses handling sensitive information.
For example, a healthcare provider must comply with the Privacy Act 1988 when collecting patient records by ensuring secure storage and using the data only for authorised purposes.
Advanced
The Privacy Act 1988 establishes the Australian Privacy Principles (APPs), a set of 13 principles that guide organisations on transparency, consent, data accuracy, security, and access rights. They require organisations to be open about data management and to provide individuals with control over their personal information.
Advanced compliance involves conducting privacy impact assessments, adopting data breach response plans, and implementing strong security protocols. The Act is enforced by the Office of the Australian Information Commissioner (OAIC), which can investigate complaints, issue directions, and apply penalties for serious or repeated breaches. With growing digitalisation, reforms are under discussion to strengthen penalties, regulate online data use, and align with international frameworks such as GDPR.
Relevance
Applications
Metrics
Issues
Example
A financial services company suffers a data breach affecting thousands of customers. Under the Privacy Act 1988, it must notify affected individuals and the OAIC. After implementing new security controls and updating its privacy policy, the company improves compliance and rebuilds customer trust.