|OVERVIEW||The Privacy Law in Australia regulates “information privacy” and personal information.The primary privacy law in Australia is the Privacy Act of 1998.|
|ENACTED||1998 with amendments in 2000|
|GENERAL PRIVACY LAWS||
|PERSONAL DATA PROTECTION LAWS AND REGULATIONS||
The Federal Privacy Act does not regulate state or territory agencies, except for the Australian Capital Territory (ACT).
|TYPE OF DATA PROTECTED||
Personal Information which is information that identifies an individual or could identify the individual. The Privacy Act defines personal information as:
"... information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion."
|WORKPLACE PRIVACY LAWS||
The Privacy Act regulates handling of personal information in Australia and originating from Australia. Under Australian Law, specifically National Privacy Principle (NPP) 9, if an organization’s overseas activity is required by the law of a foreign country, then it does not interfere with the privacy of an individual under Australian Law.
An organization may transfer personal information overseas provided that one of the following conditions is satisfied:
|FINES AND SANCTIONS||
Pursuant to Section 52 of the Privacy Act, there are a number of sanctions, including:
After investigating a complaint, the Commissioner may:
|OTHER PRIVACY LAWS AND REGULATIONS||
Telecommunications Act 1997 has a number of provisions that deal with privacy of personal information held by carriers, carriage service providers and others. Part 6 provides for the development of industry codes and standards for the protection and privacy of consumer information. Part 13 sets out strict rules for carriers, carriage service providers and others in their use and disclosure of personal information.
The Privacy Act (and specific secrecy provisions in other legislation) protects information collected by the Government through the Medicare and Pharmaceutical Benefit schemes. Due to its sensitivity, the handling of MBS and PBS information is also regulated by legally binding guidelines issued by the Information Commissioner. The guidelines:
The Data-Matching Program (Assistance and Tax) Act 1990 regulates the use of the tax file number in comparing personal information held by the Australian Taxation Office and by assistance agencies.
Crimes Act 1914 contains Part VIICX, which limits the use of old criminal convictions and provides protection against unauthorized use and disclosure of this information.
Anti-Money Laundering and Counter-Terrorism Financing Act 2006 amends the Privacy Act so that small businesses are reporting entities for the purposes of the Act and have reporting responsibilities to AUSTRAC.
The Healthcare Identifiers Act 2010 (the HI Act) establishes the Healthcare Identifiers Service (the HI Service) and prescribes how healthcare identifiers will be assigned, how they can be used and disclosed. There are also Healthcare Identifier Regulations that expand on the requirements in the HI Act. Healthcare providers can only access, use or disclose healthcare identifiers for the limited purposes set out in the HI Act.