Privacy laws
New privacy laws commenced 12 March 2014
The new Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cwlth), Privacy Regulation 2013 (Cwlth) and Credit Reporting Privacy Code have taken effect on 12 March 2014.
Significant changes have been made to privacy law, including:
- 13 new Australian Privacy Principles that apply to businesses, replacing the Information Privacy Principles (IPP) and National Privacy Principles (NPP)
- comprehensive credit reporting and enhanced privacy protection
- enhanced powers of the Australian Information Commissioner to resolve complaints, conduct assessments and seek compliance
- the new mandatory Credit Reporting Privacy Code.
Privacy and small business
Some small business operators are exempt from the Privacy Act. Check whether your small business needs to comply with the Act.
Although you may find your business is exempt, you can still choose to comply. Benefits of complying with the legislation can include increased consumer confidence and trust in your business and its operations. Read more about the benefits of opting-in and how to do it.
Workplace information
Employee records in the private sector are not covered by the Privacy Act. An employer does not have to grant an employee access to their employment records.
Learn more about collecting and handling employee personal information in the workplace.
Sales and marketing
How customer information, gathered through market research, is protected, depends on how the data was collected. In general the following rules apply:
- Direct marketing (such as telemarketing and advertising via email, SMS or post) is covered by the Privacy Act and the NPPs – read more about protection of direct marketing data.
- Door-to-door sales are covered by the Australian Consumer Law (ACL) – read more about legal and ethical selling.
Note that some customer information may be covered by both pieces of legislation.
Consumer credit reporting
The Privacy Act provides safeguards for individuals in relation to consumer credit reporting. The use of customer information is restricted to assessing applications for credit and other activities involving giving credit.
Learn more about how the Privacy Act applies to consumer credit reporting.
Health service providers
The Privacy Act provides extra protections for handling individual's health information, and all organisations that provide a health service are covered by the Act.
If this applies to your business you should read how the Privacy Act applies to the private health sector.
Legal obligations for online business
Online businesses need to be aware of additional laws governing such things such as spam, electronic transactions and intellectual property. Learn more about legal obligations for online business.
Queensland Government and privacy
The Office of the Information Commissioner Queensland, under the Right to Information Act 2009, promotes access to government held information and protects individual's personal information held by government agencies. Read more about privacy in Queensland.
Also consider...
- Read privacy for organisations for information on how the Privacy Act covers small businesses.
- Follow the 10 steps guide to protecting other people's personal information.
- Learn about the benefits of opting into privacy laws.
- Find out more about privacy and what the Privacy Act 1988 covers.
- Learn about information technology risk management and how to protect your business and customer information.
- Find out how privacy relates to social media and other technologies.
- Last reviewed: 18 Jul 2017
- Last updated: 11 May 2022