Privacy Law In Australia
Unlike other countries, there are no constitutional provisions that define the right to privacy in Australia. However, some Federal and State laws are in place to fill-in the gaps and provide Australians some much needed privacy. The laws may not confer “privacy rights,” per se, but work similarly by protecting the privacy rights of an individual.
Probably the most integral part of Australia’s privacy framework is the Privacy Act (1988) (Cth). Together with some State legislation, provisions in the law of contracts, tort law and the law pertaining to confidential information, Australians are afforded some privacy rights.
The Privacy Act (1988)
The Privacy Act commenced in 1989. This is federal legislation that regulates the handling of personal information on certain individuals, which includes the collection, use, storage, and disclosure of personal information. Initially, this legislation was intended to apply exclusively to the Commonwealth public sector.
Amendments introduced in 2001 to the Privacy Act established a separate set of privacy principles, known as the National Privacy Principles (NPPs), which apply solely to the private sector.
The Four Areas of Operations Under The Privacy Act
The Privacy Act has a few main areas of operation:
- The eleven (11) Information Privacy Principles (IPP). These apply to the handling and storage of personal information by most Australian, ACT and Norfolk Island public sector employees (Section 14 of the Act). The IPPs are guidelines that regulate the activities of Australian government public sector agencies, which include the ministers, departments, federal courts and other bodies established for a public purpose.
Personal information is defined as: “Information or an opinion (including information or an opinion forming part of a database) whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.”
On 12 March 2014, the IPP will be replaced by the Australian Privacy Principles (APPs) by virtue of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) which was adopted on 29 November 2012. The amendment will require every organisation to collect or obtain “personal information” and ensure that it has policies and procedures in place to make certain that it complies with its obligations under the Act.
- The ten (10) National Privacy Principles (NPP). These principles apply to the handling of personal information by large businesses, health service providers and some small businesses and non-government organizations (Schedule 3 of the Act).
The NPP is a set of guidelines that regulate the activities of private sector organisations, these may be an individual, a body corporate, a partnership, any other unincorporated association or a trust including not-for-profit organisations with a turnover exceeding A$3 million, other than health service providers or traders in personal information.
The Act also contains credit reporting provisions that apply to the handling of credit reports and other credit information about individuals (private sector only) by credit reporting agencies, credit providers and some third parties (Part IIIA of the Act).
There is also a legally binding Credit Reporting Code of Conduct issued by the Australian Information Commissioner (formerly by the federal Privacy Commissioner).
- The Act also deals with the storage of Tax File Numbers (TFN) by the private sector which must comply with the Tax File Number Guidelines issued by the Australian Information Commissioner (Section 17 of the Act). TFNs are unique numbers issued by the Australian Taxation Office (ATO) to identify individuals, or companies who file their income tax returns with the ATO.
What is Exempt from the Application of the Privacy Act
The operation of the Privacy Act does not apply to the following:
- To personal information being collected, used or disclosed for personal, family or household purposes;
- To employees’ records. Organisations are only exempt in relation to past or present employees if the relevant act or practice is directly related to an employee’s record and the employment relationship;
- To media organisations which are exempt in relation to acts or practices in the course of journalism;
- Political acts and practices by political representatives, such as Parliamentarians whose acts and practices are related to political processes. This may also exempt contractors, subcontractors and volunteers working for registered political parties or political representatives whose acts or practices are related to political processes.
Stay Tuned for Part 2 on Privacy Laws In Australia where we investigate where to turn to in the case of a violation of privacy rights.
If you require legal advice or more information, you should contact a Solicitor who can give you legal advice relevant to your situation. The advice and information in this article is not intended to be legal advice.