australia-privacy-act
Australia Privacy Act Compliance (2024 Amendments)
Overview
Australia's Privacy Act 1988 (Cth) is the primary federal data protection legislation, administered and enforced by the Office of the Australian Information Commissioner (OAIC). The Privacy Act applies to Australian Government agencies, private sector organisations with an annual turnover of more than AUD 3 million, and certain other organisations regardless of turnover (health service providers, organisations trading in personal information, credit reporting bodies).
The Australian Government's 2024 Privacy Act Reform Amendments (building on the Attorney-General's Department Privacy Act Review Report of February 2023) introduced significant reforms including a statutory tort for serious invasions of privacy, enhanced individual rights, automated decision-making transparency obligations, a children's privacy code, and strengthened enforcement powers.
Australian Privacy Principles (APPs)
The 13 APPs
| APP | Subject | Key Requirement |
|---|---|---|
| APP 1 | Open and transparent management | Maintain a clear privacy policy; take reasonable steps to implement practices that ensure compliance |
| APP 2 | Anonymity and pseudonymity | Give individuals the option of dealing anonymously or under a pseudonym where practicable |
| APP 3 | Collection of solicited personal information | Collect only information reasonably necessary for functions/activities; collect sensitive information only with consent |
| APP 4 | Dealing with unsolicited personal information | If unsolicited information could not have been collected under APP 3, destroy or de-identify it |
| APP 5 | Notification of collection | Notify individuals of: identity, purpose, third-party disclosures, overseas disclosures, access/correction rights, complaint mechanism |