Privacy Act 1988

*Privacy Act 1988*
Privacy Act 1988
Parliament of Australia
	Long title An Act to make provision to protect the privacy of individuals, and for related purpose ;
Citation	Privacy Act 1988
Enacted by	House of Representatives
Enacted	1988
Administered by	Office of the Australian Information Commissioner
	Status: Amended

Last updated August 10, 2024

The Privacy Act 1988 is an Australian law dealing with privacy. Section 14 of the Act stipulates a number of privacy rights known as the Australian Privacy Principles (APPs). These principles apply to Australian Government and Australian Capital Territory agencies or private sector organizations contracted to these governments, organizations and small businesses who provide a health service, as well as to private organizations with an annual turnover exceeding AUD$3M (with some specific exceptions).^[1] The principles govern when and how personal information can be collected by these entities. Information can only be collected if it is relevant to the agencies' functions. Upon this collection, that law mandates that Australians have the right to know why information about them is being acquired and who will see the information. Those in charge of storing the information have obligations to ensure such information is neither lost nor exploited. An Australian will also have the right to access the information unless this is specifically prohibited by law.^[1]

2000 amendments

The Privacy Act was amended in 2000 to cover the private sector. Schedule 3 of the Privacy Act sets out a significantly different set of privacy principles, the National Privacy Principles (NPPs). These apply to private sector organizations (including not for profit organizations) with a turnover exceeding three million dollars, other than health service providers or traders in personal information. These principles extend to the transfer of personal information out of Australia.^[2]

2014 amendments

The Australian Privacy Principles (APPs) replaced the National Privacy Principles and Information Privacy Principles on 12 March 2014 via the Privacy Amendment (Enhancing Privacy Protection) Act 2012, which amended the Privacy Act 1988.^[3] The Act was further amended in 2017 and December 2022, significantly enhancing the protection of privacy in Australia. These amendments included increased maximum penalties for data breaches and enhanced enforcement powers for the Office of the Australian Information Commissioner (OAIC).

The Privacy Act Review commenced in 2020 following recommendations by the Australian Competition and Consumer Commission in its 2019 Digital Platforms Inquiry – Final Report.^[4] On 28 September 2023, the Australian Government released its response to the Privacy Act Review Report, committing to further modernizing privacy regulations.

State legislation

Privacy principles that are the same as the NPPs are also included in the legislation applying to the public sectors of some Australian States and Territories, namely the Information Privacy Act 2000 (Victoria), Information Act 2002 (Northern Territory), Personal Information Protection Act 2004 (Tasmania), and the Health Records and Information Privacy Act 2002 (New South Wales).

Administration

Australia's privacy principles, the APPs, depend upon the meaning of "personal information" (as defined in Privacy Act 1988 s6). This term has not yet been interpreted in a restrictive way as has been "personal data" in the UK Durant case.^[5]

The Privacy Act creates an Office of the Privacy Commissioner and a Privacy Commissioner^[3] in Australia. The OAIC is responsible for investigating breaches of the Australian Privacy Principles (APPs) and credit reporting provisions. The OAIC’s powers include accepting enforceable undertakings, seeking civil penalties in the case of serious or repeated breaches of privacy, and conducting assessments of privacy performance for both Australian Government agencies and businesses. Section 36 of the Act states that Australians may appeal to this Commissioner if they feel their privacy rights have been compromised, unless the privacy was violated by an organization that has its own dispute resolution mechanisms under an approved Privacy Code. The Commissioner, who may decide to investigate complaints and, in some cases must investigate, can under section 44 obtain relevant evidence from other people. There is no appeal to a Court or Tribunal against decisions of the Commissioner except in limited circumstances. Section 45 of the Privacy Act allows the Commissioner to interview the people themselves, and the people might have to swear an oath to tell the truth. Anyone who fails to answer the Commissioner may be subject to a fine of up to $2,000 and/or year-long imprisonment (under section 65). Under section 64 of the Privacy Act, the Commissioner is also given immunity against any lawsuits that he or she might be subjected to for the carrying out of their duties.

If the Commissioner will not hear a complaint, an Australian may receive legal assistance under section 63. If a complaint is taken to the Federal Court of Australia, in certain circumstances others may receive legal assistance.

Review of the Act

The Australian Law Reform Commission completed an inquiry into the state of Australia's privacy laws in 2008. The Report entitled For Your Information: Australian Privacy Law and Practice^[6]^[7] recommended significant changes be made to the Privacy Act, as well as the introduction of a statutory cause of action for breach of privacy.^[8] The Australian Government committed in October 2009 to implementing a large number of the recommendations that the Australian Law Reform Commission had made in its report.^[9]

Related Research Articles

The role of information commissioner differs from nation to nation. Most commonly it is a title given to a government regulator in the fields of freedom of information and the protection of personal data in the widest sense. The office often functions as a specialist ombudsman service.

Identity theft, identity piracy or identity infringement occurs when someone uses another's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term identity theft was coined in 1964. Since that time, the definition of identity theft has been legally defined throughout both the U.K. and the U.S. as the theft of personally identifiable information. Identity theft deliberately uses someone else's identity as a method to gain financial advantages or obtain credit and other benefits. The person whose identity has been stolen may suffer adverse consequences, especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's financial resources.

Medical privacy, or health privacy, is the practice of maintaining the security and confidentiality of patient records. It involves both the conversational discretion of health care providers and the security of medical records. The terms can also refer to the physical privacy of patients from other patients and providers while in a medical facility, and to modesty in medical settings. Modern concerns include the degree of disclosure to insurance companies, employers, and other third parties. The advent of electronic medical records (EMR) and patient care management systems (PCMS) have raised new concerns about privacy, balanced with efforts to reduce duplication of services and medical errors.

The Data Protection Act 1998 (DPA) was an Act of Parliament of the United Kingdom designed to protect personal data stored on computers or in an organised paper filing system. It enacted provisions from the European Union (EU) Data Protection Directive 1995 on the protection, processing, and movement of data.

<i>Personal Information Protection and Electronic Documents Act</i> 2000 Canadian law

The Personal Information Protection and Electronic Documents Act is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to facilitate the use of electronic documents. PIPEDA became law on 13 April 2000 to promote consumer trust in electronic commerce. The act was also intended to reassure the European Union that the Canadian privacy law was adequate to protect the personal information of European citizens. In accordance with section 29 of PIPEDA, Part I of the Act must be reviewed by Parliament every five years. The first Parliamentary review occurred in 2007.

The Australian Human Rights Commission is the national human rights institution of Australia, established in 1986 as the Human Rights and Equal Opportunity Commission (HREOC) and renamed in 2008. It is a statutory body funded by, but operating independently of, the Australian Government. It is responsible for investigating alleged infringements of Australia's anti-discrimination legislation in relation to federal agencies.

A privacy policy is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Personal information can be anything that can be used to identify an individual, not limited to the person's name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services. In the case of a business, it is often a statement that declares a party's policy on how it collects, stores, and releases personal information it collects. It informs the client what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises. Privacy policies typically represent a broader, more generalized treatment, as opposed to data use statements, which tend to be more detailed and specific.

Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data. This includes usually the right to get details on which data is stored, for what purpose and to request the deletion in case the purpose is not given anymore.

The International Safe Harbor Privacy Principles or Safe Harbour Privacy Principles were principles developed between 1998 and 2000 in order to prevent private organizations within the European Union or United States which store customer data from accidentally disclosing or losing personal information. They were overturned on October 6, 2015, by the European Court of Justice (ECJ), which enabled some US companies to comply with privacy laws protecting European Union and Swiss citizens. US companies storing customer data could self-certify that they adhered to 7 principles, to comply with the EU Data Protection Directive and with Swiss requirements. The US Department of Commerce developed privacy frameworks in conjunction with both the European Union and the Federal Data Protection and Information Commissioner of Switzerland.

<i>Privacy Act</i> (Canada) Canadian federal legislation (1983)

The Privacy Act is the federal information-privacy legislation of Canada that came into effect on July 1, 1983. Administered by the Privacy Commissioner of Canada, the Act sets out rules for how institutions of the Government of Canada collect, use, disclose, retain, and dispose of personal information of individuals.

<i>Access to Information Act</i> Canadian freedom of information act

The Access to Information Act or Information Act is a Canadian Act providing the right of access to information under the control of a federal government institution. As of 2020, the Act allowed "people who pay $5 to request an array of federal files". Paragraph 2. (1) of the Act ("Purpose") declares that government information should be available to the public, but with necessary exceptions to the right of access that should be limited and specific, and that decisions on the disclosure of government information should be reviewed independently of government. Later paragraphs assign responsibility for this review to an Information Commissioner, who reports directly to parliament rather than the government in power. However, the Act provides the commissioner the power only to recommend rather than compel the release of requested information that the commissioner judges to be not subject to any exception specified in the Act.

Privacy law is a set of regulations that govern the collection, storage, and utilization of personal information from healthcare, governments, companies, public or private entities, or individuals.

<i>Campbell v MGN Ltd</i> 2004 House of Lords decision on privacy in English law

Campbell v Mirror Group Newspapers Ltd[2004] UKHL 22 was a House of Lords decision regarding human rights and privacy in English law.

<span class="mw-page-title-main">Canadian privacy law</span> Privacy law in Canada

Canadian privacy law is derived from the common law, statutes of the Parliament of Canada and the various provincial legislatures, and the Canadian Charter of Rights and Freedoms. Perhaps ironically, Canada's legal conceptualization of privacy, along with most modern legal Western conceptions of privacy, can be traced back to Warren and Brandeis’s "The Right to Privacy" published in the Harvard Law Review in 1890, Holvast states "Almost all authors on privacy start the discussion with the famous article 'The Right to Privacy' of Samuel Warren and Louis Brandeis".

Privacy in English law is a rapidly developing area of English law that considers situations where individuals have a legal right to informational privacy - the protection of personal or private information from misuse or unauthorized disclosure. Privacy law is distinct from those laws such as trespass or assault that are designed to protect physical privacy. Such laws are generally considered as part of criminal law or the law of tort. Historically, English common law has recognized no general right or tort of privacy, and offered only limited protection through the doctrine of breach of confidence and a "piecemeal" collection of related legislation on topics like harassment and data protection. The introduction of the Human Rights Act 1998 incorporated into English law the European Convention on Human Rights. Article 8.1 of the ECHR provided an explicit right to respect for a private life. The Convention also requires the judiciary to "have regard" to the Convention in developing the common law.

There is no absolute right to privacy in Australian law and there is no clearly recognised tort of invasion of privacy or similar remedy available to people who feel their privacy has been violated. Privacy is, however, affected and protected in limited ways by common law in Australia and a range of federal, state and territorial laws, as well as administrative arrangements.

New Zealand is committed to the Universal Declaration of Human Rights and has ratified the International Covenant on Civil and Political Rights, both of which contain a right to privacy. Privacy law in New Zealand is dealt with by statute and the common law. The Privacy Act 2020 addresses the collection, storage and handling of information. A general right to privacy has otherwise been created in the tort of privacy. Such a right was recognised in Hosking v Runting [2003] 3 NZLR 385, a case that dealt with publication of private facts. In the subsequent case C v Holland [2012] NZHC 2155 the Court recognised a right to privacy in the sense of seclusion or a right to be free from unwanted intrusion.

The Office of the Australian Information Commissioner (OAIC), known until 2010 as the Office of the Australian Privacy Commissioner is an independent Australian Government agency, acting as the national data protection authority for Australia, established under the Australian Information Commissioner Act 2010, headed by the Australian Information Commissioner.

The Office of the Privacy Commissioner administers the Privacy Act 2020. The Privacy Commissioner is entrusted to protect personal information of New Zealanders in accordance with the Privacy Act. Current Privacy Commissioner, Michael Webster, began his role in July 2022.

The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015(Cth) is an Act of the Parliament of Australia that amends the Telecommunications (Interception and Access) Act 1979 (original Act) and the Telecommunications Act 1997 to introduce a statutory obligation for Australian telecommunication service providers (TSPs) to retain, for a period of two years, particular types of telecommunications data (metadata) and introduces certain reforms to the regimes applying to the access of stored communications and telecommunications data under the original Act.

References

1 2 "Home".
↑ "History of the Privacy Act". OAIC. Retrieved 8 November 2020.
1 2 "Read the Australian Privacy Principles". OAIC. Retrieved 28 May 2022.
↑ "Privacy | Attorney-General's Department".
↑ John Durant v Financial Services Authority [2003] EWCA Civ 1746, Case no: B2/2002/2636 http://www.bailii.org/ew/cases/EWCA/Civ/2003/1746.html
↑ ALRC Report For Your Information: Australian Privacy Law and Practice Archived 2012-08-05 at archive.today
↑ ALRC Australia must rewrite privacy laws for the Information Age, 1 August 2008
↑ ALRC List of Recommendations
↑ "Government gives giant 'tick' to ALRC privacy recommendations". Australian Law Reform Commission . 14 October 2009. Archived from the original on 26 January 2010.

External links

Privacy Act 1988 in the Federal Register of Legislation
Full text of the Privacy Act 1988, Australasian Legal Information Institute, URL accessed 6 May 2006.
National Privacy Principles, Office of the Australian Information Commissioner, URL accessed 12 June 2011.
Information Privacy Principles, Office of the Australian Information Commissioner, URL accessed 12 June 2011.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[:0-1] 1 2 "Home".

[2] "History of the Privacy Act". OAIC. Retrieved 8 November 2020.

[:1-3] 1 2 "Read the Australian Privacy Principles". OAIC. Retrieved 28 May 2022.

[4] "Privacy | Attorney-General's Department".

[5] John Durant v Financial Services Authority [2003] EWCA Civ 1746, Case no: B2/2002/2636 http://www.bailii.org/ew/cases/EWCA/Civ/2003/1746.html

[6] ALRC Report For Your Information: Australian Privacy Law and Practice Archived 2012-08-05 at archive.today

[7] ALRC Australia must rewrite privacy laws for the Information Age, 1 August 2008

[8] ALRC List of Recommendations

[9] "Government gives giant 'tick' to ALRC privacy recommendations". Australian Law Reform Commission . 14 October 2009. Archived from the original on 26 January 2010.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]