All images are of AAR staff and partners
Allens Arthur Robinson
Privacy homeOverviewNPPs & codesComplyingLegislation & linksIndustriesNews
Home »  
Print Version
Or use advanced search
Introduction
Who, what & when
International data flow
Sensitive information
Chronology
Spam
Tort of invasion of privacy
 Feedback
 Contacts
 Glossary


Overview: Introduction

This site examines privacy in the private sector.

The key privacy obligations which apply to the private sector in Australia are the National Privacy Principles (NPPs), which govern the handling of personal information. For more information about what you can and can't do, see our NPP section. For information on what you should do and a checklist that'll help you, go straight to complying

To find out to whom the NPPs apply and what information is protected, go to who, what & when.

Organisations who handle tax file numbers and credit information, for example credit providers and credit reporting agencies, are regulated by additional requirements and restrictions.

There are sanctions for failure to comply. By way of background to the development of privacy legislation, we have compiled a chronology of privacy legislation in Australia.

To toptop of page

Why protect personal information?

Information is a valuable asset, especially given developments in eCommerce and the drive towards a global economy.

There are real concerns about how information is used and shared. These concerns are even stronger where the information is sensitive or very personal. But they must be balanced against the competing interests of commercial organisations to handle and use personal information in the course of legitimate business.

To toptop of page

The current system

The Privacy Amendment (Private Sector) Act 2000, which amended the Privacy Act 1988, came into effect on 21 December 2001, establishing a national scheme to regulate private sector organisations' handling of personal information.

The legislation, as amended, was designed to bring Australia into line with international standards on personal information and to instil confidence in how Australian businesses handle personal information. The Government also aimed to address concerns about the development and take up of online business and eCommerce.

It introduced National Privacy Principles (NPPs), which regulate how private sector organisations may collect, keep, use and disclose personal information. The NPPs are based on National Principles for the Fair Handling of Personal Information which the Federal Privacy Commissioner introduced in 1998. The Principles were initially a voluntary scheme for the private sector, developed after extensive consultation with business and consumers. Those Principles were in turn based on OECD Guidelines.

The NPPs are legally binding.

To toptop of page

Privacy Amendment Act 2004

The Privacy Amendment Act 2004 received Royal Assent on 21 April 2004 and amended the Privacy Act 1988 (Cth) in the following ways:

  • The Act makes it clear that NPP 9, relating to transborder data flows, applies to personal information about persons who are not Australian residents or citizens.
  • The Privacy Commissioner will no longer be barred from investigating complaints about breaches of access and correction rights where the complainant is not an Australian resident or citizen.
  • The Act extends the matters which may be covered in a private sector organisation's privacy code.
  • The Act corrects an unintended limitation on private sector superannuation bodies using or disclosing Commonwealth payroll numbers when they provide superannuation services to Commonwealth employees.
  • The Act provides the Privacy Commissioner with an additional function of auditing particular acts and practices of Commonwealth agencies in relation to personal information specified in the regulations.
To toptop of page

Review of the Privacy Act

On 12 April 2000, during the second reading speech of the Privacy Amendment (Private Sector) Bill 2000 (Cth), the Attorney General stated that he would ask the Commissioner to 'conduct a formal review of the operation of the legislation and of all the exemptions, in consultation with key stakeholders after it has been in operation for 2 years.'

To facilitate the review, the Privacy Commissioner released an Issues Paper on 27 October 2004 to assist interested parties in making comments about the provisions of the Privacy Act . The Issues Paper provides a framework for assessing the extent to which the private sector provisions meet their objectives.

After reviewing numerous submissions and extensive consultation, the Commissioner released a review in May 2005 into the operation of the private sector provisions of the Privacy Act - a detailed analysis of the Commissioner's recommendations is available.

To toptop of page

Australian Law Reform Commission reviewing privacy protection in Australia

In January 2006, the Attorney-General, Mr Philip Ruddock, asked the Australian Law Reform Commission (ALRC) to conduct an Inquiry into the extent to which the Privacy Act 1988 (the Act) and other laws provide an effective framework for the protection of privacy in Australia.

The ALRC issued a wide-ranging Issues Paper in October 2006, which canvasses questions such as:

  • whether the National Privacy Principles under the Act are appropriate and how they can be clarified or improved;
  • whether the current exemptions under the Act should be re-visited;
  • whether the powers of the Office of the Privacy Commissioner are appropriate for its role;
  • the difficulties raised by the multi-layered regulation of personal information in Australia;
  • whether health information is appropriately regulated;
  • whether the protection of personal information for children, young persons, and adults with decision-making disabilities should be dealt with expressly in the Act;
  • how new technologies, or new uses of existing technologies, should be accommodated in a privacy framework; and
  • the regulation of the flow of personal information outside Australia, including whether the APEC Privacy Framework provides an appropriate model for the protection of personal information transferred between countries.

After consulting on these questions, the ALRC expects to release a Discussion Paper in mid 2007. It will also issue a separate issues paper on the consumer credit reporting provisions of the Privacy Act in December 2006. The ALRC expects to make its final Report in March 2008.

To toptop of page


Allens home | Privacy home | Top of page | Disclaimer | Privacy | Sitemap
Allens Arthur Robinson - a leading international law firm
© 2008 Allens Arthur Robinson, Australia | contactus@aar.com.au

 Allens Arthur Robinson - Clear Thinking