The Privacy Act
Contributed by
AjunthaThinakaran and current to 27 July 2018
The Privacy Act 1988 (Privacy Act) regulates how personal information is managed.
Personal information is defined as:
…information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.
Some common examples are an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details and even include commentary or opinion about a person.
The Privacy Act includes thirteen Australian Privacy Principles (APPs), which apply to some private sector organisations, as well as most Australian and Norfolk Island Government agencies. These are collectively referred to as ‘APP entities’. The Privacy Act also regulates the privacy component of the following:
- Consumer credit reporting system;
- Credit providers and credit reporting agencies must comply with the provisions concerning consumer credit information in Part IIIA of the Privacy Act;
- Tax File Numbers
- Everyone who handles tax file numbers must comply with the Tax File Number Guidelines; and
- Health and medical research
It applies to all private sector health service providers across Australia.
A health service provider is defined as:
... a person or entity who provides a health service and holds health information, even if providing a health service is not their primary activity.
Health service providers are covered by the Privacy Act for all activities involving the handling of personal information, not just activities that relate to providing a health service.
- The Privacy Act does not apply to public hospitals and other state and territory public sector health service providers.