Reform has turned a veteran law into a serious enforcement regime.
Australia's Privacy Act and its thirteen Australian Privacy Principles govern how organisations handle personal information, with penalties raised dramatically after recent high-profile breaches. Ongoing reform keeps tightening the regime, so programmes built for yesterday's thresholds need revisiting.
At a glance
Who it catches
Australian organisations above the turnover threshold, plus foreign companies carrying on business in Australia
Penalties
For serious interferences with privacy: up to AU$50 million, three times the benefit obtained, or 30% of adjusted turnover
Regulator
Office of the Australian Information Commissioner (OAIC)
Key concepts
Thirteen APPs, Notifiable Data Breaches scheme, cross-border disclosure accountability
What it requires
The obligations that matter in practice.
- Compliance with the thirteen Australian Privacy Principles end to end
- An up-to-date, clearly expressed privacy policy
- Notifiable data breach assessment and reporting to the OAIC
- Accountability for overseas disclosures of personal information
- Direct marketing controls under APP 7
How we help
Where our practice comes in.
FAQ
Common Privacy Act (Australia) questions.
Quite possibly. Carrying on business in Australia does not require a local entity, and reforms have removed earlier loopholes. If Australians are a real customer segment, the Act belongs on your compliance map.
Start here
Tell us what you're dealing with.
Pick the service that sounds closest, or just describe the situation. You'll get an honest reply within 24 hours: where you stand, what actually needs doing, and whether we're the right fit for it.
Prefer to talk? Book a free 30-min callEmail: abhishek.adv@yahoo.com
LinkedIn: linkedin.com/in/abhishekbansiwal
Working with clients across the EU, UK, US, India, and beyond. See the privacy notice for how enquiries are handled.