Relevant legislation

The Privacy Act 1988 (Cth) (Act) is the main act governing privacy law in Australia as a whole. There are also local State Acts that cover privacy for health records and some government and semi-government record keeping.

The Act is designed to protect individuals’ privacy and mandate the acquisition, handling, and storage of PI (PI).

Individuals within Australia must be informed:

• why their PI is being obtained;
• how their PI will be used by the party collecting it; and
• who their PI will be disclosed to.

Personal Information

“Personal information” is “information or an opinion about an identified individual, or an individual who is reasonably identifiable:

• whether the information or opinion is true or not; and
• whether the information or opinion is recorded in a material form or not”.

Some examples of PI include:

• an individual’s name
• date of birth;
• address; and
• details of employment.

PI could also include information about the individual, for example their attitude and opinion.

Compliance with the Privacy Law

The Act requires the compliance of “APP Entities”.

An “APP Entity” includes an individual, a body corporate, a partnership, any other unincorporated association, or a trust. A Government entity may also be considered an APP Entity in certain circumstances.

An APP Entity does not, however, include most small business operators.

Small business operators are those that have a business with an annual turnover of $3million or less for a financial year., unless section 6D of the Act applies.  In this case, a small business operator will be considered an APP Entity and need to comply with the Act) if the business:

• provides a health service and holds health information other than in an employee record;
• discloses PI about an individual for a benefit, advantage, or service; or
• is a contracted service provider for a Commonwealth contract.

Blog by SLS Principal, Andrew Fish