Overview of the Privacy Act 1988 and Australian Privacy Principles

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/36

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

37 Terms

1
New cards

Privacy Act 1988 (Cth)

Federal legislation in Australia that regulates the handling of personal information and establishes the Australian Privacy Principles (APPs).

2
New cards

Objectives of the Privacy Act

Promote privacy protection, balance privacy with business interests, ensure consistent national rules, encourage responsible information handling, support efficient credit reporting, enable safe international data flows, provide complaint processes, meet international commitments.

3
New cards

APP Entities

Organisations (government and private) to which the Privacy Act applies, excluding most small businesses with a turnover of $3 million or less.

4
New cards

Australian Privacy Principles (APPs)

A set of 13 legally enforceable principles under the Privacy Act that regulate the handling of personal information by APP entities.

5
New cards

APP 1

Businesses must manage personal information openly, have a privacy policy, and a complaints-handling process.

6
New cards

APP 2

Individuals must be able to interact anonymously or with a pseudonym when practicable.

7
New cards

APP 3

Personal information must only be collected when necessary for business functions; sensitive information requires consent.

8
New cards

APP 4

Unsolicited personal information must be destroyed or de-identified if it could not have been lawfully collected.

9
New cards

APP 5

Individuals must be notified when their personal information is collected.

10
New cards

APP 6

Personal information must not be used or disclosed for other purposes without consent.

11
New cards

APP 7

Direct marketing is restricted unless expected by the individual and opt-out is easy.

12
New cards

APP 8

Cross-border disclosures require steps to ensure overseas recipients comply with APPs.

13
New cards

APP 9

Regulates business use of government identifiers (e.g., Medicare numbers).

14
New cards

APP 10

Information must be kept accurate, up to date, and complete.

15
New cards

APP 11

Businesses must secure personal information and destroy it when no longer needed.

16
New cards

APP 12

Individuals have the right to access their personal information.

17
New cards

APP 13

Individuals have the right to request corrections to inaccurate personal information.

18
New cards

Digital and Non-Digital Application

APPs apply equally to digital (e.g., online forms) and paper-based records.

19
New cards

Personal Information (Definition)

Any information that identifies or could identify an individual, including names, IP addresses, biometrics, etc.

20
New cards

Sensitive Information

A special category of personal information requiring stricter protections, e.g., health data, political opinions, racial origin.

21
New cards

Consent Requirements

Must be informed, voluntary, current, and specific.

22
New cards

General Permitted Situations

Circumstances where information may be handled without consent, such as threats to life, missing persons, or legal claims.

23
New cards

Legal Status of APPs

Although called "principles," they are legally binding and enforceable.

24
New cards

Registered APP Codes

Custom privacy rules organisations can adopt instead of default APPs; must offer equivalent protection and be approved by the OAIC.

25
New cards

Breach of Registered APP Code

Considered a breach of the Privacy Act, just like breaching an APP.

26
New cards

OAIC (Office of the Australian Information Commissioner)

Regulates and enforces privacy rights, handles complaints, and investigates breaches under the Privacy Act.

27
New cards

Individual Rights under the Privacy Act

Individuals may lodge written complaints with the OAIC and request assistance in doing so.

28
New cards

Business Obligations for Data Breaches

Must report eligible data breaches to both the OAIC and affected individuals.

29
New cards

OAIC Powers (Since Dec 2022)

Can demand information about data breaches even if the business has not reported it.

30
New cards

OAIC Investigations

Can investigate complaints (s 40), decline them (s 41), and make binding determinations (s 52).

31
New cards

Civil Pecuniary Penalties

Apply for serious or repeated breaches: up to $2.5M for individuals; for companies, up to $50M, 3× benefit, or 30% turnover.

32
New cards

Example Enforcement by OAIC

Recent action against large companies like Medibank and Medlab Pathology for data breaches.

33
New cards

Interaction with Australian Consumer Law (ACL)

Privacy Act operates alongside ACL; breaches may also contravene consumer law provisions.

34
New cards

ACL Section 18(1)

Prohibits misleading or deceptive conduct.

35
New cards

ACL Section 29(1)

Prohibits false or misleading representations about goods or services.

36
New cards

Role of the ACCC

Enforces the ACL and plays a key role in addressing privacy-related misconduct.

37
New cards

ACL vs Privacy Act

Some argue consumer law (ACL) offers stronger enforcement tools for privacy than the Privacy Act.