Privacy Act 1988
The Australian federal law that governs how organisations collect, use, disclose and protect personal information.
In detail
The Privacy Act 1988 sets out the Australian Privacy Principles (APPs), which apply to most Australian businesses with annual turnover above $3 million plus all health service providers and certain other categories regardless of size. The APPs cover open and transparent handling of personal information, anonymity and pseudonymity, collection limits, use and disclosure rules, cross-border disclosure, data quality, security and the right of individuals to access and correct their information. The Office of the Australian Information Commissioner (OAIC) enforces the Act. Reforms expanding scope and penalties have been progressing through 2023-2026.
Why it matters for Australian business
Almost every AI deployment in Australia touches personal information at some point. Knowing whether your business is APP-bound, how each AI tool handles data, where data crosses borders, and what your obligations are if a breach occurs is the foundation of a defensible AI position. We work this into every AI Readiness Audit and Data and Privacy Advisory engagement.