Privacy Act 1988: Difference between revisions
Add 2014 amendments section, also the article should discuss the act in its present form, not its original form. |
m Disambiguating links to Office of the Privacy Commissioner (link changed to Office of the Australian Information Commissioner) using DisamAssist. |
||
(7 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
{{Short description|Act of the Parliament of Australia}} |
|||
{{Politics of Australia sidebar}} |
{{Politics of Australia sidebar}} |
||
{{Use Australian English|date=May 2018}} |
{{Use Australian English|date=May 2018}} |
||
{{Use dmy dates|date=May 2018}} |
{{Use dmy dates|date=May 2018}} |
||
{{Update|date=June 2014}}<!-- for 2014 changes. See talk page --> |
{{Update|date=June 2014}}<!-- for 2014 changes. See talk page --> |
||
{{Infobox legislation |
|||
⚫ | |||
| short_title = ''Privacy Act 1988'' |
|||
⚫ | Section 14 of the Act stipulates a number of [[Privacy in Australian law|privacy]] rights known as the Australian Privacy Principles (APPs). These principles apply to Australian Government and [[Australian Capital Territory]] agencies or private sector organizations contracted to these governments, organizations and small businesses who provide a health service, as well as to private |
||
| legislature = [[Parliament of Australia]] |
|||
| date_enacted = 1988 |
|||
| image = Coat of Arms of Australia.svg |
|||
| long_title = An Act to make provision to protect the privacy of individuals, |
|||
and for related purpose |
|||
| introduced_by = <!-- MP name --> |
|||
| enacted_by = [[Australian House of Representatives|House of Representatives]] |
|||
| 1st_reading = |
|||
| 2nd_reading = |
|||
| 3rd_reading = |
|||
| amendments = |
|||
| citation = [https://www.legislation.gov.au/Details/C2014C00076 ''Privacy Act 1988''] |
|||
| administered_by = [[Office of the Australian Information Commissioner]] |
|||
| related = |
|||
| status = Amended |
|||
}} |
|||
⚫ | |||
⚫ | Section 14 of the Act stipulates a number of [[Privacy in Australian law|privacy]] rights known as the Australian Privacy Principles (APPs). These principles apply to Australian Government and [[Australian Capital Territory]] agencies or private sector organizations contracted to these governments, organizations and small businesses who provide a health service, as well as to private organizations with an annual turnover exceeding AUD$3M (with some specific exceptions).<ref name=":0">{{cite web | url=http://www.privacy.gov.au/business/health | title=Home }}</ref> The principles govern when and how [[personal information]] can be collected by these entities. Information can only be collected if it is relevant to the agencies' functions. Upon this collection, that law mandates that Australians have the right to know why information about them is being acquired and who will see the information. Those in charge of storing the information have obligations to ensure such information is neither lost nor exploited. An Australian will also have the right to access the information unless this is specifically prohibited by law.<ref name=":0" /> |
||
==2000 amendments== |
==2000 amendments== |
||
Line 10: | Line 29: | ||
==2014 amendments== |
==2014 amendments== |
||
The Australian Privacy Principles (APPs) replaced the National Privacy Principles and Information Privacy Principles on 12 March 2014 via the Privacy Amendment (Enhancing Privacy Protection) Act 2012, which amended the Privacy Act 1988.<ref>{{Cite web|title=Read the Australian Privacy Principles|url=https://www.oaic.gov.au/privacy/australian-privacy-principles/read-the-australian-privacy-principles/|access-date=2022-05-28|website=OAIC|language=en-AU}}</ref> |
The Australian Privacy Principles (APPs) replaced the National Privacy Principles and Information Privacy Principles on 12 March 2014 via the Privacy Amendment (Enhancing Privacy Protection) Act 2012, which amended the Privacy Act 1988.<ref name=":1">{{Cite web|title=Read the Australian Privacy Principles|url=https://www.oaic.gov.au/privacy/australian-privacy-principles/read-the-australian-privacy-principles/|access-date=2022-05-28|website=OAIC|language=en-AU}}</ref> The Act was further amended in 2017 and December 2022, significantly enhancing the protection of privacy in Australia. These amendments included increased maximum penalties for data breaches and enhanced enforcement powers for the Office of the Australian Information Commissioner (OAIC). |
||
The Privacy Act Review commenced in 2020 following recommendations by the Australian Competition and Consumer Commission in its 2019 Digital Platforms Inquiry – Final Report.<ref>{{Cite web |title=Privacy {{!}} Attorney-General's Department |url=https://www.ag.gov.au/rights-and-protections/privacy}}</ref> On 28 September 2023, the Australian Government released its response to the Privacy Act Review Report, committing to further modernizing privacy regulations. |
|||
==State legislation== |
==State legislation== |
||
Privacy principles that are |
Privacy principles that are the same as the NPPs are also included in the legislation applying to the public sectors of some Australian States and Territories, namely the ''Information Privacy Act 2000'' ([[Victoria (Australia)|Victoria]]), ''Information Act 2002'' ([[Northern Territory]]), ''Personal Information Protection Act 2004'' ([[Tasmania]]), and the ''Health Records and Information Privacy Act 2002'' ([[New South Wales]]). |
||
==Administration== |
==Administration== |
||
Australia's privacy principles, |
Australia's privacy principles, the APPs, depend upon the meaning of "personal information" (as defined in Privacy Act 1988 s6). This term has not yet been interpreted in a restrictive way as has been "personal data" in the UK ''Durant'' case.<ref>''John Durant v Financial Services Authority'' [2003] EWCA Civ 1746, Case no: B2/2002/2636 http://www.bailii.org/ew/cases/EWCA/Civ/2003/1746.html </ref> |
||
The Privacy Act creates an [[Office of the Privacy Commissioner]] and a Privacy Commissioner<ref |
The Privacy Act creates an [[Office of the Australian Information Commissioner|Office of the Privacy Commissioner]] and a Privacy Commissioner<ref name=":1" /> in Australia. The OAIC is responsible for investigating breaches of the Australian Privacy Principles (APPs) and credit reporting provisions. The OAIC’s powers include accepting enforceable undertakings, seeking civil penalties in the case of serious or repeated breaches of privacy, and conducting assessments of privacy performance for both Australian Government agencies and businesses. Section 36 of the Act states that Australians may appeal to this Commissioner if they feel their privacy rights have been compromised, unless the privacy was violated by an organization that has its own dispute resolution mechanisms under an approved Privacy Code. The Commissioner, who may decide to investigate complaints and, in some cases must investigate, can under section 44 obtain relevant evidence from other people. There is no appeal to a Court or Tribunal against decisions of the Commissioner except in limited circumstances. Section 45 of the Privacy Act allows the Commissioner to interview the people themselves, and the people might have to swear an [[oath]] to tell the truth. Anyone who fails to answer the Commissioner may be subject to a fine of up to $2,000 and/or year-long [[imprisonment]] (under section 65). Under section 64 of the Privacy Act, the Commissioner is also given immunity against any lawsuits that he or she might be subjected to for the carrying out of their duties. |
||
If the Commissioner will not hear a complaint, an Australian may receive legal assistance under section 63. If a complaint is taken to the [[Federal Court of Australia]], in certain circumstances others may receive legal assistance. |
If the Commissioner will not hear a complaint, an Australian may receive legal assistance under section 63. If a complaint is taken to the [[Federal Court of Australia]], in certain circumstances others may receive legal assistance. |
||
Line 34: | Line 55: | ||
==External links== |
==External links== |
||
* [https://www.legislation.gov.au/Latest/C2004A03712 Privacy Act 1988] in the [[d:Q57686106|Federal Register of Legislation]] |
|||
* [http://www.austlii.edu.au/au/legis/cth/consol_act/pa1988108/ Full text of the Privacy Act 1988], Australasian Legal Information Institute, URL accessed 6 May 2006. |
* [http://www.austlii.edu.au/au/legis/cth/consol_act/pa1988108/ Full text of the Privacy Act 1988], Australasian Legal Information Institute, URL accessed 6 May 2006. |
||
* [http://www.privacy.gov.au/materials/types/infosheets/view/6583 National Privacy Principles], Office of the Australian Information Commissioner, URL accessed 12 June 2011. |
* [http://www.privacy.gov.au/materials/types/infosheets/view/6583 National Privacy Principles], Office of the Australian Information Commissioner, URL accessed 12 June 2011. |
Latest revision as of 20:39, 9 August 2024
This article is part of a series on the |
Politics of Australia |
---|
Constitution |
Australia portal |
This article needs to be updated.(June 2014) |
Privacy Act 1988 | |
---|---|
Parliament of Australia | |
| |
Citation | Privacy Act 1988 |
Enacted by | House of Representatives |
Enacted | 1988 |
Administered by | Office of the Australian Information Commissioner |
Status: Amended |
The Privacy Act 1988 is an Australian law dealing with privacy. Section 14 of the Act stipulates a number of privacy rights known as the Australian Privacy Principles (APPs). These principles apply to Australian Government and Australian Capital Territory agencies or private sector organizations contracted to these governments, organizations and small businesses who provide a health service, as well as to private organizations with an annual turnover exceeding AUD$3M (with some specific exceptions).[1] The principles govern when and how personal information can be collected by these entities. Information can only be collected if it is relevant to the agencies' functions. Upon this collection, that law mandates that Australians have the right to know why information about them is being acquired and who will see the information. Those in charge of storing the information have obligations to ensure such information is neither lost nor exploited. An Australian will also have the right to access the information unless this is specifically prohibited by law.[1]
2000 amendments
[edit]The Privacy Act was amended in 2000 to cover the private sector. Schedule 3 of the Privacy Act sets out a significantly different set of privacy principles, the National Privacy Principles (NPPs). These apply to private sector organizations (including not for profit organizations) with a turnover exceeding three million dollars, other than health service providers or traders in personal information. These principles extend to the transfer of personal information out of Australia.[2]
2014 amendments
[edit]The Australian Privacy Principles (APPs) replaced the National Privacy Principles and Information Privacy Principles on 12 March 2014 via the Privacy Amendment (Enhancing Privacy Protection) Act 2012, which amended the Privacy Act 1988.[3] The Act was further amended in 2017 and December 2022, significantly enhancing the protection of privacy in Australia. These amendments included increased maximum penalties for data breaches and enhanced enforcement powers for the Office of the Australian Information Commissioner (OAIC).
The Privacy Act Review commenced in 2020 following recommendations by the Australian Competition and Consumer Commission in its 2019 Digital Platforms Inquiry – Final Report.[4] On 28 September 2023, the Australian Government released its response to the Privacy Act Review Report, committing to further modernizing privacy regulations.
State legislation
[edit]Privacy principles that are the same as the NPPs are also included in the legislation applying to the public sectors of some Australian States and Territories, namely the Information Privacy Act 2000 (Victoria), Information Act 2002 (Northern Territory), Personal Information Protection Act 2004 (Tasmania), and the Health Records and Information Privacy Act 2002 (New South Wales).
Administration
[edit]Australia's privacy principles, the APPs, depend upon the meaning of "personal information" (as defined in Privacy Act 1988 s6). This term has not yet been interpreted in a restrictive way as has been "personal data" in the UK Durant case.[5]
The Privacy Act creates an Office of the Privacy Commissioner and a Privacy Commissioner[3] in Australia. The OAIC is responsible for investigating breaches of the Australian Privacy Principles (APPs) and credit reporting provisions. The OAIC’s powers include accepting enforceable undertakings, seeking civil penalties in the case of serious or repeated breaches of privacy, and conducting assessments of privacy performance for both Australian Government agencies and businesses. Section 36 of the Act states that Australians may appeal to this Commissioner if they feel their privacy rights have been compromised, unless the privacy was violated by an organization that has its own dispute resolution mechanisms under an approved Privacy Code. The Commissioner, who may decide to investigate complaints and, in some cases must investigate, can under section 44 obtain relevant evidence from other people. There is no appeal to a Court or Tribunal against decisions of the Commissioner except in limited circumstances. Section 45 of the Privacy Act allows the Commissioner to interview the people themselves, and the people might have to swear an oath to tell the truth. Anyone who fails to answer the Commissioner may be subject to a fine of up to $2,000 and/or year-long imprisonment (under section 65). Under section 64 of the Privacy Act, the Commissioner is also given immunity against any lawsuits that he or she might be subjected to for the carrying out of their duties.
If the Commissioner will not hear a complaint, an Australian may receive legal assistance under section 63. If a complaint is taken to the Federal Court of Australia, in certain circumstances others may receive legal assistance.
Review of the Act
[edit]The Australian Law Reform Commission completed an inquiry into the state of Australia's privacy laws in 2008. The Report entitled For Your Information: Australian Privacy Law and Practice[6][7] recommended significant changes be made to the Privacy Act, as well as the introduction of a statutory cause of action for breach of privacy.[8] The Australian Government committed in October 2009 to implementing a large number of the recommendations that the Australian Law Reform Commission had made in its report.[9]
See also
[edit]- Telecommunications (Interception and Access) Act 1979
- Telecommunications Act 1997
- Surveillance Devices Act 2004
References
[edit]- ^ a b "Home".
- ^ "History of the Privacy Act". OAIC. Retrieved 8 November 2020.
- ^ a b "Read the Australian Privacy Principles". OAIC. Retrieved 28 May 2022.
- ^ "Privacy | Attorney-General's Department".
- ^ John Durant v Financial Services Authority [2003] EWCA Civ 1746, Case no: B2/2002/2636 http://www.bailii.org/ew/cases/EWCA/Civ/2003/1746.html
- ^ ALRC Report For Your Information: Australian Privacy Law and Practice Archived 2012-08-05 at archive.today
- ^ ALRC Australia must rewrite privacy laws for the Information Age, 1 August 2008
- ^ ALRC List of Recommendations
- ^ "Government gives giant 'tick' to ALRC privacy recommendations". Australian Law Reform Commission. 14 October 2009. Archived from the original on 26 January 2010.
External links
[edit]- Privacy Act 1988 in the Federal Register of Legislation
- Full text of the Privacy Act 1988, Australasian Legal Information Institute, URL accessed 6 May 2006.
- National Privacy Principles, Office of the Australian Information Commissioner, URL accessed 12 June 2011.
- Information Privacy Principles, Office of the Australian Information Commissioner, URL accessed 12 June 2011.