Who is covered by the Privacy Act 1988 in Australia?
The Privacy Act 1988 (Cth) applies to Australian Government agencies, private sector organisations with an annual turnover of more than $3 million, and all private health service providers regardless of size. Small businesses with a turnover under $3 million are generally exempt unless they handle health information, operate as a contracted service provider to government, or trade in personal information.
What are the 13 Australian Privacy Principles?
The 13 Australian Privacy Principles (APPs) set out how organisations must handle personal information. They cover open and transparent management of personal information, anonymity and pseudonymity options, collection of solicited and unsolicited information, notification of collection, use and disclosure, direct marketing, cross-border disclosure, government-related identifiers, data quality and security, access, and correction.
How do I request access to my personal information held by an organisation?
Under APP 12, you have the right to request access to personal information an organisation holds about you. Submit a written request to the organisation identifying the information you want. The organisation must respond within 30 days and either provide access or give reasons for any refusal. They cannot charge you a fee just to make the access request, though a reasonable fee for providing access may apply.
How do I request correction of inaccurate personal information?
Under APP 13, you can request that an organisation correct personal information it holds about you that is inaccurate, out of date, incomplete, irrelevant, or misleading. Submit a written correction request. The organisation must respond within 30 days and either make the correction or explain why it refuses. If it refuses you can request that a note of your request be associated with the record.
How do I make a complaint to the Office of the Australian Information Commissioner?
You must first complain directly to the organisation whose conduct you are concerned about and allow them a reasonable time to respond — usually 30 days. If you are not satisfied with the response, or if the organisation fails to respond, you can lodge a complaint with the OAIC at oaic.gov.au. The OAIC complaint process is free and does not require a lawyer.
What happens during OAIC conciliation?
The OAIC will assess your complaint and may attempt conciliation between you and the organisation. A conciliator facilitates a confidential discussion to explore a resolution which may include an apology, changes to the organisation's practices, or compensation. If conciliation fails the OAIC Commissioner can make a determination on the complaint. Determinations can include orders to pay compensation for non-economic loss.
What is the mandatory data breach notification scheme in Australia?
Under Part IIIC of the Privacy Act 1988, organisations covered by the Act must notify both the OAIC and affected individuals when an eligible data breach occurs. An eligible data breach is one that is likely to result in serious harm to one or more individuals whose personal information was involved. Notification must occur as soon as practicable after the organisation is aware of the breach.
Are there state health privacy laws that apply in addition to the Commonwealth Privacy Act?
Yes. Victoria has the Health Records Act 2001 (Vic) which covers health information held by both the public and private sectors in Victoria. NSW has the Health Records and Information Privacy Act 2002 (NSW). These state laws operate alongside the Commonwealth Privacy Act and may provide additional rights. The relevant state Health Complaints Commissioner handles complaints under state health privacy legislation.
Does any part of the privacy complaint process in Australia require notarization?
No. Access requests, correction requests, and OAIC complaint forms do not require notarization. They are submitted in writing with your signature. The OAIC accepts complaints by online form, post, or email. No sworn or notarized documents are required at any stage of the complaint process.
How does uplaw.ai help with a privacy complaint in Australia?
Tell uplaw.ai about the organisation involved, what personal information they hold, and what they have done with it that concerns you. We help you draft an access or correction request, prepare an internal complaint to the organisation, and if necessary assist you in completing an OAIC complaint form.
Free to start
Privacy problem in Australia? Tell uplaw.ai what happened.
No account required. uplaw.ai helps you prepare an access request, correction request, or OAIC complaint.