Privacy Act 1988
In plain English
The Privacy Act 1988 sets rules for how Australian organisations handle personal information.
This Act regulates how Australian organisations and the Australian Government handle personal information. It applies to businesses, not-for-profits, and government agencies. Organisations must handle information fairly and respectfully. They need to follow the Australian Privacy Principles. The Act came into force in 1988.
Why it matters
Handling personal information correctly builds trust with customers. Non-compliance can damage reputation. Understanding this Act is vital for all Australian businesses.
AI-assisted summary, grounded in the source link below. Generated 2026-05-23 via gemma3:12b.
Summary
Federal privacy Act. Schedule 1 contains the 13 Australian Privacy Principles. Part IIIA — credit reporting. Part IIIC — Notifiable Data Breaches scheme. 2024 amendments added doxxing criminal offence + statutory tort + enhanced penalties (up to $50M / 30% turnover); ADM transparency and the Children's Online Privacy Code commence 10 December 2026. Removal of the small business exemption is proposed for a future reform tranche — not yet law.
Topics
Administered by
Source: https://www.legislation.gov.au/C2004A03712/latest. Rules Mate summarises and links; we don't republish full statutory text. Always verify against the live source before acting.