The Privacy Act 1988 (Cth) exists to restrain the disclosure and use of personal information about individuals by business, government and a range of non-profit entities. It does not restrict the use and passage of information by individuals about each other, or the receipt of information. There is no law against ordinary conversations.


The Act is structured so that the core elements – the Australian Privacy Principles – are grouped together and made operational by a few key sections that refer to them. The Australian Privacy Principles (APP’s) were introduced in 2014 to replace the dual system of Information Privacy Principles and National Privacy Principles. One was for government and one was for the private sector. Now both government and private entities must adhere to the one set of 13 principles.


This overview is based mostly on a guide to the Privacy Act 1988 by the Office of the Australian Information Commissioner: Australian Privacy Principles Guidelines, Privacy Act 1988, Office of the Australian Information Commissioner, Canberra, 2015. It also draws on the Act itself and other publications.

Privacy Law