Australian Privacy Act compliance with RecordPoint

The Australian Privacy Act (Privacy Act) is the principle law governing the handling of personal information about individuals.

First passed in 1988, the law initially covered only how Australian government agencies handled the data of their citizens during regular operations. From 2001, it began to cover private organizations as well, and has evolved in the past 20 years to add new controls and coverage throughout Australia. With RecordPoint, organizations can be confident in their compliance with this critical law.

What is the Australia Privacy Act?

The Australian Privacy Act was initially passed in 1988 to fulfill Australia's agreement to implement the Organization for Economic Cooperation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, as well as meet its obligations under Article 17 of the International Covenant on Civil and Political Rights.

The Privacy Act was passed to put in guardrails around how government agencies and certain private sector companies should manage the personal data of Australia and Norfolk Island citizens. The Act is the principal piece of Australian legislation protecting the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information in the federal public sector and in the private sector.

All Australian government agencies need to comply with the act. In terms of businesses, they need to comply with the Privacy Act in general if they have more than A$3 million in annual turnover. Healthcare providers, credit reporting agencies, or companies who trade in personal information need to comply with the Act regardless of annual turnover.

The Act has been revised several times over the years, with the most recent amendments made in November 2024. The Privacy and Other Legislation Amendment Act 2024 revised the Privacy Act in accordance with the review of the Privacy Report completed in 2023.

New additions to the Act as of November, 2024:

  • A new statutory tort to address serious invasions of privacy
  • Development of a Children's Online Privacy Code to better protect children from a range of online harms, supported by an additional A$3 million over three years to the Office of the Australian Information Commissioner for it to develop this important Code
  • Greater transparency for individuals regarding automated decisions that affect them
  • Streamlined information sharing in the case of an emergency or eligible data breach, while ensuring that information is appropriately protected
  • Stronger enforcement powers for the Australian Information Commissioner

These reforms are meant to improve the control Australians have over their personal data, and also include a new criminal offense related to doxxing. This new criminal charge makes the penalties stronger for maliciously releasing personal information online.

How can businesses comply with the Australia Privacy Act?

The most significant action that business can take to comply with the Privacy Act is to follow the 13 Australian Privacy Principles. These principles, introduced in 2014, outline how the Australian government or covered organization should protect the privacy of Australian citizens. These privacy principles include:  

How RecordPoint can help

RecordPoint is designed with key features designed to assist with Australian Privacy Act compliance. These features include:

Data minimization

Proactively dispose of data you don’t need with custom retention policies that make minimization effortless.

AI classification

Use AI to classify data instantly, so you know exactly where sensitive data lives and how to protect it.

Data discovery

Discover where all your data lives to get a comprehensive picture of your data estate, so you can better understand and protect it.

Penalties for non-compliance

For serious or repeated privacy breaches under the Australian Privacy Act, individuals can face penalties of up to $2.5 million AUD, while companies can be fined up to $50 million AUD, three times the benefit obtained from the breach, or 30% of their adjusted turnover, whichever is greater.

Frequently asked questions

Have another question? Looking for more details? Reach out to our friendly team who will be happy to help.

Contact us
What kind of data is covered under the Australian Privacy Act?
What businesses are covered under the Australian Privacy Act?