Written By Sunil Chandna
Updated on Oct 29, 2021
Min Reading 3 Min
Oct 29, 2021
Australia’s Privacy Act 1988: An Insight
Concerns over the privacy of personal information have been a subject of much debate in recent times. In the current digital age, consumers are wary of sharing their personal information with private organizations and even with public agencies owing to their concerns of data breaches or misuse. Growing cases of data theft, leakage, and rising concerns of the public across the globe, several nations have enacted or are proposing data privacy and protection legislation. The Government of Australia took the initiative of enacting an overarching data privacy law way back in the late ’80s which is referred to as the Privacy Act 1988. The government of Australia is also proposing more stringent legislation to safeguard the privacy of its citizen that will further strengthen the Australian Privacy Act of 1988 with more stringent penalties (from existing maximum of $2.1 million to $10 million), enforcements, and obligations to private and public businesses ad agencies.
A Brief About the Privacy Act
Adhering to its commitments made to the Organization for Economic Cooperation and Development (OECD), Australia passed the Privacy Act in 1988. Also cited as the Privacy Act 1988, it came into effect in 1989. Since then, the Act has undergone several amendments to expand its scope. The Act outlines 13 Australian Privacy Principles (APPs) to be followed by the Australian government agencies and certain private sector organizations, with an annual turnover of AUD 3 million, with regards to the promotion and protection of the privacy of the personal information of individuals. Hence, most small businesses do not fall under its scope.
However, this turnover limit does not apply to health service providers, personal information service providers, credit reporting bodies, operators of residential tenancy databases, businesses conducting protection action ballots, and other businesses listed by the government. Additionally, the Privacy Act includes the privacy component of the consumer credit report systems, tax file numbers, and health and medical research reports within its scope.
Non-compliance with the Privacy Act can attract huge fines and severe penalties, as outlined in a later section in the article.
Primary Objectives of the Privacy Act
The primary objectives of the Privacy Act are:
Key Provisions of the Privacy Act 1988:
Under the Privacy Act of 1988, provisions have been laid out for the collection, use, and protection of private information of individuals by government agencies as well as certain private sector organizations and businesses. These provisions are defined for both the federal and the state levels.
Amendments to the Privacy Act
Since the enactment of the Act in 1988, several amendments and changes took place from time to time to expand the coverage of the Act. Some of the key amendments are as follows:
Key Requirements for Businesses and Organizations
The Privacy Act 1988 has laid down several provisions and guidelines, for businesses and organizations, which are required to be strictly followed by them.
Penalties for Non-Compliance of the Privacy Act
The penalties levied under the Privacy Act for breach of the provisions are severe and have been amended by the Australian government. Any entity covered under the act who is found to be in serious or repeated interference with or breach of privacy of an individual may be fined a maximum of $2.1 million.
As per the recent Online Privacy Bill dated 25 October, 2021, the defaulting entity is now proposed to be levied a harsh fine of a maximum of $10 million, or 3 times the value of benefit accrued through misconduct and repeated interference with privacy of citizens, or 10% of the entity’s domestic annual turnover.
Data Erasure: An Easy Way to Comply With Privacy Act 1988
The Privacy Act 1988 has laid down several provisions for businesses and organizations for collecting, using, and protecting the data of individuals. They are bound to protect the personal information of their customers against any misuse, theft, unauthorized access, and disclosure. One of the major provisions of the Act is that if businesses or organizations don’t require the data, they are legally bound to destroy or de-identify such data.
To solve this issue, organizations can take the help of a professional data erasure tool such as BitRaser to safely wipe the sensitive information at the time of IT asset disposal, helping them meet the data privacy obligations of the Australian Privacy Act.
Australia’s Privacy Act 1988 is one of the precursors of data privacy laws in the world that addressed the core concerns of protection and promotion of the right of an individual to their data privacy, data breach, and the obligation on business (data processors) to have informed consent. The Privacy Act 1988 intends to serve as an effective safeguard against the potential misuse of personal data shared with a private and public organization. Businesses and private organizations that fall under its purview must ensure that they comply with the provisions of the Act to avoid the penalties and retain the trust of their clients and individual consumers. In addition, there is a major provision under the Act that mandates destroying of information, if not required. This can be easily complied with, by taking the help of a specialized data erasure tool.
BitRaser is NIST Certified
|US Department of Defense, DoD 5220.22-M (3 passes)|
|US Department of Defense, DoD 5200.22-M (ECE) (7 passes)|
|US Department of Defense, DoD 5200.28-STD (7 passes)|
|Russian Standard – GOST-R-50739-95 (2 passes)|
|B.Schneier’s algorithm (7 passes)|
|German Standard VSITR (7 passes)|
|Peter Gutmann (35 passes)|
|US Army AR 380-19 (3 passes)|
|North Atlantic Treaty Organization-NATO Standard (7 passes)|
|US Air Force AFSSI 5020 (3 passes)|
|Pfitzner algorithm (33 passes)|
|Canadian RCMP TSSIT OPS-II (4 passes)|
|British HMG IS5 (3 passes)|
|Pseudo-random & Zeroes (2 passes)|
|Random Random Zero (6 passes)|
|British HMG IS5 Baseline standard|
|NAVSO P-5239-26 (3 passes)|
|NCSG-TG-025 (3 passes)|
|5 Customized Algorithms & more|