Impact of the Privacy Act 1988 (Australia)

What is PRIVACY?

Privacy is defined as simply someone's right to keep their personal matters secret, or simply the state of being alone.


In the online context, however, a common understanding of privacy is the right to determine when, how, and to what extent personal data can be shared with others. 

Privacy as a Human Right

It is important to understand that privacy is a right. This has been recognised in the United Nations Universal Declaration of Human Rights, International Covenant on Civil and Political Rights, and European Convention on Human Rights.

Privacy is a fundamental value worthy of legal protection

Privacy is important to enable individuals to live a dignified, fulfilling, safe and autonomous life. It is an important element of the fundamental freedom of individuals that underpins their:

  • ability to form and maintain meaningful and satisfying relationships with others, including intimate and family relationships;
  • freedom of speech, thought and self-expression;
  • freedom of movement and association;
  • ability to engage in the democratic process;
  • freedom to engage in secure financial transactions;
  • freedom to develop and advance their own intellectual, cultural, artistic, property and physical interests; and
  • freedom from undue interference or harm by others. 


What is privacy?

2013 Community Attitudes to Privacy survey video

Privacy in Australia

How changes to privacy law affect you

The Privacy Act 1988 (Privacy Act) protects your personal information.

Personal information is information or an opinion that identifies you or could identify you. Some examples are your name, address, telephone number, date of birth, medical records, bank account details and opinions about you.

On 12 March 2014, changes to the Privacy Act commenced. These changes include a new set of Australian Privacy Principles (APPs), which set out how private sector organisations and Australian Government agencies (called entities), must handle your personal information.

The Australian Privacy Principles

Australian Privacy Principles (APPs) set out broad principles that govern the way in which personal information is to be collected, used, disclosed and stored.

The APPs, which are contained in schedule 1 of the Privacy Act 1988 (Privacy Act), outline how the following entities must handle, use and manage personal information.:

  • most Australian and Norfolk Island Government agencies,
  • all private sector and not-for-profit organisations with an annual turnover of more than $3 million,
  • all private health service providers, and
  • some small businesses (collectively called ‘APP entities’)

The principles cover:

  • the open and transparent management of personal information including having a privacy policy
  • an individual having the option of transacting anonymously or using a pseudonym where practicable
  • the collection of solicited personal information and receipt of unsolicited personal information including giving notice about collection
  • how personal information can be used and disclosed (including overseas)
  • maintaining the quality of personal information
  • keeping personal information secure
  • right for individuals to access and correct their personal information

Sensitive information

The APPs place more stringent obligations on APP entities when they handle ‘sensitive information’. Sensitive information is a type of personal information and includes information about an individual's:

  • health (including predictive genetic information)
  • racial or ethnic origin
  • political opinions
  • membership of a political association, professional or trade association or trade union
  • religious beliefs or affiliations
  • philosophical beliefs
  • sexual orientation or practices
  • criminal record
  • biometric information that is to be used for certain purposes
  • biometric templates.


APP1 – Open & transparent management of personal information

  • APP entities must take reasonable steps to implement practices, procedures and systems that ensure compliance with the APPs. This may include staff training, or establishing procedures to identify and manage privacy risks. This includes having a clearly expressed and up to date APP privacy policy and a system for handling privacy enquiries and complaints.

APP2 – Anonymity and pseudonymity

  • Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Some exceptions apply, for example where it would be impracticable for the organisation to deal with an unidentified individual.

APP3 – Collection of solicited personal information

  • Outlines new rules that apply to collection practices and notices when collecting personal information and/or sensitive information (such as health information). Higher standards are applied to the collection of sensitive information. The collection of personal information must be “reasonably necessary” for one or more of an organisation’s functions or activities.

APP4 – Dealing with unsolicited personal information

  • Outlines new rules on how to deal with unsolicited personal information, including when this information must be destroyed or de-identified.

APP5 – Notification of the collection of personal information

  • Deals with when, and in what circumstances an APP entity that collects personal information must notify an individual of when collecting their personal information. These matters include who the organisation is and how to contact it, the purpose of the collection, the consequences of non-collection and the complaint handling process.

APP6 – Use or disclosure of personal information

  • Outlines new rules as to when personal and sensitive information can be used or disclosed.

APP7 – Direct marketing

  • An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met. The new rules will require organisations to review their direct marketing practices, procedures and systems, including whether individuals are provided with an easy way to opt out of receiving direct marketing. This is subject to the operation of other direct marketing legislation, e.g. the Spam Act 2003.

APP8 – Cross border disclosure of personal information

  • Details the steps that an APP entity must take to protect personal information before it is disclosed overseas. Introduces an accountability approach for cross border disclosure and organisations may be accountable for a breach of APP’s by overseas recipients.

APP9 – Adoption, use or disclosure of government related identifiers

  • Outlines the new exceptions to the general prohibition against the adoption, use or disclosure of government related identifiers (e.g. a unique combination of letters and numbers used by a government agency, such as a Medicare number).

APP10 – Quality of personal information

  • Requires an APP entity to take reasonable steps to ensure that the personal information they collect, use or disclose is up to date, complete and accurate, and relevant for the purpose of the use or disclosure.

APP11 – Security of personal information

  • APP entities must take reasonable steps to protect personal information it holds from misuse, interference (including measures to protect against computer attacks), loss and from unauthorised access, modification or disclosure. An entity has an obligation to destroy or de-identify personal information in certain circumstances.

APP12 – Access to personal information

  • There are new rules on how an APP entity must respond to a request for access to and correction of personal information. Requests must be responded to within a reasonable timeframe and in the requested manner, where practicable. Charges for access to personal information must not be excessive or apply to the making of the request.

APP13 – Correction of personal information

  • Outlines an APP entity’s obligations regarding the correction of personal information, even if it has not received a request from an individual.

This presentation summarises the obligations in the Australian Privacy Principles. It also discusses the Privacy Commissioner’s regulatory powers, and his approach to using them. It is a useful training resource for people who are not familiar with the Privacy Act 1988 (Cth).

A version of this presentation was delivered by Este Darin-Cooper at a webinar on 7 May 2015, during Privacy Awareness Week. 

The collection of personal information

  • Under APP 3 you must not collect personal information unless it is reasonably necessary for one or more of your functions/activities.
  • APP 3 only allows you to collect personal information by lawful and fair means. Examples of unlawful collection might include computer hacking or using an unauthorised listening device.
  • Finally, you must collect personal information from the individual concerned, unless this is unreasonable or impracticable. 

How personal information is used

  • Under APP 6, you may use or disclose personal information for the primary purpose of collection. So what does that mean in practice? Essentially it means you can use or disclose personal information for the reason it was collected. However, if you want to use or disclose the information for another purpose (the secondary purpose), you can only do so where the individual consents or another exception applies. 

Access to personal information

  • If you hold information about an individual, APP 12 requires you to give the individual access to that information on request.
  • Where access is given under the Privacy Act, public sector agencies must respond within 30 days. Private sector organisations need to respond within a reasonable period.
  • Under APP 12, if you refuse to give access, or to give access in the manner requested, you must seek to take reasonable steps to give access in a way that meets your needs and the needs of the individual. 

Terms and Conditions May Apply - Official Trailer

Trailer: Terms and Conditions May Apply (2013)

Watch the trailer to the left and reflect on the following questions:

  • What questions about privacy does the film seem to raise?
  • How valuable do you think personal information is to companies like Facebook and Google? Explain.
  • What are some reasons for and against the use of personal information?
  • Think to yourself. At what point would you draw the line? Is there information that you would NEVER provide, no matter what you get for free?

Implications of identity theft

Identity theft to be used to describe the theft or assumption of a pre-existing identity (or significant part thereof), with or without consent and whether, in the case of an individual, the person is living or deceased

Identity  theft is a type of fraud that involves the compromise of identifying information that may or may not result in the misuse of such information by another person without authorisation. The theft of identifying information is also referred to as an “identity compromise”. The further usage of compromised information is also referred to as “identity misuse”. Identity theft can occur online or offline or a combination of both.  Common information targeted include driver licences, passports, and account details.

Identity crime to be used as a generic term to describe activities/offences in which a perpetrator uses a fabricated identity; a manipulated identity; or a stolen/assumed identity to facilitate the commission of a crime(s).

What does a criminal do with my personal information?

Once a criminal has the information they need they could:

        • apply for a credit card in your name
        • open a bank or building society account in your name
        • apply for other financial services in your name
        • run up debts (e.g. use your credit/debit card details to make purchase) or obtain a loan in your name
        • apply for any benefits in your name (e.g. housing benefit, new tax credits, income support, job seeker's allowance, child benefit)
        • apply for a driving licence in your name
        • register a vehicle in your name
        • apply for a job/employment in your name
        • apply for a passport in your name
        • apply for a mobile phone contract in your name.

How can I protect myself from becoming a victim of identity theft?

You can take some simple steps to reduce the risks of having your personal information stolen or misused:

        • secure your mail box with a lock and make sure mail is cleared regularly
        • shred or destroy your personal and financial papers before you throw them away, or keep them in a secure place if you wish to retain them
        • always cover the keypad at ATMs or on EFTPOS terminals when entering your PIN, and be aware of your surroundings— is anyone trying to observe or watch you, are there any strange or loose fixtures attached to the machine or terminal?
        • ensure that the virus and security software on your computers and mobile devices is up-to-date and current
        • don't use public computers (for instance, at an internet café), or unsecured wireless 'hotspots', to do your internet banking or payments
        • be cautious of who you provide your personal and financial information to—ensure that there is a legitimate reason to supply your details. Don't be reluctant to ask who will have access to your information and which third parties it may be supplied or sold to. Ask to see a copy of the Privacy Policy of the business before you supply your details
        • only use trusted online payment websites for items won at online auctions or purchased online. Never make payments outside of trusted systems—particularly for goods which you have not yet received
        • regularly review your bank statements and obtain a copy of your credit history report. Report any unauthorised transactions or entries ASAP
        • ask your bank or financial institution for a credit or debit card with an embedded 'micro-chip'—they are more secure than cards with only magnetic stripes
        • don’t respond to scam emails or letters promising huge rewards if bank account details are supplied, or in return for the payment of 'release fees' or 'legal fees'
        • if responding to an online employment or rental advertisement, be wary of transmitting personal information and copies of documents via email or electronically. If asked to attend an interview, do some prior research to confirm the legitimacy of the company or employment agency
        • in relation to social networking sites, always use the most secure settings. Take extreme care if placing personal details such as date of birth, address, phone contacts or educational details on your profile, and don’t accept unsolicited 'friend' requests
        • for other useful tips, refer to protecting your identity resources, published by the Attorney-General's Department.

How can I tell if I'm a victim of identity theft?

You may become a victim of identity theft if:

        • you have lost or had stolen important documents such as your passport or driving licence
        • mail expected from your bank has not arrived or you are receiving no post at all.

You may already be a victim of identity theft if:

        • items have appeared on your bank or credit card statements that you don’t recognise
        • you applied for a government benefit but are told that you are already claiming
        • you receive bills, invoices or receipts addressed to you for goods or services you haven't asked for
        • you have been refused a financial service, such as a credit card or a loan, despite having a good credit history
        • a mobile phone contract has been set up in your name without your knowledge
        • you have received letters from solicitors or debt collectors for debts that aren't yours.

Further Information:

Safe disposal of data

  • APP 11 requires you to take reasonable steps to protect personal information you hold. This includes protecting the information from interference, misuse and loss, and unauthorised access, modification and disclosure.
  • If you no longer need the information for any authorised purpose APP 11 actually requires you to take reasonable steps to destroy or de-identify information. 

Lee Lin Chin explains our deal with your data

Data to Go

Privacy Further information:

Privacy in the News:

Concept of the ‘digital divide’ and associated issues


A term used to describe the discrepancy between people who have access to and the resources to use new information and communication tools, such as the Internet, and people who do not have the resources and access to the technology. The term also describes the discrepancy between those who have the skills, knowledge and abilities to use the technologies and those who do not. The digital divide can exist between those living in rural areas and those living in urban areas, between the educated and uneducated, between economic classes, and on a global scale between more and less industrially developed nations.

Important links:

The Digital Divide

75 million Americans don’t have internet. Here’s what it’s like.

Availability of digital resources

The availability of digital resources can impact on Employment, Education and Electronic Commerce. Students may be of a disadvantage when studying in a low socioeconomic area. Funds may not be available to purchase digital resources needed to provide a high standard of education for student growth. Job seekers may not be able to locate a newly advertised position, access to a device or internet connection may not be possible. Electronic banking, Shopping online etc. may not be possible for some individuals without a digital device.

Cheaper technologies such as iPods, iPads, Laptops and other digital devices are closing the digital divide gap. This provides people with a chance to interact with society and perform daily activities.

Use of digital technologies

Individuals will need the knowledge and skills to use a digital device. Without computer literacy, individuals will not be able to use technology in an appropriate manner. The Australian Copyright Act 1968 ensures people are using information appropriately. Documentation created and shared online is someone else's property. Permission must be obtained to reuse material.

Availability of web-based applications

Google is leading the way in Virtual collaboration. Google Drive and Docs allow people to communicate with others, share resources and provide an easy and cost effective way to collaborate online. There are various web based applications available, Google is just one example of applications available online for people to use as a low cost or free version to complete required work and daily activities.

Concept of electronic commerce


electronic - having or operating with components such as microchips and transistors that control and direct electric currents

commerce - the activity of buying and selling

The concept of electronic commerce or e-commerce refers to commercial transactions conducted electronically via the Internet.

This dot point in the syllabus looks at how electronic commerce has impacted traditional (physical shop fronts) commerce. It also looks at the implications that technology has had to disrupt traditional commerce.

Implications of improved digital communications

Advancement in the Internet and information technologies has provided several opportunities and different channels for businesses to market their products and services. Deploying an effective targeted e-marketing campaign is an important strategic decision for businesses to stay competitive and to increase profitability. Digital communications provide an important platform for accessing the business information either via wired or wireless networks, such as mobile phones, PCs and laptops.

Positive implications for improved digital communications on e-commerce


Negative implications for improved digital communications on e-commerce


Implications of 24/7 communications

With the introduction of the internet, shops are now available online to consumers 24/7/365. From a consumer perspective, it has allowed customers to browse and purchase goods and services from anywhere at anytime. From a business perspective, it has opened the door to customers who previously could not make it to the physical store during store open hours (e.g. shift workers). On the downside, managing 24/7 communications, particular for small businesses, can be challenging.

Positive implications for 24/7 communications on e-commerce

Insert HTML Table

Negative implications for 24/7 communication on e-commerce

Insert HTML Table

Implications of online retail opportunities

E-commerce has provided retail opportunities that did not previously exist prior to the internet.

Positive implications for online retail opportunities for e-commerce

Insert HTML table

Negative implications for online retail opportunities for e-commerce

Insert HTML table

Issues related to the dependency of society upon electronic and visual communication in business

Technology has changed business in many ways, but its affect on communication is arguably the most significant. Indeed, communication through email, text messaging, instant messaging and even budding tools like social networking have been among the most profound effects of technology on every area of business. However, while technology did make business communications faster and easier, it has also made, at times, communication more distracting and less clear.

Faster Communication

Whether you need to speak with an employee who is traveling in another state or country or you need to communicate with your supplier half way around the world, technology allows you to do so instantaneously. In fact, thanks to email and text messages, you can now send messages to people in other time zones before you forget without worrying that you will wake them up. The Internet has allowed business people to communicate easily regardless of time zone and language issues.

Expanded Communication Opportunities

Technology allows individuals to communicate and carry on a business relationship without ever meeting face to face, so people in all parts of the world now have the chance to interact with a company in a rural part of the United States. For example, technology allowed for the emergence of the virtual assistant, a worker who completes tasks for her client online without having ever met him, in the 20th century.

Communication Must Be More Deliberate

Although technology has made communication instantaneous, so you don't have to spend hours planning and composing before you communicate and wait for a long period for the reply, it has also made planning deliberate communication periods more important. First, companies that do take advantage of telecommuting and virtual offices need to deliberately plan to communicate with individuals in teams to avoid employees losing touch and to make sure all are working toward the same goals. Second, even if you work in a physical office, instantaneous communication regarding quick decisions and memos cannot replace specific communication times where big decisions are discussed and progress reports given. However, when employees are communicating in multiple ways every day, it can be easy to forget to schedule these types of meetings.

Communication Is More Distracting

From constantly overhearing cell phone conversations, to the worker who is constantly emailing or texting you to the incessant "ding" of your office's instant messenger, communication tools that were designed to make you more productive can actually do the opposite. Instant communication can make it harder for workers to deal with one task at a time when their work is constantly being interrupted by comments and questions that relate to other projects or even personal issues. In fact, some employees must make an effort to turn off communication devices while they work to meet deadlines. 

Technology's Negative Impact on Business

by Samantha Hanly; Updated June 28, 2018

Technology has positive affects on global business. The Internet makes it possible for people to communicate easily with associates in other countries. Ecommerce makes it possible for consumers to purchase almost anything from almost anywhere. And the flow of information is fast and often free once you have paid for Internet access. However, technology also has negative impacts on business.

Business Relationships

Internet technology -- such as chat rooms, Skype and other software -- has made it possible to hold meetings without all parties being physically present in the same place. A drawback is that meeting with somebody over the Internet is much less personal than meeting face-to-face.

It's ironic that while 24/7 connectivity has improved customer service, it has been detrimental to the office environment. Internet technology in business decreases the personal aspect of business relationships. Business people used to network in restaurants and on golf courses. Today, the lack of physical proximity decreases brainstorming and other communications that use a personal touch.

Employee Morale

Installing monitoring software in the workplace sends the message to employees that the company does not trust them, according to research done under the aegis of professor Howard Besser while teaching at New York University.

In a Pew Research Study about the effect of the internet on their work, nearly half of the employees who responded said their employers block their access to some websites. This was an increase over when the survey was conducted in previous years. Yet, the employees felt internet use had increased their productivity but also their time spent working.

Giving employees responsibility, trust and respect boosts their morale and productivity. Showing them that they are not trusted and must be recorded decreases morale and worker productivity. This is true regardless of the actual reasons for installing monitoring software, according to the same research.

Time-Wasting Spam

Spam refers to unwanted and unsolicited email messages. Spam is widespread and has negative impacts on business, according to the article "Impact of Information Technology on Global Business" published by Purdue University. Wading through spam email is a waste of time, and spam filters can only do so much. Users of spam filters must then check for necessary email messages diverted incorrectly as spam.

Brick and Mortar

The popularity of ecommerce has had a negative impact on brick-and-mortar retail stores. Smaller stores are finding more and more difficult to compete with both Internet businesses and larger retail stores. For example, small community bookstores must compete with as well as large stores such as Barnes & Noble that sell in person and online. Sometimes the smaller stores end up going out of business.


Think about what a business would need to function and be successful.

Describe some ways businesses communicate that are electronic and non-electronic. (Kolbe, in many ways, operates as a business)

Effects of Technology on Business Communications

Technology in Business

The Impact of Technological Change on Business Activity

Growing dependence on technology raises risks of malfunction

Focus questions:

  1. The use of communications technology has huge benefits to businesses in Australia and overseas. State 3 advantages that electronic communications has to businesses, using the information cited in the web links above..
  2. The reliance on electronic communication can have certain risks. Identify 2 risks from the any of the articles above, and explain how they can impact the success of a business.
  3. Businesses and individuals alike can minimise the risks undertaken by a dependance on technology. Describe 2 measures businesses can take to minimise this risk.
  4. The world is getting smaller, and people are becoming more reliant on their technological devices to communicate in business. This creates various issues, involving work/life balance, interpersonal skills and workplace health and safety.
    • Conduct research and identify and describe 5 statistics on how people are using their technological devices in a negative way causing an increase in stress, depression and anxiety. From your research, write 10 detailed guidelines in managing a good work/life balance.
    • Read and analyze the following article: