Timeline

The Privacy Act 1988 marks Australia's primary federal privacy law, enacted to align with international standards and initially covering government agencies. It has evolved through numerous amendments expanding its scope, principles, and enforcement. The progression reflects adaptations to digital challenges and private sector needs.​

Key Milestones

• Passed December 1988; commenced January 1989 with 11 Information Privacy Principles for government agencies.​

• 1991: Privacy Amendment Act 1990 added credit reporting regulation (Part IIIA).​

• 2000: Established Office of the Privacy Commissioner.​

• 2001: Privacy Amendment (Private Sector) Act 2000 extended to private organizations with 10 National Privacy Principles.​

• 2010: Australian Information Commissioner Act created OAIC, integrating privacy functions.​

• 2014: Privacy Amendment (Enhancing Privacy Protection) Act 2012 introduced 13 Australian Privacy Principles (APPs), expanded credit reporting, and enhanced enforcement.

• 2018: Privacy Amendment (Notifiable Data Breaches) Act 2017 mandated breach notifications.​

• 2022: Privacy Legislation Amendment (Enforcement and Other Measures) Act strengthened OAIC regulation.​

Recent Reforms (2024–2026)

The Privacy and Other Legislation Amendment Act 2024 (Royal Assent 10 December 2024) introduced the first tranche of major updates.

Related Legislation

Supporting laws assign privacy oversight to OAIC without directly amending the Act.

• Telecommunications Act 1997: Carrier privacy standards.​

• Spam Act 2003 and Do Not Call Register Act 2006: Marketing restrictions.​

• Healthcare Identifiers Act 2010 and My Health Records Act: Health data handling.​

• Anti-Money Laundering and Counter-Terrorism Financing Act 2006: AUSTRAC consultations.​