Understanding Australia’s Federal Privacy Act and Privacy Principles


Join our newsletter!

Receive the latest data collection news in your inbox.

As a web form builder and data collection platform trusted by thousands of organizations worldwide, FormAssembly prioritizes data privacy first and foremost. Our platform is compliant with a wide range of data privacy laws and regulations to help organizations in all industries and locations collect data responsibly, including the GDPR in Europe, the CCPA and HIPAA in the United States, and several others.

Our goal is to help our customers become better stewards of the data entrusted to them, which is why we’re dedicated to providing informative data privacy resources. In this blog, we’re sharing key information about the Australian Privacy Act and its 13 Privacy Principles.

Australia’s Federal Privacy Act

Australia’s Privacy Act was established in 1988. It protects the privacy rights of Australian citizens while regulating organizations’ use of personal information. With this law, government agencies and organizations are required to inform individuals about how their information is being used. The regulation gives citizens more control over their data by allowing citizens to correct, access, and request their own personal information.

The Australian Privacy Act applies to Australian government agencies and specified private organizations with annual turnover of $3 million or more. The Act also applies to some small businesses, including those that process healthcare information or purchase private information.

Australian Privacy Principles

Organizations that are required to comply with the Australian Privacy Act are also subject to the 13 Australian Privacy Principles, or APPs. These principles include guidelines about:

  • Openness and transparency
  • Anonymity
  • How organizations must deal with solicited and unsolicited personal information
  • Data collection and disclosure notifications
  • Cross-border data disclosure
  • Data quality, security, and accessibility
  • Correcting personal data

Because the APPs are “principles-based” laws, the principles allow organizations to adjust their data security procedures according to the specific needs of their business and customers. The principles are also “technology neutral” to allow them to evolve along with technology. If an organization is noncompliant with these principles, they may face legal consequences.

State government data protection legislation

The Australian Privacy Act does not apply to state or territory government agencies in Australia, but most states and territories have their own data protection legislation for this purpose. These acts include:

  • Information Privacy Act 2014 (Australian Capital Territory)
  • Information Act 2002 (Northern Territory)
  • Privacy and Personal Information Protection Act 1998 (New South Wales)
  • Information Privacy Act 2009 (Queensland)
  • Personal Information Protection Act 2004 (Tasmania), and
  • Privacy and Data Protection Act 2014 (Victoria)

About FormAssembly

With customers in all industries all over the globe, FormAssembly prioritizes data privacy and stays up-to-date with ever-evolving data privacy laws. Because our platform is compliant with the world’s most robust data privacy regulations such as the GDPR, companies in other countries such as Australia can rest assured that our platform’s security and compliance is held to the highest standards. For an added layer of security, we offer encryption at rest on all plans.

With our drag-and-drop form builder, security and compliance procedures, and robust integration capabilities, we help organizations get more out of the data they collect. To get started with FormAssembly today, sign up for a 14-day free trial.

Don’t just collect data
— leverage it