Privacy: from principles to practice

Personal information is part of your customers’ everyday life.

Ensure privacy protection is part of your everyday business.

Welcome to Privacy Awareness Week

Portrait photo of Angelene Falk

2018 marks 30 years of the Australian Privacy Act 1988. Since then, there have been remarkable changes in the way personal information is put to use across the world. Utilising personal information to engage with businesses, government, and each other online is an everyday occurrence. At the same time, the public benefits of increased data analysis and data mobility to research, policy-making, and the Australian economy are being actively sought.

This has reinforced the vital importance of privacy, which is integral to building and maintaining people’s trust in both government agencies and businesses in their handling of personal information.

Privacy today is founded on the principles of transparency and accountability. It is about ensuring individuals can exercise choice and control and that the actions of organisations reflect the value of personal information to individual’s wellbeing and dignity.

To that end — 2018 is the year a number of regulatory developments were introduced in Australia that enhance privacy governance across the public and private sector. The Notifiable Data Breaches (NDB) scheme came into force in February, formalising a long-standing community expectation for organisations to notify individuals affected by data breaches that are likely to result in serious harm. In just under two months’ time, Australian Government agencies must comply with the Australian Government Agencies Privacy Code. Internationally, on 25 May the European Union’s (EU’s) General Data Protection Regulation takes effect for all Australian businesses operating in the EU.

These regulatory developments highlight the importance of exploring this year’s Privacy Awareness Week (PAW) theme, ‘from principles to practice’.

Throughout this week, we encourage Australian organisations to review and improve how they handle personal information to ensure they are transparent and accountable, in line with community expectations and legislative requirements. Building these principles into your internal practices supports greater public and consumer trust, and can ensure you are well positioned to navigate an increasingly data-rich environment.

PAW is also an opportunity for all of us to discuss and improve our individual privacy practices, to increase awareness about potential privacy risks and how to reduce them.

The Office of the Australian Information Commissioner is also able to help with privacy questions. Call our enquiries line to discuss a privacy issue.

So this PAW, take stock of how you manage personal information. Read the resources on our website to find out how you can improve your privacy practices, or attend one of this week’s events.

The OAIC looks forward to engaging with you throughout the week and the year, as we continue our work to embed privacy principles into practice.

Angelene Falk
Acting Australian Information Commissioner
and Acting Privacy Commissioner

30 years of the Privacy Act

This PAW we are celebrating 30 years of the Privacy Act 1988. This timeline highlights ten key moments in privacy since the Act commenced.

Share other key moments online with #2018PAW.

  • 1988

    The passage through Federal Parliament of the first iteration of Australia’s Privacy Act applying to Australian Government Agencies

  • 1992

    The establishment of Asia Pacific Privacy Authorities (APPA)

  • 1996–2000

    Access to the Internet among Australian households grew rapidly

  • 2001

    Expansion of the Privacy Act to include the private sector

  • 2004

    Start of the social media boom

  • 2006–8

    ALRC’s privacy inquiry — resulting in the largest ever ALRC report (#108) of 3 volumes and 295 recommendations

  • 2007

    First release of the smartphone — smartphones become an everyday necessity

  • 2014

    Commencement of the Australian Privacy Principles, registration of the Credit Reporting Code and an expansion of regulatory tools available to the OAIC

  • 2016

    Joint investigation with Canada on Ashley Madison data breach (subsequently winner of an International Privacy Commissioner’s conference award)

  • 2018

    The Notifiable Data Breaches Scheme commences


The PAW Business Breakfast

When: 7.30am to 9.30am, Monday 14 May 2018

Where: Heritage Ballroom, The Westin, 1 Martin Place, Sydney NSW

With the European Union’s General Data Protection Regulation (EU GDPR) coming into effect in May, recognised EU and international data protection law expert Sheila FitzPatrick will headline the 2018 PAW Business Breakfast, providing her thoughts on what a GDPR influenced future will look like. Deep diving into the modern reality of privacy practice in Australia, a business panel will follow to reflect how businesses are responding to new privacy developments.

Currently joining the panel is Lisa Schutz, Founder and CEO of InFact Decisions and Verifier, and Emma Hossack, CEO at Extensia. The third panellist is Tommy Viljoen, National Lead Partner for Cyber Risk Strategy and Governance at Deloitte. The panel will be moderated by former Australian Privacy Commissioner, Malcolm Crompton.

The Acting Australian Information Commissioner and Acting Privacy Commissioner Angelene Falk will open the breakfast and launch Privacy Awareness Week 2018.

This event is sold out.

Webinar — Preparing your agency's Privacy Management Plan

When: 10.30am to 11.30am, Tuesday 15 May 2018

For: Privacy Officers and Champions within Australian Government agencies

Cost: Free

If you are involved in creating or updating your Australian Government Agency’s PMP, this is the webinar for you. Join us online to find out about how to use our new Privacy Management Plan (PMP) tool and companion guide. We will help you to understand your agency’s PMP obligations under the Australian Government Agencies Privacy Code; the value of a PMP and how it can improve privacy practice across your agency; how to conduct a maturity assessment; how to use this assessment to formulate the goals and actions for your agency’s PMP; and how to effectively measure and document your agency’s performance against the PMP.

The webinar will be presented by Acting Deputy Commissioner, Melanie Drayton, and Acting Assistant Commissioner – Regulation and Strategy, Sarah Ghali, and will be followed by a live Q&A.

It is aimed specifically at Privacy Officers, Privacy Champions, and anyone else who is responsible for privacy in Australian Government agencies. We recommend registering early to test the webcast on your device.

MinterEllison PAW privacy professionals’ event

When: 5.30pm to 7.30pm, Wednesday 16 May 2018

Where: MinterEllison Level 23, Rialto Towers, 525 Collins Street, Melbourne VIC

The acting Australian Information Commissioner and acting Privacy Commissioner, Angelene Falk, will feature on an expert panel to discuss the importance of good privacy governance. Leader of MinterEllison’s National Privacy Group and Special Counsel, Veronica Scott, will facilitate the discussion to further explore the 2018 PAW theme ‘Privacy: from principles to practice.’ Also featuring on the panel is the Victorian Information Commissioner, Sven Bluemmel, and Senior Legal Counsel - Chief Privacy Officer at National Australia Bank, Jade Haar.

This event is invitation only to the OAIC’s Melbourne Privacy Professionals’ Network members.

Do you know your credit history?

When: 7.30am until 1.30pm, Thursday 17 May 2018

Where: Wynyard Park, Sydney CBD, NSW

Have you ever thought about your credit health and the important role it plays in life’s big moments? To find out more, come along to Wynyard Park in the Sydney CBD and speak with representatives from the Office of the Australian Information Commissioner and the Australian Retail Credit Association’s CreditSmart consumer education team and supporters.

Pick up a free coffee and learn why having good credit history is important and why you should be keeping track of it.


Download your supplies

Supporters 2018

Sign up
ORC International
Optometry Australia
Department of Foreign Affairs and Trade
The Pharmacy Guild of Australia
Salinger Privacy
Federal Group
Brainstorm Productions
Chief Minister, Treasury and Economic Development Directorate
St Mary's College Maryborough
Command I.T. Services
National Document Shredding Service
Department of Health
Monash College
DCS Group
National Capital Private Hospital
Analytics in Motion
Redland Hospital
Curtin University
North Metropolitan Health Service
Equity Trustees
Shred-it Australia Pty Ltd
GRC Solutions
Evolve Housing
The Salvation Army Australia 
City of Greater Geelong
Warringal Private Hospiatl
Queensland Department of Health
Portside Christian college
Education Services Australia
Health Information Management Association of Australia (HIMAA)
Procter & Gamble Australia Pty Ltd
The Australian Bureau of Statistics
Rochester and Elmore District Health Service
Australian Security Industry Association Ltd
Australian Reinsurance Pool Corporation
Texas Instruments
St Aidans Primary School
Star of the Sea College
Latitude Finance
Royal Australian College of General Practitioners
nubesec Pty Ltd
Virtual 6degrees
On the Line
DPV Health (Dianella Health)
Albert Road Clinic
National Hearing Care
IOOF Holdings Ltd
Sydney Community Services
Department of Jobs and Small Business
Liberty Financial
Professional Services Review
IP Australia
L.E.K. Consulting
ANZ Bank
IXUP Limited
Emerging IT
Armadale Health Service
John Fawkner Private Hospital
Veritas Check
Veritas Check NZ
Credit and Investments Ombudsman
Macquarie University Hospital
Australian Electoral Commission
UnitingCare QLD
Cbus Super
Western Hospital
MQ Health
The Kilmore & District Hospital
Green Point Christian College Library
Goodstart Early Learning Limited
Bayer Australia Limited
Department of Agriculture and Water Resources
Wimmera Health Care Group
ReachOut Australia
Department of Defence
Mercy Hospitals Victoria Limited
Wallis Market & Social Research
Australian Government Department of Finance
Google Australia
National Grower Register Pty Limited
Alliance Business Technologies
Information Integrity Solutions Pty Ltd
CBHS Health Fund Limited
eHealth Information Security and Privacy Services
Biometrics Institute
Aura Information Security
Department of the Environment and Energy
Urban IT
AIA Australia
Administrative Appeals Tribunal
Lockton Companies Australia Pty Ltd
Medical Billing Experts
Office of the Information Commissioner Queensland
One Dot Zero
Kiama Municipal Council
NPS MedicineWise
National Health Practitioner Ombudsman and Privacy Commissioner
Frederick Irwin Anglican School
Dekko Secure
Digital Rights Watch
Stickman | Cyber Security by Design
The Energy and Water Ombudsman Victoria
Firefighters Mutual Bank
Information and Privacy Commission NSW
Great Barrier Reef Marine Park Authority
Brunswick Private Hospital
John & Johnson
Tasmanian Health Service
Medical & Aged Care Group - Medical
Sequoia Services
First State Super Trustee Corporation
Department of Industry, Innovation and Science
OC Connections Limited
Novartis Pharmaceuticals
Brisbane Airport Corporation PL
Blue NRG Pty Ltd
Macquarie Group Limited
Cabrini Health
Commonwealth Bank of Australia
Department of Social Services
P&N Bank
Rural Bank Ltd
PwC Australia
Australian Federal Police
Bendigo and Adelaide Bank Limited
Westpac Banking Group
National Health and Medical Research Council
Department of Veterans' Affairs
Icon Cancer Care
GRC Institute
Medibank Private
Certex International
SE Consulting
Accountable List Brokers
WorkCover Queensland
Espresso Communications
Ceebeks Business Solutions for GOOD
Keep Left
Small Multiples
The Jacket Maker
Data Governance Australia
Association for Data-driven Marketing & Advertising
Information Governance ANZ
Good Shepherd ANZ
Firefighters Mutual Bank
Teachers Mutual Bank
Tertiary Travel Service Pty Ltd
Bureau of Meteorology
Ballarat Health Services
Delphic Insurance Services
Lend Capital Pty Ltd
Emergence Insurance
Fair Work Commission
Seniors Enquiry Line
Ask Itee
Gemalto Australia Pty
The Southport School
Active Navigation
Australian Association of Practice Management
Croesus Project Services
National Catholic Education Commission
CV Check Ltd
Layer 8 Security
Australian Public Service Commission
In Vitro Technologies Pty Ltd
CARE Australia
Australian Taxation Office
Allcom Networks
Department of Home Affairs
Transport Canberra and City Services
Office of the Esafety Commissioner
CrimCheck Ltd
National Blood Authority
Colorado Attorney General's Office - Consumer Protection Section
Unsecured Business Loans
Active Physiotherapy
On Time Typing
Lorica Health
Department of Infrastructure, Regional Development and Cities
Edmund Insurance
VPN Ranks
My Privacy Policy
Communications and Media Law Association (CAMLA)
Equifax Australia
Online Privacy Tips
Sydney Airport
AGL Energy
Shred On Site
Crown Melbourne Limited
StateCover Mutual Limited
Mlc life insurance
ID Exchange
ARCS Australia Ltd
Virgin Australia Group
Westfund Health Insurance
Ryman Healthcare
Australian Digital Health Agency
Australian Transport Safety Bureau
Commonwealth Ombudsman
Stable Research
Icon Group
Privacy Proactive
3P Risk
Australian Research Council
First Advantage Australia Pty Ltd
Smash Delta
Bundaberg Christian College
Defence Housing Australia
iShred Secure Document Destruction
Crown Perth
38 Ten
Taasplan Super
Australian Unity
Holy Spirit Northside Private Hospital
ShareTree Inc
Human Element IT Pty Ltd
APSCo Australia
Cynch Security
Epic Pharmacy
Watchdog Compliance
Uniting Financial Services
International Health and Medical Services Pty Ltd
Data Republic
Checked Australia

Privacy policy