A hand pointing to a graph showing the business growth. Accelerating Commercialisation Grants through grants and funding by the Australian Government.

Privacy Law Reform

The aim of the Privacy Act is to protect personal information about individuals handled by organisations. The Act contains Principles which set the minimum standards for handling personal information.  

Personal information is information that identifies an individual or allows their identity to be readily worked out. It includes information such as a person's name, address, financial details, marital status, billing details, ethnicity, religion and health details. The Privacy Act does not apply to employment records of private sector organisations, used for employment purposes.

Privacy Laws-Mandatory Reporting Of Notifiable Breaches 

From 22 February 2018, businesses with an annual turnover of more than $3 million or who deal with Tax File Numbers (TFN's) need to comply with the Notifiable Data Breaches scheme under the Privacy Act 1988 in addition to the existing obligations.

If a data breach involves personal information and is likely to result in serious harm to any individuals, you will need to notify both the individual involved and the Office of Australian Information Commissioner (OAIC).

Businesses are required to take reasonable steps to destroy or conceal information that is no longer needed, and to protect existing information.  A breach can occur when personal information held by an organisation is lost or subjected to unauthorised access or disclosure.  Examples of a data breach include when:

  • A device containing a customer's personal information is lost or stolen.
  • A database containing personal information is hacked.
  • Personal information is mistakenly provided to the wrong person.

Penalties can apply for a breach of the new regime of up to $360,000 for individuals and $1.8m for Companies.

Privacy Law and Small Business

Small businesses with an annual turnover of $3 million or less do not need to comply unless they are: 

  • A health service provider;

  • Trading in personal information, e.g., buying or selling a mailing list; 

  • Related to a business that is not a small business; 

  • Credit providers and credit reporting bodies;* 

  • A contractor that provides services under a Commonwealth contract; 

  • A reporting entity for the purposes of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006;  

  • An operator of a residential tenancy database, or 

  • Activities related to the conduct of a protection ballot.

* Note: The credit reporting system may still apply. 

Australian Privacy Principles 

The 13 Australian Privacy Principles (APPs) set out standards, rights and obligations for the handling, holding, use, accessing and correction of personal information.

The Privacy Act also covers the following areas: 

  • APP 1 – Open and Transparent Management of Personal Information
  • APP 2 – Anonymity and Pseudonymity
  • APP 3 – Collection of Personal and Sensitive Information
  • APP 4 – Dealing with Unsolicited Personal Information
  • APP 5 – Notification of Collection
  • APP 6 – Use or Disclosure of Personal Information
  • APP 7 – Direct Marketing
  • APP 8 – Cross Border Disclosure
  • APP 9 – Adoption, Use or Disclosure of Government Identifiers
  • APP 10 – Quality of Personal Information
  • APP 11 – Security of Personal Information
  • APP 12 – Access of Personal Information
  • APP 13 – Correction of Personal Information 

The Privacy Act also covers specified persons handling your: 

  • Consumer credit reporting information
  • Tax File Numbers under the Tax File Number guidelines
  • Personal Information contained under the Personal Property Securities register
  • Old Conviction information under the Commonwealth Government Conviction Scheme
  • My Health Record information 

Commissioner's Powers 

The Australian Privacy Commissioner is able to conduct performance assessments and apply orders or penalties to non-compliant businesses. Penalties may be up to $340,000 for individuals and up to $1.7 million for organisations 

Ensuring Your Complies with the Privacy Act 

What you need to do to ensure your business complies with the Privacy Act will depend on the size and the type of business you run and the kind of personal information you collect. 

The following steps provide a framework to ensure your business is ready to comply with the Privacy Act and reforms: 

More information on the obligations which may be relevant for your organisation can be found on the Office of the Australian Information Commissioner website or by contacting our office.

Steps Framework for Privacy Act and Reforms Brentnalls SA

If you would like to print this information please click here for PDF format.

The information provided in this information sheet does not constitute advice. The information is of a general nature only and does not take into account your individual situation. It should not be used, relied upon, or treated as a substitute for specific professional advice. We recommend that you contact Brentnalls SA before making any decision to discuss your particular requirements or circumstances.

Our Services

Our services go beyond compliance to find out more about your goals, your priorities and establish plans to grow and protect your future wealth. We will take the time to listen, ensuring we meet your goals, as well as guide you so you have a better understanding of the financial decisions being made. Our services include:

Accounting & Tax
Business Advisory
Wealth Creation & Preservation

Our People

Our Partners & Principals want to be part of your team that drives your future success, that provides you with solutions to your challengers. More importantly, who listens and knows exactly where you are going and what you want to achieve financially. 

"Helping you achieve your dreams, is our passion, and our strength is in our dedicated professional team."


News & Resources

Our priority is to ensure your kept up-to-date on trends, industry legislations, accounting and tax updates, business advisory information, superannuation and much, much, more. All of which, may have an impact on you and your business. Our resources provide additional supporting information in the following areas: 

Fact Sheets
News Articles
COVID-19 - Information Sheets
COVID-19 - Brentnalls SA Response

Our Location

255 Port Road

PO Box 338
Welland SA 5007 

View location map

P: (08) 8241 8444
F: (08) 8241 8488

E: [email protected]

Connect with us on Facebook. Connect with us on LinkedIn.