What is personal information under Australian law?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable. This includes names, addresses, phone numbers, email addresses, tax file numbers, and health information.

What are the Australian Privacy Principles?

The 13 Australian Privacy Principles (APPs) regulate how organisations collect, use, disclose, and store personal information. APP 11 specifically requires organisations to protect personal information from misuse, interference, loss, and unauthorised access or disclosure.

What are the penalties for Privacy Act breaches?

Following 2022 reforms, maximum penalties increased to $50 million AUD for companies, three times the benefit obtained from the breach, or 30% of adjusted turnover—whichever is greater.

Does the Privacy Act apply to my organisation?

The Privacy Act applies to Australian Government agencies, businesses with annual turnover over $3 million, health service providers, and some small businesses that trade in personal information or are contractors to government.

🇦🇺 Privacy Act 1988 & Australian Privacy Principles

Australia Privacy Act Redaction

AI-powered redaction to protect personal information under Australian law. Meet your APP obligations and avoid OAIC enforcement.

Start Redacting Free APP Requirements →

$50M

Maximum OAIC Penalty (AUD)

1,113

Notifiable Breaches (2023-24)

30 Days

Access Request Deadline

What the Privacy Act Requires

The Privacy Act 1988 and the 13 Australian Privacy Principles (APPs) set out how organisations must handle personal information. Proper redaction is essential for meeting several APP obligations.

APP 12: Access Requests

Individuals can request access to their personal information. When providing access, you must redact information about other identifiable individuals unless they've consented.

APP 6: Use & Disclosure

Personal information can only be used or disclosed for the primary purpose it was collected, or a related secondary purpose. Redaction allows sharing documents while limiting disclosure.

APP 11: Security

Organisations must take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access or disclosure. Redaction before sharing is a key protective measure.

APP 11.2: Destruction

When personal information is no longer needed, it must be destroyed or de-identified. Redaction can de-identify documents that must be retained for other purposes.

Personal Information to Redact

Standard Personal Information

Names and signatures
Residential addresses
Email addresses
Phone numbers
Tax File Numbers (TFN)
Medicare numbers
Driver licence numbers
Bank account details

Sensitive Information

Health information
Racial or ethnic origin
Political opinions
Religious beliefs
Sexual orientation
Criminal record
Trade union membership
Biometric data

2022-2024 Privacy Act Reforms

Australia significantly strengthened its privacy regime following major data breaches at Optus and Medibank. The reforms dramatically increased penalties and expanded enforcement powers.

Increased Maximum Penalties

Before 2022: $2.22 million maximum for serious or repeated breaches
After 2022: The greater of $50 million, three times the benefit obtained, or 30% of adjusted turnover

The Medibank breach affected 9.7 million Australians and led to these reforms. OAIC enforcement is expected to increase.

How SafeRedact Helps

AI Detection

Automatically identifies TFNs, Medicare numbers, addresses, and other personal information in your documents.

Permanent Removal

Data is permanently removed—not just covered. Meets APP 11.2 de-identification requirements.

Fast Processing

Meet 30-day access request deadlines with automated detection and batch processing.

Protect Personal Information. Meet APP Obligations.

AI-powered redaction for Australian Privacy Act compliance. Start free—no credit card required.

Start Redacting Free