Australia has a sophisticated privacy regime that has continually evolved to keep pace with changing technology and an increasingly detailed body of global data protection laws. Australia addresses an individual’s privacy rights by way of various of federal, state, and territory laws.
The most prominent Commonwealth level data privacy law is the Australian Privacy Act No. 119 (as amended) (the "Privacy Act"). The Privacy Act governs the handling of personal information in terms of the collection, use, storage, and disclosure of personal information and applies to most organizations in the private sector with an annual turnover of at least AU$3 million and government organizations, as well as all Commonwealth Government and Australian Capital Territory Government agencies. Entities governed by the Privacy Act are known as "APP entities." The Privacy Act applies to any personal data, whether electronic or manual records. First enacted in 1988, the Privacy Act has since been amended from time to time to enhance the privacy protections it offers.
The foundation of the Privacy Act is the 13 Australian Privacy Principles ("APPs"), which replaced the National Privacy Principles and Information Privacy Principles in 2014.
The APPs are principles-based, aiming to protect an individual’s privacy in an open and transparent way without being burdensome or inflexible. The APPs apply to the processing of personal information from start to finish, and establish standards for the collection, use, disclosure, quality, and security of personal information. The APPs also address the obligations that apply to APP entities with respect to an individual’s right to access and to correct their own personal data. One key theme of the APPs is that an organization should only use or disclose personal data for the purpose for which it was collected.
The Privacy Act is enforced by the it the Office of the Australian Information Commissioner ("OAIC"). The OAIC is responsible for investigating complaints made by data subjects, investigating breaches of the APPs and credit reporting provisions. The OAIC's powers include accepting enforceable undertakings, seeking civil penalties, and conducting privacy performance assessments for government agencies and businesses.
Proofpoint understands that our Australian customers, especially those that are APP entities, will want to understand how Proofpoint uses personal data. Generally speaking, Proofpoint retains very few data elements that fall into the category of personal data, most of which relates to the threat actor. Such data elements are only used for the purpose set forth in our agreement – to provide and improve the products and services. The Proofpoint Trust site is a resource intended to assist with our customers’ due diligence processes and provides additional information.
© 2022. All rights reserved. The content on this site is intended for informational purposes only.
Last updated April 27, 2022.