The right to personal privacy is limited. Information privacy was first protected by Commonwealth legislation, but it has expanded and now also includes state legislation. The Australian Privacy Principles set out broad principles that are binding on government agencies and large companies. Specific laws cover credit reporting and some other Commonwealth legislation. Complaints can be made to the Australian Information Commissioner. Victorian privacy legislation includes the Health Records Act 2001 (Vic) and the Human Rights and Responsibilities Charter.


Melanie Casley

Senior Privacy Consultant, Salinger Privacy

Complaints to the Information Commissioner

Last updated

1 July 2022

Individuals may complain to the Information Commissioner if they believe their privacy has been interfered with and there has been a breach of:

  • the Australian Privacy Principles;
  • an approved Privacy Code, with limited exceptions;
  • the credit-reporting provisions in the Privacy Act 1988 (Cth) and the Privacy (Credit Reporting) Code 2014;
  • the COVIDSafe app data protections under Part VIIIA of the PA 1988;
  • the tax file number guidelines;
  • the guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs;
  • the Commonwealth Spent Convictions Scheme;
  • the Consumer Data Right scheme;
  • the Information Privacy Act 2014 (ACT).

The OAIC’s website includes information about whether the commissioner is likely to be able to handle a complaint, and information about the complaint process.

If the Information Commissioner forms the opinion that a tax file number or credit-reporting offence may have been committed, the matter will be referred to the Commissioner of the Australian Federal Police or the Commonwealth Director of Public Prosecutions for possible criminal investigation.

For the Information Commissioner’s details, see ‘Contacts’.

Back to
Government and the individual