Business Registration, Licences & Permits

Return to chapter video

Click on the links below to learn more


Register your Business
Register for Tax
Licences & Permits
Notifying Changes

Privacy Act

The Federal Privacy Act 1988 sets rules for businesses handling personal information. It also allows individuals to make a complaint if personal information is mishandled.

Some small businesses, including those that are non-profit bodies or unincorporated associations, need to comply with the Privacy Act.

Small businesses that collect personal information (other than their own employees' information) may need to comply. Personal information is any information about an identifiable individual, e.g. a person's name and address, marital status or income.

If your business has an annual turnover of more than $3 million or is a health service provider, the Privacy Act applies to your business.

Does your small business need to comply with the Privacy Act?

Is your small business:

  • Privacy Acta health service provider?
  • trading in personal information (e.g. buying or selling a mailing list)? 
  • related to a larger business (a related body corporate)?
  • a contractor that provides services under a Commonwealth contract?
  • a reporting entity for the purpose of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act)?
  • an operator of a residential tenancy database? 

If you answered yes to any of these, your business may need to comply with the Privacy Act. You may also need to comply if your business buys or sells business assets that include personal information (eg. a customer database).

The Privacy Commissioner's checklist, A Privacy Checklist for Small Business can help you to work out whether your business may need to comply.

Compliance with the Privacy Act - the basics

For many small businesses, complying with the Privacy Act means that the key things to do are:

  • tell people when you collect personal information what you expect to do with it
  • use personal information only for the reason you collected it, or in ways people would think reasonable unless you have their consent, have given them an opportunity to opt-out or the use is authorised by another law
  • pass on personal information only for the reason you collected it, or in ways people would think reasonable, unless you have consent or the disclosure is authorised by another law
  • if people ask, give them a chance to see any information you hold about them
  • keep personal information secure, accurate and up-to-date.

These requirements are set out in the Act in 10 National Privacy Principles (NPPs).

See A Guide to Privacy for Small Business for more information.