General questions regarding laws and principles
1. Please provide an overview of the legal and regulatory framework governing data protection and privacy in your jurisdiction (e.g., a summary of the key laws, who is covered by them, what sectors, activities or data do they regulate, and who enforces the relevant laws). Are there any expected changes in the data protection and privacy law landscape in 2022-2023 (e.g., new laws or regulations coming into effect, enforcement of any new laws or regulations, expected regulations or amendments)?
In Australia, data protection and privacy are principally regulated by the federal Privacy Act 1988 (Cth) (Privacy Act). The Privacy Act regulates the collection, use, storage and disclosure of personal information by private sector organisations (with some exceptions) and federal government agencies (but not state agencies). In particular, the Privacy Act sets out 13 Australian Privacy Principles (APPs) which set out specific obligations in respect of personal information. The Privacy Act also contains credit reporting obligations which apply to the handling of credit information about individuals by credit reporting bodies, credit…
