The Privacy Act incorporates 13 Privacy Principles that dictates how personal information must be handled by covered organizations.
What is a covered organization as defined by Australia Privacy Act? A covered organization is any company, of any size, with an annual gross income of more than $3,000,000.
These kind of companies are subject to the Privacy Act and its regulations. However, businesses whose income is less than that might still be covered by one of the exceptions outlined in the Act:
- A business that discloses personal information about another individual to anyone else for benefit, service or advantage is covered.
- A business that provides a benefit, service or advantage so that they may collect other individuals’ personal information is covered.
- A mobile application that does not gross more than $3,000,000/year, but requires an email address for activation of an account or use of mobile app is not covered.However, if a mobile app developer decides to start selling the email addresses that his application has been collecting to advertisers, then the Privacy Act would cover them.
- Additionally, certain kinds of special organizations, such as health care providers and so on, are covered by the Privacy Act.
As a business, you can still choose to opt-in and be covered by the Act. If any business would otherwise not be covered, the business can petition to be covered to assure users that the business is committed to privacy.