Understanding the Consumer Data Privacy and Protection Act in Australia

data protection act australia

Data Protection – act now in Australia and learn about consumer data privacy laws. These laws refer to how sensitive personal data provided by customers during routine business transactions are handled and protected. The internet has become a tool for commerce, raising questions about consumer data privacy laws. Individuals may be at risk for fraud and identity theft due to a lack of access control over personal information. A government data hack may also jeopardise the security of entire nations.

Businesses can use data to send out customised advertising, forecast sales patterns, and enhance their products. But customers naturally have a different perspective. Data is currently collected and used in a wider variety of ways than ever before. Since data now has a higher value to businesses, practically every encounter with a business, even a passive one, results in customer data gathering. Continuous internet surveillance, behavioural profiling, and data-driven targeted marketing are made possible by access to more customer data.

Data protection procedures are used by businesses to indicate to their clients that they can be trusted with their personal information. Individuals must have confidence that their data will be managed carefully in order for them to engage online.

DataBench assists businesses to map their personal information stores.  This includes adhering to the relevant consumer data privacy laws in New Zealand and Australia. DataBench works closely with their clients to assist them in meeting compliance to data privacy legislations and acts.

About Australian Consumer Data Privacy Laws

The Privacy and Data Protection Act 1988  outlines the requirements of the Commonwealth for the gathering, use, disclosure, and protection of “personal information.” It applies to most businesses operating in Australia or engaging in activities with a connection to Australia.


According to the consumer data privacy act, “personal information” is broadly defined as follows. “information or an opinion about a named individual or a person who can be identified with reasonable certainty”. The information is true or false, regardless of whether it is recorded in a material form or not.

The 13 Australian Privacy Principles are specifically used by the Privacy Act to establish guidelines. These guidelines are for handling, collecting, and protecting the integrity of personal information. In accordance with the APPs, a person has the right to access and amend personal information that an organisation holds.


Consumer Data Privacy Legislation in New Zealand

The Privacy Act 2020, which establishes guidelines for gathering, using, disclosing, and protecting “personal information” by “agencies,” governs information about consumer data privacy legislation in New Zealand. The Act applies extensively to “agencies,” which are defined as any individual or group of individuals operating in the public or private sectors, whether they are corporations or not. In accordance with the Act, “personal information” refers to any information that identifies a specific individual.

DataBench assists businesses towards their compliance of Australian and New Zealand Privacy Laws.

Data Protection Act Australia

Data protection is at the core of DataBench’s business. It is something the company takes very seriously as a provider of software solutions for data privacy compliance. DataBench assists businesses in upholding the highest consumer data protection standards when securing personal information.

To ensure businesses meet with compliance of the Privacy Act, including each of the 13 APPs, the following guides should be observed –

  • Only the personal information necessary to carry out the services outlined in contracts with clients shall be retained, disclosed and stored
  • Businesses will provide their staff and users in Australia or New Zealand with information about how their personal information is being collected in compliance with the Act or the Privacy Act (as applicable), including but not limited to:

(i) Educating people about the types of personal information that are being gathered and stored, as well as the fact that such information is being collected;

(ii) the reason(s) for which the individual’s information was or will be gathered;

(iii) the method of data collection and storage (including the name and location of the processing entity);

(iv) the consequences to the individual if the information is not provided (for example, loss of service);

(v) the individual’s rights of access and correction and how they can be exercised;

(vi) the individual’s rights to report a privacy breach; and

(vii) the intended recipients of the personal information (including location if they are overseas).

DataBench’s Approach to Privacy and Data Security 

At DataBench we advise clients to take reasonable precautions to guard against unauthorised access, alteration, and disclosure of information. We also advise clients about the misuse, loss, and interference with the personal information they collect, use, disclose, store, or retain.

We advises clients to not retain, disclose, use, or store any personal information that is not necessary for fulfilling the obligations under contracts with customers for the purposes outlined in our Privacy Policy or as otherwise required by consumer data protection act Australia laws.

DataBench advises their clients that any sub-processors will be held accountable for their work and to keep track of all the sub-processors it is currently using.

A Data Privacy Discovery solution has been created with process automation that emphasises the importance of personal data compliance and brings the relevance back onto the boardroom agenda for Australia and New Zealand businesses.

How to Protect your Organisatons Personal Data

There are several steps that organizations and individuals can take to protect personal data:
  1. Limit the amount of personal data collected: Only collect the personal data that is necessary for a specific purpose.

  2. Secure personal data: Use strong encryption and secure servers to protect personal data from unauthorized access or hacking.

  3. Use firewalls and anti-virus software: These tools can help prevent unauthorized access to personal data.

  4. Train employees on data security: Make sure that employees understand the importance of data security and how to handle personal data properly.

  5. Keep software and systems up-to-date: Regularly update software and systems to ensure that they are protected against known vulnerabilities.

  6. Use multi-factor authentication: This can help protect personal data by requiring more than one form of authentication to access it.

  7. Conduct regular data security audits: Regularly review data security procedures and systems to ensure they are effective.

  8. Have a incident response plan: Prepare a plan to respond to data breaches and implement it promptly.

  9. Provide notice and obtaining consent: Inform individuals of what data is being collected and how it will be used and obtain consent before collecting their personal data.

  10. Dispose of personal data properly: When personal data is no longer needed, it should be securely deleted or destroyed.

It’s important to note that protecting personal data is an ongoing process. This requires continuous effort, as the threats and methods of attack are constantly evolving.

Consumer Data Privacy and Protection Laws Australia

In Australian data protection law is governed by the Privacy Act 1988. 

Data protection laws are regulations that govern the collection, storage, use, and dissemination of personal information. The specific details of data protection laws will vary depending on the jurisdiction in which they are implemented.

One of the most well-known data protection laws is the General Data Protection Regulation (GDPR) which applies to organizations operating in the European Union (EU) and European Economic Area (EEA). The GDPR sets out strict rules for the handling of personal data and gives individuals significant rights over their personal information. It also imposes significant fines for non-compliance.

Another example is the California Consumer Privacy Act (CCPA) which applies to organizations that do business in California, United States. The CCPA gives California residents the right to know what personal information is collected about them, the right to request that their personal information be deleted, and the right to opt-out of the sale of their personal information.

In addition to EU and US, other countries also have their own data protection laws and regulations. For example, India has its Personal Data Protection Bill, Brazil has the General Data Protection Law, Japan has the Act on the Protection of Personal Information, and so on. Australian data protection law has the Privacy Act 1988.

Overall, data protection laws are put in place to protect individuals’ personal information and to ensure that organizations handle personal data in a responsible and transparent manner.

Contact DataBench to learn more about Australian data protection law.

More Blog Posts