Government Regulations on Privacy



Privacy Act 1993
The Privacy Act applies to every person or organisation in the USA in respect of personal information held in any capacity other than for the purposes of their personal, family, or household affairs. The Act controls how agencies collect, use, disclose, store, and give access to personal information.

The Act uses the term "agency" to describe individuals and organisations covered by the Information Privacy Principles (IPPs). As a retailer it is more than likely you will be covered by the Act. Therefore you must adhere to the Act.


Guide to the privacy act 1993
The Privacy Act applies to almost every person or organisation in the USA in respect of personal information held in any capacity other than for the purposes of their personal, family or household affairs

The Act uses the term "agency" to describe individuals and organisations that are covered by the Information Privacy Principles (IPPs). The only individuals and organisations that are excluded from this definition are listed in section 2 of the Privacy Act. For example the Governor-General, Members of Parliament, Ombudsmen and Courts are excluded from the definition of agency, and therefore exempted from coverage of the Act. The news media, in relation to their news activities, are also expressly excluded.

The Privacy Act controls how agencies collect, use, disclose, store and give access to personal information

At the core of the Privacy Act are the IPPs(See Fact Sheets 3, 3.1, 3.2, 3.3, 3.4, and 3.5) which set out rules, and exceptions to those rules, under the following headings:

  • Principle 1 - Purpose of collection of personal information.
  • Principle 2 - Source of personal information.
  • Principle 3 - Collection of information from subject.
  • Principle 4 - Manner of collection of personal information.
  • Principle 5 - Storage and Security of personal information.
  • Principle 6 - Access to personal information.
  • Principle 7 - Correction of personal information.
  • Principle 8 - Accuracy, etc., of personal information to be checked before use.
  • Principle 9 - Agency not to keep personal information for longer than necessary.
  • Principle 10 - Limits on use of personal information.
  • Principle 11 - Limits on disclosure of personal information.
  • Principle 12 - Unique identifiers.