Skip to main content

In this day and age, when a lot of data is shared online, privacy is downright crucial. A few years ago, a major credit card breach happened in Europe. The victims were small businesses that had been the targets of malicious hackers. On a much larger scale, the Yahoo breach impacted over a billion user accounts worldwide, including corporate email accounts

Digital Privacy Is Important

Under the legislation of many countries, privacy policies are a legal requirement. This is also true in Australia, though it’s subject to certain exceptions. 

The Privacy Act 1988 (Cth), Australia’s main privacy law, sets out the information that an entity—such as a business, government agency, school, or not-for-profit organisation – must publicly disclose in its privacy policy.

An Australian app or website may have overseas laws applicable to it. So, if you’re using an app or website in Australia, you might want to check if it has an Australian Privacy Policy. If it does, you should also check it for compliance with the Australian Privacy Principles.

What Is Personal Information?

The definition of Personal Information is quite general; it’s information or an opinion on a person that is at least reasonably identifiable. That applies whether data is true or not and whether it’s recorded or not. To be more specific, it can include Unique Device Identifiers (UDIDs), Internet Protocol (IP) addresses and the like. Location information may be included here as well.


Personal Information’s collection, storage, use and disclosure is governed by the Act and Australian Privacy Principles. This is under the 1988 Australian Privacy Act. Businesses in Australia are bound to this if their annual turnover is $3 million or more and if they handle personal information or get captured by the Act’s second set of criteria.


That “second set” essentially signifies that every business, no matter their turnover, will break the law if they sell or purchase Personal Information. The same goes if they handle particular categories of Personal Information, like TFN (Tax File Numbers, data regarding health + medical data, and more).

Businesses that trade in Personal Information have to comply with the Privacy Act’s Australian Privacy Principles. Collecting Personal Information for business needs is not prevented by Privacy Act compliance. It just means guidelines on handling have to be followed.

When Do a Region's Laws Apply?

There are three key points when it comes to whether or not a particular region’s laws can apply. Those are if operations are based there, servers or processing services based there are being used, or the service is targeting users from there.

In a nutshell, it’s possible for regional regulations to apply whether or not you’re in a certain region. The best route to take is approaching data processing activities with compliance to the strictest applicable regulations.


If a business is using an app or website in Australia, you might want to check if it has an Australian Privacy Policy. If it does, they should also check it for compliance with the Australian Privacy Principles. Abiding by regulations is extremely important.

If you need to connect with Cybersecurity consulting firms that can help you comply with Australian law, work with Rabbon. We’re a cybersecurity company in Australia aiming to help minimise the cyber risks of all organisations. Contact us today!

Cybersecurity is what we do

Rabbon is a Cybersecurity company based with offices in Sydney and Melbourne. We lead a team of Cyber security Consultants and GRC Consultants, who help organisations become cyber resilient by providing access to effective and affordable cybersecurity services. We believe that “Cybersecurity is for everyone

You can contact our Cyber Security Consultants for an obligation-free consultation.

Email: [email protected]