Maat's Method

Maat's Method Logo

Privacy Law Lawyers Australia

The right to privacy is comprehensively protected in Australia. It is one of the few areas of human rights law which is fully enshrined in our domestic law at both a state and federal level.

Understanding Privacy Law 

There are both Federal and State based Privacy statutes, and corresponding remedial pathways, in Australia.

The Federal Law

The Privacy Act 1988 (the Federal Act) is the federal legislation that governs the privacy of individuals, and how government and industry can collect, use and disclose individuals’ personal information.

The Federal Act was drafted to be “principles based”. It enshrines the ‘Australian Privacy Principles’, which are:


Open and transparent management of personal information

Ensures that entities manage personal information in an open and transparent way. This includes having a clearly expressed and up to date privacy policy.


Anonymity and pseudonymity

Requires entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.


Collection of solicited personal information

Outlines when an entity can collect personal information that is solicited. It applies higher standards to the collection of sensitive information.


Dealing with unsolicited personal information

Outlines how entities must deal with unsolicited personal information.


Notification of the collection of personal information

Outlines when and in what circumstances an entity that collects personal information must tell an individual about certain matters.


Use or disclosure of personal information

Outlines the circumstances in which an entity may use or disclose personal information that it holds.


Direct marketing

An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.


Cross-border disclosure of personal information

Outlines the steps an entity must take to protect personal information before it is disclosed overseas.


Adoption, use or disclosure of government related identifiers

Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.

APP 10

Quality of personal information

An entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.

APP 11

Security of personal information

An entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.

APP 12

Access to personal information

Outlines an entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.

APP 13

Correction of personal information

Outlines an entity’s obligations in relation to correcting the personal information it holds about individuals.

Who does the Federal Act apply to?

Broadly, the Federal Act applies to Government Departments and businesses with an annual turnover of more than $3,000,000 in the previous financial year.

What action can I take for breach of Privacy under the Federal Act?

The Officer of the Australian Information Commissioner (OAIC) is empowered to enforce compliance with the Federal Act. The Commissioner can do this by investigating and resolving complaints about instances of non-compliance by entities, or by self-initiating an investigation into an act or practice of an entity.

If you think your privacy has been breached, you can submit a complaint to the OAIC through their complaints portal. Alternatively, you can also submit a complaint by letter.

What can I expect when making a complaint to the OAIC?

The current framework of the Act places a strong emphasis on the Commissioner to attempt to resolve complaints by conciliation and, failing that, to make binding determinations against entities including determinations for compensation and costs. If the Commissioner considers it is reasonably possible that the complaint may be conciliated successfully, the Commissioner must make a reasonable attempt to conciliate the complaint. The main remedies agreed in conciliated privacy complaints are:

  1. record amended;
  2. access provided;
  3. other or confidential;
  4. apology;
  5. compensation;
  6. changed procedures, and
  7. staff training or counselling.

 Calculation of compensation (sometimes called damages) in Privacy Complaints is not as precise as in other civil claims. Although loss is often taken into account, there is not necessarily a direct correspondence between the amount of loss, or the degree of suffering caused by the breach, and the award given. As a result, it can be helpful to look at the circumstances of several privacy complaints, and the decisions made, in order to analyse quantum in your own case.

State Privacy Actions

Each State and Territory has their own Privacy legislation.

NSW, for example, has two statutes relevant to privacy and potential breach of privacy actions:

  1. Privacy and Personal Information Protection Act 1998 (NSW) (the PPIPA); and
  2. Health Records and Information Privacy Act 2002 (NSW) (the HRIPA).

The Privacy and Personal Information Protection Act 1998 (NSW)

The PPIPA applies to state government agencies, statutory or declared authorities, the police service and local councils. The Act also sets out the role of the NSW Privacy Commissioner. It does not apply to health records and does not apply to private information gathered by non-government (private) agencies. Information from private agencies should instead be sought through the Federal Privacy Act (as long as they meet the minimum revenue requirement).

The PPIPA contains 12 ‘Information Protection Principles’ (IPPs), not dissimilar to the Australian Privacy Principles in the Federal framework. Broadly, they are as follows:

Collection must be:

  1. Lawful

Personal information can only be collected for a lawful purpose, which is directly related to the agency’s function or activities and necessary for that purpose.

  1. Direct

Personal information can only be directly collected from the person concerned, unless they have authorised collection from someone else, or if the person is under the age of 16 and the information has been provided by a parent or guardian.

  1. Open

The person from whom information is collected must be informed of why it is being collected, what the agency will do with it and who else might see it. The person should also be told how they can view and correct their personal information, if the information is required by law or voluntary, and any consequences that may apply if they decide not to provide their information.

  1. Relevant

The personal information collected should be relevant, accurate, complete, up-to-date and not excessive and that the collection should not unreasonably intrude into the personal affairs of the individual.

Storage must be:

  1. Secure

The personal information must be kept securely, no longer than necessary and disposed of appropriately. It should also be protected from unauthorised access, use, modification or disclosure.

Access and Accuracy must be:

  1. Transparent

The person whose information is stored should be told clearly what information is being stored, why it is being used and any rights they have to access it.

  1. Accessible

People should be allowed to access their personal information without excessive delay or expense.

  1. Correct

People should be allowed to update, correct or amend their personal information where necessary.

Use must be

  1. Accurate

Personal information must be relevant, accurate, up to date and complete before use.

  1. Limited

Personal information must only be used for the purpose it was collected unless the person has given their consent, or the purpose of use is directly related to the purpose for which it was collected, or to prevent or lessen a serious or imminent threat to any person’s health or safety.

Disclosure must be

  1. Restricted

Only personal information that a person has given consent for, or that a person has been told would be disclosed, if disclosure is directly related to the purpose for which the information was collected and there is no reason to believe the person would object, or the person has been made aware that information of that kind is usually disclosed, or if disclosure is necessary to prevent a serious and imminent threat to any person’s health or safety.

  1. Safeguarded

An agency cannot disclose sensitive personal information without a person’s consent, for example, information about ethnic or racial origin, political opinions, religious or philosophical beliefs, sexual activities or trade union membership. It can only disclose sensitive information without consent in order to deal with a serious and imminent threat to any person’s health or safety.

Bringing an Action

In NSW, complaints can be made to the NSW Privacy Commissioner.

A similar approach for damages is taken in State actions, as once again there isn’t necessarily a direct correlation between level of direct economic loss, for example, and the amount awarded.

If you believe your privacy has been breached, we can help.


“I could not have been more fortunate or more pleased to have Peter Fam take on my case against an ‘establishment bully’. From the outset, Peter’s meticulous “take one careful step at a time” approach, instilled great confidence in me that we had an excellent chance to bring justice to my situation. Peter displayed an amazing ability to explain the nuances of my situation and to sincerely and effectively involve me in the decision along the way. His dedication to humanity, truth and integrity was clear, and undoubtedly had the ‘bully’ on the back foot. Thus, we had a very good outcome. Maat’s Method: Outstanding excellent service!”

Dr Georgina Hale MBBS FRACP PhD

“My experience with Peter Fam was nothing short of special. His approach was unique because he was able to provide a comprehensive understanding of my situation and recommend an action plan. Any lawyer can quote and reference the law, but Peter stood out to me because of his ability to speak in my language and reference the things that mattered to me. His communication was clear and his advice came with no pressure. He understood the importance of different stakeholders and how even a positive legal outcome could have the potential to impact some parties negatively. He had a truly objective approach to my situation and had the grounded energy i needed to redirect my attention to where it was needed most. More than anything, Peter restored my hope in humanity because at a time when i had lost hope in people, he was there to show me that there are still good, honest truthful people in the world that value doing whats right more than doing whats profitable. Thank you Peter”

Ali Mahfouz

“Peter was extremely helpful during a tricky court case and time. He supported me through navigating and settling with an incredible outcome. When dealing with the case, Peter was extremely professional but also sensitive to my emotions and feelings. Peter was very helpful in understanding specific nuances of the law to support my case. Through our interactions and the way he approached the situation, showed his integrity and authentic desire to support people. His work went beyond and above and I highly recommended his services. “


“My experience with Peter at Maat`s Method was a pleasant and positive one. Peter was caring, understanding and of a generous spirit…fulfilling a much needed service…administered with integrity…”

Carolyn Crowe

“Peter at Maat’s Method took on my human rights case against a large government agency and achieved a favorable outcome. Many other lawyers said it couldn’t be done however Peter’s dedication and effort made it happen. Peter is a great listener, honest, responsive and effective. I am exceptionally grateful that he was my lawyer.”

William Cartwright

“Peter helped me in a time of need. He was empathetic, supportive and professional from the first time we connected.

I contacted a number of lawyers who were more worried about payment, didn’t listen to my concerns and were cold and transactional. Peter felt like a friend from the start.

Peter very quickly understood my issue and provided logical advice and direction. He took the weight of the issue off my shoulders and became my voice and advocate – I felt like I could finally breathe in an extremely stressful situation.

Peter helped me achieve justice and I recommend him to everyone who needs legal advice. With Peter you get someone dedicated to your cause, someone who is truly independent and who will fearlessly stand up for justice and truth, no matter how big the opponent may be.

Thank you Peter.”

Nicole Turnbull - Director at Neon Shed

“I had the greatest pleasure and experience having such a wonderful and extremely knowledgeable Human rights lawyer Peter Fam assist me with a very difficult and complex situation.

Peter’s passion to promote awareness knowledge and discussion on matters about Human Rights is extraordinary.

He is compassionate considerate and was very supportive towards my case. He always found the time to communicate about my concerns and I found him extremely helpful,  especially when I had nowhere to turn.

I highly recommend Peter Fam as a Human Rights lawyer, his dedication and resilience are impeccable.”

Georgia Kotsias