The Privacy Act, which includes the Australian Privacy Principles (APPs), forms the foundation of Australian privacy law. It regulates the collection, use and disclosure of personal information in Australia. But what is personal information? Is it any information that someone gives you? Is it business information that only relates to their business? This article explains what precisely Australian privacy law means when it refers to ‘personal information’.

Who Needs to Comply With the APPs?

If you are an APP entity, the APPs apply to you. APP entities are:

  • entities with an annual turnover of more than $3 million, including charities and not-for-profit organisations;
  • health service providers, including gyms;
  • some small businesses, including businesses that sell or purchase personal information; and
  • entities that ‘opt-in’ and choose to comply with the APPs.

If you are operating a small business, you may not be an APP entity, and therefore you do not need to comply with the APPs. However, even if your business is not an APP entity, it is best practice to have a privacy policy that sets out how your business will collect, use and disclose customers’ personal information. This can help build trust with customers and lead to more business.

What is Personal Information?

Personal information is defined in the Privacy Act as information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.

Examples of information commonly considered to be personal information are a person’s:

  • name;
  • address;
  • phone number;
  • date of birth;
  • age;
  • bank or credit card details; and
  • medical records.

However, the answer to what is personal information is not so straightforward. The Office of the Australian Information Commissioner (OAIC), which has a range of privacy regulatory powers, encourages APP entities to ‘err on the side of caution’ and treat information as personal information in accordance with the APPs if there is any doubt.

How Can an Individual Be Reasonably Identifiable?

Information that can reasonably identify a person may also be personal information. Therefore, you need to consider the context of the information you have and whether, as a whole, that information could reasonably identify the person.

Whether or not a person is reasonably identifiable depends on who has access to that information. For example, you should think about whether that personal information is being used internally within your business, or if you are releasing that information to the public.

What is Not Personal Information?

Generally, information that relates to a business is not personal information. This information includes a business’ name, address, and Australian Business Number (ABN). However, if a business is carried out by a sole trader, or only one person, that business information can be reasonably identifiable as personal information. Either way, you should be careful.

Furthermore, information is not personal information if it is de-identified information. Information can be de-identified using technology to remove anything from that information that can reasonably identify a person. The OAIC recommends obtaining specialist assistance to successfully de-identify personal information because the process can be challenging.

Key Takeaways

The definition for personal information under Australian privacy law is broad. Therefore, it is often difficult to ascertain whether the information you have collected is personal information.

Some cases are relatively clear-cut. For example, a person’s name, phone number, address and date of birth will generally be personal information because that information can identify a person. However, other information such as a person’s religion, ethnicity and work details may also identify a person. If you have any questions, contact LegalVision’s IT lawyers on 1300 544 755 or fill out the form on this page.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.
Lauris De Clifford

Get a Free Quote Now

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • We will be in touch shortly with a quote. By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.

Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at

View Privacy Policy