Click to start searching

Discrimination and privacy laws

Discrimination and privacy laws exist at both state and federal level. We’re here to help you understand them.

Content last updated 15/01/2024


On this page

Privacy laws

Some community organisations, including those with revenue over $3 million, and those that have contractual arrangements with government (for example, under funding agreements) may be required to comply with privacy laws.

It's best practice to assume that all privacy laws apply to your organisation. It's also important to note that there are privacy laws at both state and federal levels.

We’ve published a Privacy Guide to help your organisation comply with privacy laws in Australia. Our guide outlines:

  • what information is covered by privacy law
  • who is covered by privacy laws
  • sources of privacy laws and exemptions
  • obligations under privacy law including consent, notification and storing personal information and compliance
  • privacy policies, and
  • fundraising and privacy
Privacy Guide


See the Office of the Australian Information Commissioner (OAIC) website, for guidance for organisations on handling personal information in the context of the COVID-19 pandemic.

Notifiable Data Breaches scheme

Our fact sheet on the Notifiable Data Breaches scheme supplements our Privacy Guide.

This fact sheet explains your organisation’s obligations if there is a data breach and how to comply with the Notifiable Data Breaches scheme.

Notifiable Data Breaches scheme


Regardless of the industry your organisation operates in, your organisation probably collects and stores a huge amount of information and uses many different kinds of technology in its daily operations. It is extremely important to ensure that your organisation is taking steps to protect and secure personal information.

Our fact sheet contains information about cybersecurity, including common cyber risks, protecting your organisation’s information and electronic systems and reducing the likelihood of a data breach.



In some circumstances, you may have an obligation to keep certain information confidential. This can be because of:

  • an agreement containing a confidentiality obligation
  • the commercial or secret nature of the information itself, or
  • the circumstances in which the information was obtained


Federal and state laws regulate surveillance, recording, monitoring and interception of communications, including when these are done in the workplace. The laws cover video, audio, computer, telephone and tracking surveillance (such as GPS).

More information

For information go to the Office of the Australian Information Commissioner.

Direct marketing and research

The Spam Act 2003 (Cth) regulates how you send promotional emails and other commercial electronic messages, while the Do Not Call Register Act 2006 (Cth) and related industry standards regulate telemarketing and telephone research.

More information

For information go to the Australian Communications and Media Authority (ACMA) and the Do Not Call Register website.

Freedom of information (FOI)

If someone has asked to access their information or told you they have a right to it under FOI laws, you will need to consider if that legislation applies to your organisation (for example, if your organisation holds personal information as a result of a contract between it and the government).

More information

For information go to the Victorian Government's Freedom of Information website and the Australian Government's Office of the Australian Information Commissioner’s webpage on freedom of information.


The content on this webpage was last updated in January 2024 and is not legal advice. See full disclaimer and copyright notice.

Apply for free legal help

Provide feedback