EOFY Sale · Save up to $750 off your legals · Ends 30 June

Claim offer

Business Law Library & Tracker

Privacy & Data

Privacy notices, data handling, direct marketing and breach response obligations for Australian businesses.

Browse main lawsSee latest updates

Sources last reviewed 8 June 2026

Main law guides

307

Acts, regulations and codes worth reading first

Topics

22

Plain-English clusters

Published case explainers

496

Selected cases with a business lesson

Tracked updates

110

New, amended & reviewed

Plain-English explainers, not legal advice. Check the linked official source before you rely on a specific section, and get advice for your situation.

Get legal help

Main laws

Main lawCommonwealth

Privacy Act 1988

Privacy Act 1988 (Cth)

PriorityIn force4 practical checks · checked 29 May 2026
Privacy & Data
Main lawNew South Wales

Children (Education and Care Services) National Law (NSW)

Children (Education and Care Services) National Law (NSW)

PriorityIn force5 practical checks · checked 8 June 2026
Franchising & Regulated IndustriesEmployment & WorkplaceBusiness Registration & OperationsContracts & CommercialPrivacy & DataPlanning, Building & Local Approvals
Main lawNorthern Territory

Education and Care Services (National Uniform Legislation) Act 2011 (NT)

Education and Care Services (National Uniform Legislation) Act 2011 (NT)

PriorityIn force5 practical checks · checked 8 June 2026
Franchising & Regulated IndustriesEmployment & WorkplaceBusiness Registration & OperationsContracts & CommercialPrivacy & DataPlanning, Building & Local Approvals
Main lawACT

Education and Care Services National Law (ACT) Act 2011 (ACT)

Education and Care Services National Law (ACT) Act 2011 (ACT)

PriorityIn force5 practical checks · checked 8 June 2026
Franchising & Regulated IndustriesEmployment & WorkplaceBusiness Registration & OperationsContracts & CommercialPrivacy & DataPlanning, Building & Local Approvals
Main lawTasmania

Education and Care Services National Law (Application) Act 2011 (Tas)

Education and Care Services National Law (Application) Act 2011 (Tas)

PriorityIn force5 practical checks · checked 8 June 2026
Franchising & Regulated IndustriesEmployment & WorkplaceBusiness Registration & OperationsContracts & CommercialPrivacy & DataPlanning, Building & Local Approvals
Main lawQueensland

Education and Care Services National Law (Queensland) Act 2011 (Qld)

Education and Care Services National Law (Queensland) Act 2011 (Qld)

PriorityIn force5 practical checks · checked 8 June 2026
Franchising & Regulated IndustriesEmployment & WorkplaceBusiness Registration & OperationsContracts & CommercialPrivacy & DataPlanning, Building & Local Approvals
Main lawVictoria

Education and Care Services National Law Act 2010 (Vic)

Education and Care Services National Law Act 2010 (Vic)

PriorityIn force5 practical checks · checked 8 June 2026
Franchising & Regulated IndustriesEmployment & WorkplaceBusiness Registration & OperationsContracts & CommercialPrivacy & DataPlanning, Building & Local Approvals
Main lawWestern Australia

Education and Care Services National Law Application Act 2026 (WA)

Education and Care Services National Law Application Act 2026 (WA)

PriorityIn force5 practical checks · checked 8 June 2026
Franchising & Regulated IndustriesEmployment & WorkplaceBusiness Registration & OperationsContracts & CommercialPrivacy & DataPlanning, Building & Local Approvals
Main lawSouth Australia

Education and Early Childhood Services (Registration and Standards) Act 2011 (SA)

Education and Early Childhood Services (Registration and Standards) Act 2011 (SA)

PriorityIn force5 practical checks · checked 8 June 2026
Franchising & Regulated IndustriesEmployment & WorkplaceBusiness Registration & OperationsContracts & CommercialPrivacy & DataPlanning, Building & Local Approvals
Main lawCommonwealth

Spam Act 2003

Spam Act 2003 (Cth)

PriorityIn force4 practical checks · checked 29 May 2026
Privacy & DataConsumer Law & Trading
Main lawNorthern Territory

Private Security Act 1995 (NT)

Private Security Act 1995 (NT)

PriorityIn force5 practical checks · checked 1 June 2026
Franchising & Regulated IndustriesEmployment & WorkplacePrivacy & DataConsumer Law & TradingContracts & CommercialBusiness Registration & Operations
Main lawVictoria

Private Security Act 2004 (Vic)

Private Security Act 2004 (Vic)

PriorityIn force5 practical checks · checked 1 June 2026
Franchising & Regulated IndustriesEmployment & WorkplacePrivacy & DataConsumer Law & TradingContracts & CommercialBusiness Registration & Operations
Main lawSouth Australia

Security and Investigation Industry Act 1995 (SA)

Security and Investigation Industry Act 1995 (SA)

PriorityIn force5 practical checks · checked 1 June 2026
Franchising & Regulated IndustriesEmployment & WorkplacePrivacy & DataConsumer Law & TradingContracts & CommercialBusiness Registration & Operations
Main lawTasmania

Security and Investigations Agents Act 2002 (Tas)

Security and Investigations Agents Act 2002 (Tas)

PriorityIn force5 practical checks · checked 1 June 2026
Franchising & Regulated IndustriesEmployment & WorkplacePrivacy & DataConsumer Law & TradingContracts & CommercialBusiness Registration & Operations
Main lawWestern Australia

Security and Related Activities (Control) Act 1996 (WA)

Security and Related Activities (Control) Act 1996 (WA)

PriorityIn force5 practical checks · checked 1 June 2026
Franchising & Regulated IndustriesEmployment & WorkplacePrivacy & DataConsumer Law & TradingContracts & CommercialBusiness Registration & Operations
Main lawNew South Wales

Security Industry Act 1997 (NSW)

Security Industry Act 1997 (NSW)

PriorityIn force5 practical checks · checked 1 June 2026
Franchising & Regulated IndustriesEmployment & WorkplacePrivacy & DataConsumer Law & TradingContracts & CommercialBusiness Registration & Operations
Main lawACT

Security Industry Act 2003 (ACT)

Security Industry Act 2003 (ACT)

PriorityIn force5 practical checks · checked 1 June 2026
Franchising & Regulated IndustriesEmployment & WorkplacePrivacy & DataConsumer Law & TradingContracts & CommercialBusiness Registration & Operations
Main lawQueensland

Security Providers Act 1993 (Qld)

Security Providers Act 1993 (Qld)

PriorityIn force5 practical checks · checked 1 June 2026
Franchising & Regulated IndustriesEmployment & WorkplacePrivacy & DataConsumer Law & TradingContracts & CommercialBusiness Registration & Operations
Main lawCommonwealth

Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)

Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)

PriorityIn force15 practical checks · checked 1 June 2026
Finance, Payments & SecurityPrivacy & Data
Main lawCommonwealth

Online Safety Act 2021 (Cth)

Online Safety Act 2021 (Cth)

PriorityIn force7 practical checks · checked 1 June 2026
Privacy & DataConsumer Law & Trading
Main lawTasmania

Personal Information Protection Act 2004 (Tas)

Personal Information Protection Act 2004 (Tas)

WatchlistIn force4 practical checks · checked 1 June 2026
Privacy & DataDigital & Ecommerce
Main lawVictoria

Privacy and Data Protection Act 2014 (Vic)

Privacy and Data Protection Act 2014 (Vic)

WatchlistIn force4 practical checks · checked 1 June 2026
Privacy & DataDigital & EcommerceContracts & Commercial
Main lawWestern Australia

Privacy and Responsible Information Sharing Act 2024 (WA)

Privacy and Responsible Information Sharing Act 2024 (WA)

WatchlistIn force4 practical checks · checked 1 June 2026
Privacy & DataDigital & EcommerceContracts & Commercial
Main lawWestern Australia

Surveillance Devices Act 1998 (WA)

Surveillance Devices Act 1998 (WA)

WatchlistIn force4 practical checks · checked 1 June 2026
Employment & WorkplacePrivacy & Data
Main lawVictoria

Surveillance Devices Act 1999 (Vic)

Surveillance Devices Act 1999 (Vic)

WatchlistIn force4 practical checks · checked 1 June 2026
Employment & WorkplacePrivacy & Data
Main lawNorthern Territory

Surveillance Devices Act 2007 (NT)

Surveillance Devices Act 2007 (NT)

WatchlistIn force4 practical checks · checked 1 June 2026
Employment & WorkplacePrivacy & Data
Main lawSouth Australia

Surveillance Devices Act 2016 (SA)

Surveillance Devices Act 2016 (SA)

WatchlistIn force4 practical checks · checked 1 June 2026
Employment & WorkplacePrivacy & Data
Main lawACT

Workplace Privacy Act 2011 (ACT)

Workplace Privacy Act 2011 (ACT)

WatchlistIn force4 practical checks · checked 1 June 2026
Employment & WorkplacePrivacy & Data
Main lawNew South Wales

Workplace Surveillance Act 2005 (NSW)

Workplace Surveillance Act 2005 (NSW)

WatchlistIn force4 practical checks · checked 1 June 2026
Employment & WorkplacePrivacy & Data
Main lawCommonwealth

Security of Critical Infrastructure Act 2018 (Cth)

Security of Critical Infrastructure Act 2018 (Cth)

WatchlistIn force4 practical checks · checked 1 June 2026
Privacy & DataDigital & Ecommerce

Tracker

  1. New8 June 2026

    Education, childcare and training provider laws added

    The legislation library now covers education, childcare and training-provider regulation for Australian small businesses. New pages explain ASQA and RTO regulation, overseas student and CRICOS provider obligations, and education and care services laws across NSW, Queensland, Victoria, WA, SA, Tasmania, the ACT and the Northern Territory. This gives childcare operators, family day care providers, outside school hours care businesses, RTOs, private colleges, education startups, franchise groups and buyers a clearer place to understand approvals, registrations, responsible people, staffing, student records, education agents, incidents, regulator notices and acquisition due diligence.

    Franchising & Regulated IndustriesBusiness Registration & OperationsEmployment & WorkplaceContracts & CommercialConsumer Law & TradingPrivacy & Data
  2. New8 June 2026

    Security industry licensing laws added

    The legislation library now covers private security and investigation licensing laws across NSW, Queensland, Victoria, WA, SA, Tasmania, the ACT and the Northern Territory. This gives security firms, venues, retailers, events, facilities managers and small businesses hiring guards a clearer place to understand licence classes, crowd control, investigations, monitoring, installers, subcontractor controls, incident records and regulator pathways.

    Franchising & Regulated IndustriesEmployment & WorkplacePrivacy & DataConsumer Law & TradingContracts & CommercialBusiness Registration & Operations
  3. Case8 June 2026

    Current consumer and records search cases added

    This batch adds official Federal Court explainers for consumer law jurisdiction, informal product supply, FOI search records, cyber incident records and judicial review limits. The practical theme is evidence discipline before a dispute escalates: handover records, product warnings, search logs and privacy response notes need to be clear enough to survive later scrutiny.

    Consumer Law & TradingContracts & CommercialPrivacy & DataBusiness Registration & Operations
  4. Case7 June 2026

    Current governance, insolvency, privacy and PPSR cases added

    The selected cases section now adds ten more official-source explainers covering shareholder sale confidentiality, related-entity employment structures, company-books inspection, derivative actions, AGM communications, DOCAs, environmental obligations in administration, privacy complaint files, late PPSR registration and administrator appointment records. The batch is focused on business operators, directors, founders, lenders, investors and advisers who need the practical story behind recent judgments.

    Companies & StartupsInsolvency & RestructuringPrivacy & DataFinance, Payments & SecurityContracts & Commercial
  5. Case7 June 2026

    Current governance, privacy, payroll and IP cases added

    The selected cases section now adds ten more official-source explainers for credit hardship reporting, privilege waiver in regulator litigation, corporate housekeeping relief, late PPSR registrations, AFS licensee product governance, continuous disclosure, enterprise-agreement payroll calculations, payslip and recordkeeping penalties, whistleblower reprisal claims and creative-business moral rights. The batch keeps the case-law lane focused on practical business stories rather than procedural metadata.

    Companies & StartupsFinance, Payments & SecurityPrivacy & DataEmployment & WorkplaceIP & Brand Protection
  6. Case7 June 2026

    Current business case explainers expanded

    The selected cases section now has deeper current coverage across adviser and fund disputes, business asset consumer guarantees, credit hardship systems, cybersecurity controls, internal dispute resolution and credit model penalties. These pages are written as practical case stories for operators, not bare legal notes: each one links to an official court or regulator source and translates the decision into concrete checks for business owners, founders, directors, regulated providers and finance teams.

    Finance, Payments & SecurityConsumer Law & TradingPrivacy & DataContracts & Commercial
  7. Reviewed7 June 2026

    Fair Work reproductive health leave Bill tracked

    Employers do not need to change leave policies just because a private Bill is before the Senate. It is still worth tracking if your workforce policies cover reproductive health, menopause symptoms, flexible work requests, sensitive health information or manager training. The useful business step is to keep policy language human, private and consistent with existing Fair Work and discrimination obligations.

    Employment & WorkplaceDiscrimination & AccessibilityPrivacy & Data
  8. Commenced7 June 2026

    WA privacy commencement tracked

    The proclamation is mostly a WA public-sector privacy milestone, but it can still matter to businesses that contract with WA agencies, handle data in government-funded projects or connect systems into agency information-sharing arrangements. Private businesses should keep their federal Privacy Act settings separate from any WA government contract or procurement obligations.

    Privacy & DataContracts & Commercial
  9. Case1 June 2026

    Digital consumer law cases added

    Digital, ecommerce and marketplace businesses now have selected cases for pricing interfaces, search ads, data disclosures and small-business unfair terms.

    Consumer Law & TradingPrivacy & Data
  10. Reviewed29 May 2026

    Privacy Act added to the business law tracker

    This gives founders and SMEs a single plain-English place to start before moving into privacy policies, data handling contracts and breach response planning.

    Privacy & Data
  11. Reviewed28 Feb 2026

    Spam Act flagged for marketing compliance review

    Businesses running email or SMS campaigns should confirm consent records, sender identification and working unsubscribe links.

    Privacy & DataConsumer Law & Trading
  12. Reviewed24 Nov 2025

    Deepfake and online safety Bill added to tracker

    This is not yet a general business compliance rule, but it matters for businesses using synthetic media, creator content, AI image or voice tools, user-generated content, influencer campaigns or face and voice likeness in marketing. The safe operating point is to treat consent, permissions and takedown escalation as a governance issue, not just a creative approval step.

    Privacy & DataDigital & EcommerceIP & Brand Protection
  13. Amendment22 Feb 2017

    Notifiable Data Breaches history added

    This is the update that made breach-response planning a board and management issue for Privacy Act entities. Businesses handling personal information need a practical response process for suspected incidents: contain the issue, work out what information is involved, assess serious harm, decide whether notification is required and keep records of the decision.

    Privacy & DataDigital & Ecommerce
  14. Amendment12 Dec 2012

    Australian Privacy Principles reform history added

    This is the foundation for the modern Privacy Act compliance model many businesses now recognise. It helps explain why privacy policies, collection notices, access and correction processes, direct marketing controls, overseas disclosure checks and credit-reporting rules cannot be treated as separate admin tasks. They are all part of the same Privacy Act operating system.

    Privacy & DataDigital & Ecommerce
  15. Amendment2006 Act

    Surveillance Devices (Workplace Privacy) Act 2006 history added

    Victorian employers should read this as workplace-surveillance history, not as a separate day-to-day operating guide. It helps explain why cameras, device monitoring, computer use policies and workplace privacy notices need to be checked against the current Surveillance Devices Act settings before monitoring is introduced or relied on in a dispute.

    Privacy & DataEmployment & Workplace
  16. Reviewed2000 Act

    Information Privacy Act 2000 history added

    This is the predecessor privacy-law story for Victoria, not a current standalone guide for small businesses. It helps readers understand why Victorian privacy material may refer to older information-privacy concepts before moving into the Privacy and Data Protection Act 2014. Businesses should still separate Victorian public-sector privacy rules from federal Privacy Act obligations.

    Privacy & DataDigital & Ecommerce

Cases

Federal Court of Australia[2026] FCA 9213 Feb 2026

ASIC v FIIG Securities

Cybersecurity is now a licence and governance issue for regulated businesses. If your business holds sensitive client data, weak access controls, untested incident...

Read explainer
Privacy & DataFinance, Payments & SecurityCompanies & Startups
Supreme Court of New South Wales[2026] NSWSC 57425 May 2026

Concept Cosmetic Medicine v Chater

Confidential information and restraint disputes need precise contracts, careful evidence and realistic interim orders. A business that wants urgent protection...

Read explainer
Contracts & CommercialEmployment & WorkplaceIP & Brand ProtectionPrivacy & Data
Federal Court of Australia[2026] FCA 62921 May 2026

eSafety Commissioner v X Corp

Platform safety obligations can require detailed regulator reporting, not just internal moderation effort. If a notice asks for information in a specified form, a...

Read explainer
Privacy & DataDigital & Ecommerce
Federal Court of Australia[2026] FCA 2430 Jan 2026

Gao v Australian Information Commissioner

Privacy complaints can be won or lost on evidence and procedure. Businesses handling customer or credit information should keep records that show what data was...

Read explainer
Privacy & DataConsumer Law & Trading
Federal Court of Australia[2026] FCA 61420 May 2026

Garvey v Australian Information Commissioner

When an organisation receives a formal access request or privacy complaint, the quality of its search record matters. Even where the exact FOI Act process does not...

Read explainer
Privacy & DataBusiness Registration & Operations
Federal Court of Australia[2026] FCA 600

Pett v National Disability Insurance Agency (No 2)

Business owners should read this case as a document-handling and litigation strategy decision. The Court protected the spreadsheets because of a particular...

Read explainer
Privacy & Data
Federal Court of Australia[2026] FCA 14320 Feb 2026

Vinall v Bankwest

Credit providers should treat hardship reporting as a controlled legal and customer process. If hardship information may be reported to a credit reporting body, the...

Read explainer
Privacy & DataFinance, Payments & Security
Federal Court of Australia[2025] FCA 407

Australian Steel Manufacturing Pty Ltd v Selection Steel Trading Pty Ltd

Business owners should read this as a contract management case as much as an insolvency case. If you want your standard terms to govern future trading, make that...

Read explainer
Privacy & Data
Federal Court of Australia[2025] FCA 1060

Bain v International Capital Markets Pty Ltd (No 4)

Business owners should read this as a data minimisation case as much as a privacy case. The Court did not decide the merits of the underlying class action. It...

Read explainer
Privacy & Data
Federal Court of Australia[2025] FCA 1535

BDR21 v Australian Broadcasting Corporation (No 3)

Read this case as a warning against casual reuse of litigation documents. The Court did not give a general right to repurpose discovered material. It granted a...

Read explainer
Privacy & Data
Federal Court of Australia[2025] FCA 1647

Bowcher (liquidator), in the matter of Blacktrans Express Pty Ltd (in liq) v Black

If your company enters liquidation, do not treat company books, passwords, keys, vehicles, trailers, plant or records as if they remain yours to hold back, sort out...

Read explainer
Privacy & Data
Federal Court of Australia[2025] FCA 1147

Haverkort v Qantas Airways Limited

Business owners should read this as a communications and privacy process case, not a final ruling on refund liability. If you need to contact customers about a...

Read explainer
Privacy & Data
Federal Court of Australia[2025] FCA 511

Horizon Solsolutions Australia Pty Ltd v National Disability Insurance Agency

If your business depends on fast decisions from a government payment system, do not assume the usual turnaround time will continue once integrity concerns arise....

Read explainer
Privacy & Data
Federal Court of Australia[2025] FCA 1127

Jacksons Drawing Supplies Pty Ltd v Jackson's Art Supplies Ltd (No 2)

If you are launching or localising an online store for Australia, clear the brand early and test the whole customer journey for confusion. This case shows that...

Read explainer
Privacy & Data
Federal Court of Australia[2025] FCA 669

Lattouf v Australian Broadcasting Corporation (No 2)

If a worker’s public comments trigger complaints, slow the decision down enough to separate legal grounds from commercial pressure. Check the contract, any...

Read explainer
Privacy & Data
Federal Court of Australia[2025] FCA 1559

Leigh v National Disability Insurance Agency (Extension of Time and Leave to Appeal)

If your business needs confidentiality in Federal Court proceedings, do not assume sensitivity alone will be enough. Work out early exactly what protection is...

Read explainer
Privacy & Data
Federal Court of Australia[2025] FCA 780

McGinn v Australian Information Commissioner (No 2)

Businesses should read this case as a reminder to separate three issues that often get mixed together in customer disputes: whether an event happened, whether a...

Read explainer
Privacy & Data
Federal Court of Australia[2025] FCA 307

Miciulis v Cimic Group Limited

Business owners should read this as a class action settlement approval case, not as a new statement of privacy law. The Court did not finally decide whether CIMIC...

Read explainer
Privacy & Data
Federal Court of Australia[2025] FCA 1212

Norden Holdings Pty Ltd (Trustee) v Martens Investments Pty Ltd (Trustee), in the matter of Amazonia IP Holdings Pty Ltd (No 6)

Read this case as a warning about court process, not as a general statement that privacy lets businesses withhold records. The court treated the real problem as...

Read explainer
Privacy & Data
Federal Court of Australia[2025] FCA 1142

Pigozzo v Mineral Resources Ltd (No 3)

The main lesson is procedural but commercially important. Once information goes into pleadings, affidavits or other court documents, your ability to claw it back...

Read explainer
Privacy & Data
Federal Court of Australia[2025] FCA 1197

Reiche v Neometals Ltd (No 3)

If your business is in Federal Court, do not treat filed evidence as automatically private once it is used in open court. This case shows that affidavits and...

Read explainer
Privacy & Data
Federal Court of Australia[2025] FCA 420

Reurich v Savills (SA) Pty Ltd

Business owners should read this case as a process and evidence case. The Court accepted that disability protections were engaged and that assistance-animal...

Read explainer
Privacy & Data
Federal Court of Australia - Full Court[2025] FCAFC 68

Roberts-Smith v Fairfax Media Publications Pty Ltd (Admission of Recording)

The practical reading for business owners is narrow but important. This was not a court endorsement of secretly recording or circulating private conversations. Nor...

Read explainer
Privacy & Data
Federal Court of Australia - Full Court[2023] FCAFC 192

Court House Capital Pty Ltd v RP Data Pty Limited

If your business is using a commercial litigation funder, do not assume the downside sits only with the claimant on the court record. This case shows that a funder...

Read explainer
Privacy & Data
Federal Court of Australia[2023] FCA 480

Hardingham v RP Data Pty Limited (Third Party Costs)

Read this case as a practical warning about risk allocation, not just funding mechanics. A commercial funder cannot assume it is insulated from adverse costs merely...

Read explainer
Privacy & Data
Federal Court of Australia[2021] FCA 36716 Apr 2021

ACCC v Google

Businesses collecting location or behavioural data should make privacy and consumer disclosures match the real product settings. Privacy wording can also be...

Read explainer
Privacy & DataConsumer Law & Trading
Federal Court of Australia[2020] FCA 120320 Aug 2020

ACCC v HealthEngine

Data-sharing and review systems need to be designed honestly. A privacy disclosure problem can also become misleading conduct where users are not clearly told how...

Read explainer
Privacy & DataConsumer Law & Trading