Australia Privacy Act
What is the Act?
The Act refers to the Privacy Act of 1988 (Cth). It is an Australian data privacy regulation that is intended to protect the privacy of individuals and to govern how certain federal Australian Governmental agencies and organizations handle Australians' personal information. The Act has been amended throughout the years.
What does the Act cover?
The Act applies to personal information. Personal information is defined as information or an opinion about an identified individual, or an individual who is reasonably identifiable: a) whether the information or opinion is true or not; and b) whether the information or opinion is recorded in a material form or not.
Who must comply with the Act?
Entities subject to the Act generally include:
- Most Australian Governmental agencies; and
- Organizations with an annual turnover of more than $3 million (some exceptions apply).
In addition, certain obligations under the Act also apply to:
- Certain types of businesses (e.g. private sector health service provider, a business that sells or purchases personal information; credit reporting bodies);
- Businesses that conduct certain acts or practices (e.g. operators of protected action ballot or residential tenancy databases); and
- Those handling certain information relating to consumer credit reporting, personal property, tax files, convictions, or health.
The Act sets forth significant civil penalties for certain breaches of its obligations, including for serious or repeated interferences with privacy.
What rights are afforded to individuals under the Act?
The Act sets forth 13 Australian Privacy Principles (APPs), which outline the rights of individuals and obligations of entities under the Act.
The Act grants individuals the following rights:
- right to know why their personal information is being collected, how it will be used and who it will be disclosed to;
- right to not identify oneself, or use a pseudonym in certain circumstances;
- right to access personal information;
- right to stop receiving direct marketing;
- right to correct personal information; and
- right to make a complaint against an Act subject entity that mishandled your personal information.
Atlassian and the Act
Atlassian has committed to complying with the Act and any modifications to the law, as further explained below.
Data Subject Rights under the Act
Our tools help customers meet obligations under the Act as it relates to data subject requests. You can read more about the tools below.
1. To assist customers with the right to correct personal information and the right to stop receiving direct marketing, please refer to the “How to access and control your information” Section of our Privacy Policy here.
2. To assist customers with the right to delete:
- Atlassian Organization Admins can facilitate the account deletion of their managed users from controls in their admin portal
- Unmanaged end users may also request that their personal data be deleted by initiating an account deletion request from their Atlassian account profile page
- People who have provided their personal data or had their personal data provided to Atlassian, but do not have Atlassian accounts, may also initiate a request for deletion
3. To assist users with the right to access:
- Atlassian Organization Admins can facilitate access of their managed users' data from Atlassian support
- Unmanaged end users may also request that their personal data be accessed by initiating a data access request from Atlassian support
- People who have provided their personal data or had their personal data provided to Atlassian, but do not have Atlassian accounts, may also initiate a request for access
Data Processing Agreements
Atlassian has a DPA available to its customers that includes compliance with the Act. Our latest DPA can be found here.
Relevant products
Project and issue tracking
Jira
enterprise agile planning
Jira Align
high-velocity itsm
Jira Service Management
document collaboration
Confluence Cloud
Git code management
Bitbucket Cloud
VISUAL COLLABORATION
Trello
modern incident response
Opsgenie
incident communication
Statuspage
help desk service management
Halp
Our team is here to help
Have more questions about our compliance program?
Do you have cloud certifications? Can you complete my security & risk questionnaire? Where can I download more information?
Trust & security community
Join the Trust & Security group on the Atlassian Community to hear directly from our Security team and share information, tips, and best practices for using Atlassian products in a secure and reliable way.
Atlassian support
Reach out to one of our highly-trained support engineers to get answers to your questions.