Support Centre



Law: Information Privacy Act 2009 ('the Act'). Please note that the Act only applies to public bodies. Private organisations are subject to the federal Privacy Act 1988.

Regulator: Office of the Information Commissioner ('OIC')

Summary: There is no separate, territorial level private sector data protection law in Queensland. The Act regulates the processing of personal information by public bodies as well as contracted service providers, and the OIC principally ensures compliance with the Act. The OIC has been particularly active in providing guidance including, for example, detailing a tiered system for assessing damages related to privacy breaches. In addition, the OIC has released guidance that addresses data protection in broader terms such as privacy impact assessment templates and breach management guidelines. The Queensland Office of the Health Ombudsman may receive complaints related to the handling of health information.