Glossary / Compliance & regulation

Privacy Act and the Australian Privacy Principles

The Privacy Act 1988 and its Australian Privacy Principles are the laws governing how Australian organisations collect, use, store, and disclose personal information, overseen by the OAIC.

What it means

The Privacy Act 1988 and its 13 Australian Privacy Principles govern how organisations collect, use, store, secure, and disclose personal information. The Office of the Australian Information Commissioner (OAIC) oversees the regime. A concrete example for a finance team: when you verify a new supplier contact’s identity, you collect personal information, so you need a lawful reason to collect it, you must keep it secure, and you should only use it for the purpose you gathered it.

Why it matters for Australian finance teams

Identity and payment verification necessarily involves personal information, which brings Privacy Act obligations. Mishandling it, or suffering a breach, can trigger notification duties under the Notifiable Data Breaches scheme and draw OAIC scrutiny. Finance and accounts payable teams that verify payees need a process that collects only what is necessary and stores it responsibly.

How ezyshield helps

ezyshield is built for Australian businesses and treats verification data as sensitive personal information. It confirms the individual, the business through ABN and ASIC checks, and bank account ownership before payment, then logs each check in an append-only audit trail that is added to but never edited or deleted, giving you a defensible record without holding more than you need. See how it works and bank account ownership verification.

Also known as: APP, Privacy Act 1988, Australian Privacy Principles

Last updated: 7 July 2026

Stop payment fraud before money moves

Verify the person, business, and bank account before any payment leaves your account.