The Australian National Privacy Act of 1988 provides guidance and regulates how organisations collect, store, secure, process and disclose personal information. The National Privacy Principles (NPP) listed in the Privacy Act were developed to ensure that organisations holding personal information handle and process it responsibly. In march 2014, the revised Privacy Amendment Act introduced a set of new principles, focusing on the handling of personal information, now called the Australian Privacy Principles (APPs). This requires organisations to put in place SLAs, with an emphasis on security, that list the right to audit, reporting requirements , data locations permitted and not permitted, who can access the information, and additional information like cross-border disclosure of PII.
The Office of the Australian Information Commissioner (OAIC) provides oversight and governance on data privacy regulations of sensitive personal information.