Not necessarily. Companies that collect, store, and use personal information are required to comply with the Privacy Act 1988 if they have an annual turnover of more than $3 million, or if they are a credit reporting body, health service provider, or trade in personal information. Additionally, companies that are operating as a part of a larger organization that falls under the Privacy Act may also be required to comply with the legislation. It is important for companies to assess whether they are subject to the Privacy Act and take appropriate steps to ensure compliance with the law.
