Knowing your privacy rights

<  Back to Fact Sheets
Knowing your privacy rights 

We all have rights in relation to the protection of personal information. Privacy legislation in Australia and New Zealand requires regulated entities to protect your information that identifies you. It is important to understand these rights, particularly when they are threatened by identity compromise and misuse, including data breach events. The Privacy Commissioner websites in Australia and New Zealand are the best sources of information on these rights. This Fact Sheet introduces the basics and provides some tips if your identity information is compromised. 

Know Your Privacy Rights 

In most cases privacy legislation and related rules allows individuals to: 

  •  Know why information is being collected, how it will be used, and who it can be disclosed to. 
  • Give an option to opt out of being identified or using a pseudonym. 
  • Ask for access to your own personal information. 
  • Stop receiving unwanted direct marketing. Ask for incorrect information to be corrected. 
  • Make a complaint about an entity covered by the legislation if you believe they have mishandled your information. 

Following the introduction of new notifiable data breach laws in Australia, organisations with obligations under the Privacy Act 1998 (Cth) must now notify you of certain data breaches. Please see our Data breaches & your rights fact sheet

Privacy Awareness 

It is important to take steps to maintain the safety of your privacy. 

  •  Always read privacy policies to understand how your information will be used 
  • Always ask why, how, and who. If you don’t think they need it, don’t supply it 
  • Keep yourself safe online. 
  • Make sure the websites you are visiting are secure before providing any personal information. 
  • Avoid using unsecured Wi-Fi. 
  • Use strong, diverse passwords for all your accounts. 
  • Use security software on all devices. 
  • Be careful with what you share on social media and store on your devices. 
  • Store your private information inconspicuously and securely dispose of hard copy and electronic records. 
  • Keep up to date on the latest scams. Block cookies and think about whether you are happy to lose control of your private information. 

Privacy and Identity Theft 
  • ‍You have a right to know what personal information of yours was used to commit a crime. Be persistent. Businesses are expected to have procedures for identifying and responding to privacy issues. 
  • Note that whilst an organisation is not required to provide you details about the person that is suspected of impersonating you, there are ways that good organisations can validate whether your credentials have been used, such as parties confirming the first and last numbers of a credential. 
  • Ensure that all communications and decisions made with the business are recorded.
  • Some industries have a national ombudsman, or a state and territory industry ombudsman. These offices may be able to resolve disputes on your behalf. 
  • We’ve seen organisations facilitate the further compromise of personal information because they have willingly divulged details to perpetrators thinking it is to the real customer – it’s important to understand whether this has happened and what the service provider proposes to do in response. 
  • If your information has been data breached, please see our Data Breaches Fact Sheet on data breaches for consumers. 

For additional support or information, contact IDCARE by submitting a Get Help Form or call 1800 595 160 (Aus) or 0800 121 068 (NZ).


Identity Care Australia & New Zealand Ltd (IDCARE) provides identity and cyber security incident response services (the Services) in accordance with the following disclaimer of service:

  • IDCARE is Australia and New Zealand’s national identity and cyber incident community support service. IDCARE is a not-for-profit and registered Australian charity.
  • The Services provided do not constitute legal advice. IDCARE recommends that you consult your own legal counsel in relation to your legal rights and obligations, including but not limited to your legal rights or obligations under Australian and international privacy and data protection laws.
  • While every effort has been made to ensure the accuracy of the content provided, to the maximum extent permitted by law all conditions, terms, representations, and warranties (in each case, whether express or implied) in connection with the provision of the Services which might otherwise be binding upon IDCARE are excluded.
  • IDCARE’S liability for any loss or damage suffered by any person or organisation (including, without limitation, any direct, indirect or consequential loss or damage) arising out of or in connection with the Services (including without limited liability for any negligent act or omission, or statement, representation or misrepresentation of any officers, employees, agents, contractors or consultants of IDCARE) shall be limited to the fees paid by you to IDCARE in respect of the Services. For the avoidance of doubt, this limitation of liability extends to any liability arising from any actions performed or not performed as a result of any recommendations made in the course of providing the Services.
  • If you would like to provide feedback please use our Feedback Form.


IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Case Managers to learn more about our Support Services and how we can help you.   

Get help

Submit a web request

Call Centre Icon


1800 595 160

Mon - Fri: 8am - 5pm AEST

QLD: 07 3555 5900
ACT & NSW: 02 8999 3356
VIC: 03 7018 2366
NT, SA & WA08 7078 7741

Call Centre Icon

call our NEW ZEALAND

0800 121 068

Mon - Fri: 10am - 7pm NZST

AKL: 09 884 4440