What is the Schedule 2 of the Privacy Act?

Asked by: Dr. Leland Johnston  |  Last update: May 29, 2026
Score: 4.6/5 (69 votes)

Schedule 2 of Australia's Privacy Act 1988 introduces a new civil right (a tort) for serious invasions of privacy, allowing individuals to sue for intentional or reckless intrusions into seclusion or serious misuse of their personal information, provided the public interest in privacy outweighs other interests, with specific exemptions for intelligence and law enforcement, and potential defenses similar to defamation.

What is the Schedule 2 of the Privacy Act 1988?

This Schedule establishes a cause of action in tort for serious invasions of privacy. An individual has a cause of action against another person if, among other things, the other person invaded the individual's privacy by intruding upon their seclusion or misusing information relating to them.

What does section 2 of the Privacy Act protect?

(2) The business may maintain a confidential record of deletion requests solely for the purpose of preventing the personal information of a consumer who has submitted a deletion request from being sold, for compliance with laws, or for other purposes solely to the extent permissible under this title.

What exactly does "right to privacy" mean?

Legally, the right of privacy is a basic law which includes: The right of persons to be free from unwarranted publicity. Unwarranted appropriation of one's personality. Publicizing one's private affairs without a legitimate public concern.

What is Article 2 of the data Protection Act?

2 GDPR Material scope. This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.

What Is The Privacy Act? - SecurityFirstCorp.com

35 related questions found

What is the purpose of article 2?

Article Two vests the power of the executive branch in the office of the president of the United States, lays out the procedures for electing and removing/impeaching the president, and establishes the president's powers and responsibilities.

What are the three rules of the data protection Act?

Data Protection Act 1998 principles

Principle 1 – Fair and Lawful. Principle 2 – Purposes. Principle 3 – Adequacy.

What are some examples of privacy violations?

Data privacy laws impact businesses that collect, process, and/or use consumer personal information. Some of the most common privacy violations include insufficient legal basis for data processing, unclear privacy notification details, and data breaches.

What are the four types of privacy rights?

Intrusion upon seclusion; Appropriation of a person's name or likeness; Public disclosure of private facts; and. Publicity placing person in false light.

What are the 7 principles of privacy?

The "7 privacy principles" often refer to those in the GDPR (General Data Protection Regulation) or Privacy by Design (PbD), with GDPR focusing on data processing (Lawfulness, Purpose Limitation, Minimization, Accuracy, Storage Limitation, Security, Accountability) and PbD on system design (Proactive, Default, Embedded, Full Functionality, End-to-End Security, Visibility, Respect for User). Both frameworks emphasize transparency, security, and user control, guiding organizations to handle personal data responsibly.
 

What are the three rights under the Privacy Act?

The three primary rights under the U.S. Privacy Act of 1974 are the right to access your federal agency records, the right to amend inaccurate or incomplete records, and the right to seek legal action if the government violates your privacy rights, with broader principles also protecting against unwarranted disclosures and mandating agency accountability. 

What are 10 examples of sensitive personal information?

Definition of Sensitive Personal Information

  • Racial or ethnic origin.
  • Political opinions.
  • Religious or philosophical beliefs.
  • Trade union membership.
  • Genetic data.
  • Biometric data.
  • Health data.
  • Sexual orientation or sex life.

What is a violation of the Privacy Act?

What Is a Violation of Privacy? The unauthorized disclosure, collection, or handling of an individual's personal identifiable information (PII) in a manner that violates laws relating to the protection of consumer information is considered a violation of privacy.

What is considered a privacy breach?

A breach of privacy is the unauthorized collection, access, use, or disclosure of an individual's personal information, violating their right to control their own data, ranging from internal misuse (like an employee snooping) to external cyberattacks, involving sensitive data like SSNs, health records, or financial details, often with legal ramifications. 

What is a serious invasion of privacy?

The ALRC Report recommended the introduction of a statutory cause of action for serious invasions of privacy for physical intrusions into a person's private space by watching, listening to, or recording a person's private affairs, and for the misuse of a person's private information.

What rights do I have under the DPA?

What individual rights are provided by Part 3 of the DPA 2018: law enforcement processing?

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure or restrict processing; and.
  • the right not to be subject to automated decision-making.

What is the most common privacy violation?

What are the 10 Most Common HIPAA Violations?

  • Insufficient ePHI Access Controls. ...
  • Failure to Use Encryption or an Equivalent Measure to Safeguard ePHI on Portable Devices. ...
  • Exceeding the 60-Day Deadline for Issuing Breach Notifications. ...
  • Impermissible Disclosures of Protected Health Information. ...
  • Improper Disposal of PHI.

What qualifies as invasion of privacy?

Invasion of privacy involves the infringement upon an individual's protected right to privacy through a variety of intrusive or unwanted actions. Such invasions of privacy can range from physical encroachments onto private property to the wrongful disclosure of confidential information or images.

How to prove invasion of privacy?

To prove invasion of privacy, you must show the defendant intentionally intruded on a private matter where you had a reasonable expectation of privacy, and the intrusion would be highly offensive to an average person, often by documenting specific acts like hidden cameras, unauthorized access, or public disclosure of private facts, and then consulting a lawyer to understand the four main types of invasion: intrusion, public disclosure, false light, and appropriation. 

What is an example of a breach of the Privacy Act?

loss or theft of physical devices (such as laptops and storage devices) or paper records that contain personal information. unauthorised access to personal information by an employee. inadvertent disclosure of personal information due to 'human error', for example an email sent to the wrong person.

What is the most common cause of privacy breach?

The Major Causes of Data Breaches

  • Social Engineering and phishing attacks. Social engineering and phishing attacks are the top causes of security breaches due to their exploitation of human psychology. ...
  • Weak Authentication Practices. ...
  • Insider threats.

Who enforces privacy laws?

The California Privacy Protection Agency's (Agency) mission is to protect consumer privacy, ensure businesses and consumers are well–informed about their rights and obligations, and vigorously enforce the California Consumer Privacy Act (CCPA).

What is illegal under the data protection Act?

Under the DPA, there are a number of civil and criminal offences relating to the breach of personal data. However, the broadest, most serious, and most likely to apply is that of “unlawfully obtaining personal data” (section 170(1)).

What are the 7 golden rules of data protection?

The principles are: Lawfulness, Fairness, and Transparency; Purpose Limitation; Data Minimisation; Accuracy; Storage Limitations; Integrity and Confidentiality; and Accountability.

What is unlawful processing of personal data?

Unlawful data processing refers to the unauthorised or inappropriate collection, storage, use, or dissemination of personal data in a manner that violates data privacy laws and regulations. This glossary entry will explore unlawful data processing, its implications, and how it relates to data privacy.