And we also have state and territory governments and regulatory authorities applying state and territory privacy laws relating to personal information derived from their agencies, use of workplace or video surveillance technologies, use of tracking devices and technologies and access to computer data. There is plenty of overlap of state and federal law, and plenty of variation in the content of these laws.
And then, of course, there are industry codes of practice, many of which include provisions dealing with privacy and provide remedies for non-compliance.
Privacy and data protection in Australia has become a confusing landscape, with forests of regulation to get lost in, unexplored corners and many poorly understood rules.
At a time when privacy and information security is becoming a major area of concern for governments, businesses and consumers, it is unfortunate that Australia has created such a confusing thicket of regulation and quasi regulation.
So the next time that the CIO chairs a security and privacy compliance meeting with the CMO, the HR director, IT security experts and privacy professionals, and that meeting disappears into a cloud of mutual incomprehension, you'll understand why.
Sign up for CIO Asia eNewsletters.