Helpious LogoHelpious

What rights do consumers have after identity theft in Australia?

Answer

Yes, consumers have significant rights after identity theft in Australia, primarily under the Privacy Act 1988 and Australian Consumer Law. These include rights to notification, correction of personal information, and complaint avenues for misuse or mishandling of data.

Office of the Australian Information Commissioner (OAIC)
R
Robert JasonContent Researcher
Verified
Last UpdatedMay 3, 2026

Was this helpful?

15 readers found this helpful

How it works in practice

Understanding Your Rights

In Australia, if your personal information is compromised through identity theft, you are protected by the Privacy Act 1988, particularly the Notifiable Data Breaches (NDB) scheme. This scheme mandates that organisations must notify you if a data breach is likely to result in serious harm.

Legal Protections

Beyond notification, you have rights to request access to and correction of your personal information held by organisations. If you believe your data has been misused or mishandled, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC). Additionally, Australian Consumer Law may offer recourse if the identity theft resulted from a business's failure to provide services with due care and skill, leading to financial loss.

Financial Protections

Many financial institutions offer protections against fraudulent transactions resulting from identity theft, especially for credit and debit card use. Reporting promptly is crucial to activate these protections and limit your liability for unauthorised transactions.

Important exceptions

Your rights and recourse after identity theft can be limited if you contributed to the compromise, for example, by willingly sharing personal information, neglecting basic security practices like strong passwords, or failing to report the incident promptly. If a data breach did not occur, or if the responsible entity is not subject to Australian privacy laws (e.g., an overseas scammer), seeking direct legal remedies can be challenging. Financial institutions may also limit liability if gross negligence on the consumer's part is proven. Recovery of funds from international scams often proves difficult due to jurisdictional complexities.

What you should do now

  1. Contact your bank and financial institutions immediately to report any suspicious activity and block accounts or cards compromised by the theft.

  2. Change passwords for all your online accounts, especially email, banking, and social media, using strong, unique passwords or a password manager.

  3. Report the identity theft to official Australian authorities like Scamwatch and ReportCyber (if it involves cybercrime), providing all relevant details and evidence.

  4. Monitor your credit reports and financial statements regularly for any unauthorised activity or new accounts opened in your name.

  5. If personal information was misused or mishandled by an organisation, lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Expert Notes

No expert notes have been added to this question yet.

People also asked

Explore highly relevant questions and get instant verified short answers.

Can't find an answer?
Submit your question below. If we publish an answer, it will appear in the "People also asked" section on this page.

We'll notify you if your question is answered. We won't use your email for anything else.