I got a lot of enquiries over this, and although I stress I am not a lawyer, and this is my understanding of the law.
* All organisations in Australia have an obligation to protect peoples privacy but not all the laws refer to all organisations.
* The current new laws are based on existing privacy laws and there are many laws about privacy both State and Federal. In my state of Victoria, there are seven laws listed for Victorians in the Wikipedia here plus there are a further eight laws listed that would cover us federally.
I found the Victorian government very useful in this, and they gave me here a free template to create our privacy statement.
They also directed me to this link which had a long explanation which is here which we found very useful in reviewing our pos software.
* What really stunned us when we were briefed about these new laws is that a violation of the privacy laws may occur even if the information is false. For example, say I put in the computer a client's date of birth as 01/01/1990 and this is not true. It may not matter if a data breach occurs as it appears in the data that your birthday is 01/01/1990.
As all states have their own laws, if you have any queries you should address it with your state government authority or your state industry body.