This website is for use by legal professionals (lawyers and law practices) only. If the information is used incorrectly, you could risk losing money or your legal rights. If you are a member of the public looking for free advice about your legal problems please visit, or contact our Legal Help advice line on 1300 792 387, Monday to Friday from 8 am to 6 pm. 

If you decide to use or rely on the information or make decisions based on the information in this website (which VLA does not recommend) VLA is not liable to you or any third party in any way for any loss, damage, costs or expenses you or they may suffer or incur as a result.

Identity theft

Information about how to protect a person from identity theft.

Identity theft is when someone uses your personal information such as your date of birth, address, visa or bank account details. Then that person uses this information to create a fake identity. Once they have done this then they can apply for real identity credentials, such as a driver licence, passport, other bank or credit accounts using their own photograph. Once this is done, they can rack up huge debts using the false identity.

Government responses

The Commonwealth Attorney General has developed a publication to help people to take steps to protect their identity. The Victorian Department of Justice and Regulation has also developed a site to inform people about how to protect their online presence.


Minimising the risk

There are some steps that can be taken to minimise the risk of being a victim of identity theft:

  • use secure mail boxes so that postal mail cannot be stolen
  • shred personal documents before disposing of them
  • being really careful about the kind of information shared on social media
  • only carry essential personal documents with you
  • make copies of key documents (such as your passport, birth certificate, driver licence) and keep them in a secure place
  • use strong passwords, encrypted files or trusted data vault websites
  • do not leave personal documents in the car
  • protect your computer with security software
  • do not open an email attachment from a stranger.

See Commonwealth Attorney General—Protecting your identity.

Requirement to notify person of a data breach

From 22 February 2018, Commonwealth organisations regulated by the Privacy Act 1988 (such as Commonwealth Government Agencies and some private sector organisations) are required to notify people who have been affected by a eligible data breach. A data breach happens when there is unauthorised access to or unauthorised disclosure of certain information about one or more people. For the breach to be eligible, a reasonable person would need to conclude that the breach would result in a likely risk of serious harm to any of the people affected by the breach.

If an organisation suspects that a data breach may have occurred, they are required to make an assessment to see if the breach is reasonably likely to result in serious harm to a person affected. When they notify a person following a breach they must make recommendations about the steps the person should take. The organisation must also inform the Australian Information Commissioner about the breach.


More information


Privacy Act 1988 (Cth)

  • Part lllC—Notification of eligible data breaches

See Privacy Act 1988 (Cth).


Commonwealth Attorney General

The Attorney General site has produced a booklet informing people how to protect themselves from identity theft.

See Commonwealth Attorney General—Protecting your identity.

Department of Justice and Regulation

This Victorian government department has developed a site with information to explain what cybercrime is and to help people to protect their information when using online media.

See Department of Justice and Regulation—Cybercrime.

Australian Cybercrime Online Reporting Network (ACORN)

This Commonwealth government site has information about cyber-bullying, identity theft, attacks on computer systems and other online scams.

See Australian Cybercrime Online Reporting Network—Learn about cybercrime.

Office of the Australian Information Commissioner (OAIC)

This Commonwealth Commissioner is responsible for making sure that Commonwealth government agencies and applicable organisations comply with the Commonwealth Privacy Act 1988. This includes making sure that the Australian Privacy Principles have been followed and breaches of data security are dealt with.

See OAIC—Notifiable data breaches scheme.


This site has information about how to stop sites tracking a user's internet browsing habits.

See Lifehacker—how to stop everyone tracking you on the web.