Big Data involves analysis based on artificial intelligence and machine learning to mine vast troves of personal data to find correlations which are used to inform decisions that affect individuals. This raises privacy issues, as well as broader issues of lack of due process, discrimination and consumer protection. This article analyses the Privacy Act 1988 (Cth) (Privacy Act) and identifies a number of limitations in its capacity to address the issues posed by Big Personal Data. It then discusses three possible sources of solutions for these issues: the new General Data Protection Regulation, which commenced operation in the European Union in May 2018; relevant recommendations in the Productivity Commission's report on Data Availability and Use; and the proposed new criminal offences for re-identification of de-identified government data in the Privacy Amendment (Re-identification Offence) Bill 2016 (Cth). It also considers the extent to which other laws may have a role to play in addressing the gaps identified in the Privacy Act.