Legal News

Australian Privacy Principles – Reference Guide

Australian Privacy Principles quick reference
APP 1 — Open and transparent management of personal information
You must manage personal information in an open and transparent way. This includes having a clearly expressed and up to date “APP privacy policy”.
APP 2 — Anonymity and pseudonymity
You must give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions for legal requirements or impracticability may apply.
APP 3 — Collection of solicited personal information
You may only solicit and collect personal information where it is reasonably necessary for your functions or activities. Higher standards apply to the collection of ‘sensitive’ information. The individual must consent to the collection of sensitive information. All information must be collected by lawful and fair means, and directly from the individual if possible.
APP 4 — Dealing with unsolicited personal information
If you receive sensitive information without seeking it, you must determine whether you could have collected if it were solicited or if it is contained in a federal government record. If not, it must be destroyed. If you could have collected the information, you may keep it, in accordance with the other APPs.
APP 5 — Notification of the collection of personal information
You must notify an individual of certain matters when personal information is collected (called APP 5 matters). Generally, those APP 5 matters inform the person of when, how, and why the information was collected.
APP 6 — Use or disclosure of personal information
You may only use or disclose personal information for a purpose for which it was collected (known as a ‘primary purpose’), or for a secondary purpose if an exception applies.
APP 7 — Direct marketing
You may only use or disclose personal information for direct marketing purposes if certain conditions are met. The individual must reasonably expect their information to be used or disclosed that way, or have consented, and they must be provided a simple way to opt out.
APP 8 — Cross-border disclosure of personal information
If you send information to another person or company overseas, you are responsible for any action by them that would breach an APP. You must take reasonable steps to ensure they do not breach the APPs, which may include a binding and enforceable contract. You can disclose overseas if you have consent or the recipient is subject to substantially similar privacy laws.
APP 9 — Adoption, use or disclosure of government related identifiers
You must not adopt or use or disclose a government related identifier of an individual. Government related identifies include Medicare number, driver’s license number, and passport numbers. Some exceptions apply.
APP 10 — Quality of personal information
You must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. You must also take reasonable steps to ensure the personal information you use or disclose is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.
APP 11 — Security of personal information
You must take reasonable steps to protect personal information you hold from misuse, interference and loss, and from unauthorised access, modification or disclosure.
You have an obligation to destroy or de-identify personal information in certain circumstances.
APP 12 — Access to personal information
You must give an individual access to the personal information held about them, unless an exception applies.
APP 13 — Correction of personal information
If the individual the personal information is about makes a request to have that information corrected, you must correct it.
Permitted General Situations
  • Lessening or preventing a serious threat to the life, health or safety of any individual or to the public.
  • Taking appropriate action in relation to suspected unlawful activity or serious misconduct.
  • Locating a person reported as missing.
  • Asserting a legal or equitable claim, or conducting an alternative dispute resolution process.
If you have any questions or queries about privacy law, please contact us:
Philip Earle
Business + Property Lawyers
P  (03) 9600 3330
Claire Munro-Smith
Business + Property Lawyers
P  (03) 9600 3330

The Facts not every law firm can say

Find Out More