Australian Privacy Principles

The Australian Privacy Principles (APPs) regulate the handling of personal information by Australian government agencies and some private sector organisations.[1]

The 13 APPs are contained in schedule 1 of the Privacy Act 1988 (the Privacy Act).

The APPs cover the collection, use, disclosure and storage of personal information. They allow individuals to access their personal information and have it corrected if it is incorrect. There are also separate APPs that deal with the use and disclosure of personal information for the purpose of direct marketing (APP 7), cross-border disclosure of personal information (APP 8) and the adoption, use and disclosure of government related identifiers (APP 9).

The APPs generally apply to Australian and Norfolk Island government agencies and also to private sector organisations with an annual turnover of $3 million or more. These entities are known as ‘APP entities’. In addition, the APPs will apply to some private sector organisations with an annual turnover of less than $3 million, such as health service providers. More information is available on the Who is covered by privacy and the Privacy Topics — Business pages.

For a summary of the APPs, see the APP quick reference tool. For more detail, see the full text of the APPs. For people who are not familiar with the Privacy Act, a summary of the obligations in the APPs is contained in Introduction to the APPs and the OAIC’s regulatory approach. Additional information on complying with the APPs can be found in the APP guidelines.

[1] The APPs, which came into force on 12 March 2014, replaced the Information Privacy Principles (IPPs) that previously applied to Australian and Norfolk Island Government agencies and the National Privacy Principles (NPPs) that previously applied to private sector organisations.

Share this page

Protecting information rights — advancing information policy