Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

APP quick reference tool

From 12 March 2014

Australian Privacy Principles — a summary for APP entities

For private sector organisations, Australian Government and Norfolk Island agencies covered by the Privacy Act 1988.

APP 1 — Open and transparent management of personal information

Ensures that APP entities manage personal information in an open andtransparent way. This includes having a clearly expressed and up to date APP privacy policy.

Back to Contents

APP 2 — Anonymity and pseudonymity

Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.

Back to Contents

APP 3 — Collection of solicited personal information

Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information.

Back to Contents

APP 4 — Dealing with unsolicited personal information

Outlines how APP entities must deal with unsolicited personal information.

Back to Contents

APP 5 — Notification of the collection of personal information

Outlines when and in what circumstances an APP entity that collects personal information must notify an individual of certain matters.

Back to Contents

APP 6 — Use or disclosure of personal information

Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.

Back to Contents

APP 7 — Direct marketing

An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.

Back to Contents

APP 8 — Cross-border disclosure of personal information

Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.

Back to Contents

Outlines the limited circumstances when an organisation may adopt agovernment related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.

Back to Contents

APP 10 — Quality of personal information

An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.

Back to Contents

APP 11 — Security of personal information

An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access,modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.

Back to Contents

APP 12 — Access to personal information

Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.

Back to Contents

APP 13 — Correction of personal information

Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals.

Back to Contents