While the APPs are not prescriptive, each APP entity needs to consider how the principles apply to its own situation. The principles cover:
- an individual having the option of transacting anonymously or using a pseudonym where practicable
- the collection of solicited personal information and receipt of unsolicited personal information including giving notice about collection
- how personal information can be used and disclosed (including overseas)
- maintaining the quality of personal information
- keeping personal information secure
- right for individuals to access and correct their personal information
There are also separate APPs that deal with the use and disclosure of personal information for the purpose of direct marketing (APP 7), cross-border disclosure of personal information (APP 8) and the adoption, use and disclosure of government related identifiers (APP 9).
The APPs place more stringent obligations on APP entities when they handle ‘sensitive information’. Sensitive information is a type of personal information and includes information about an individual's:
- health (including predictive genetic information)
- racial or ethnic origin
- political opinions
- membership of a political association, professional or trade association or trade union
- religious beliefs or affiliations
- philosophical beliefs
- sexual orientation or practices
- criminal record
- biometric information that is to be used for certain purposes
- biometric templates.
For a summary of the APPs, see the APP quick reference tool. For more detail, see the full text of the APPs. Additional information on complying with the APPs can be found in the APP guidelines. The OAIC also provides a training webinar on the APPs, aimed at people who are unfamiliar with the Privacy Act.