Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

Australian Privacy Principles

The Australian Privacy Principles (APPs), which are contained in schedule 1 of the Privacy Act 1988 (Privacy Act), outline how most Australian and Norfolk Island Government agencies, all private sector and not-for-profit organisations with an annual turnover of more than $3 million, all private health service providers and some small businesses (collectively called ‘APP entities’) must handle, use and manage personal information.

While the APPs are not prescriptive, each APP entity needs to consider how the principles apply to its own situation. The principles cover:

  • the open and transparent management of personal information including having a privacy policy
  • an individual having the option of transacting anonymously or using a pseudonym where practicable
  • the collection of solicited personal information and receipt of unsolicited personal information including giving notice about collection
  • how personal information can be used and disclosed (including overseas)
  • maintaining the quality of personal information
  • keeping personal information secure
  • right for individuals to access and correct their personal information

There are also separate APPs that deal with the use and disclosure of personal information for the purpose of direct marketing (APP 7), cross-border disclosure of personal information (APP 8) and the adoption, use and disclosure of government related identifiers (APP 9).

More information is available on the Rights and responsibilities and the FAQs — Businesses pages.

Sensitive information

The APPs place more stringent obligations on APP entities when they handle ‘sensitive information’. Sensitive information is a type of personal information and includes information about an individual's:

  • health (including predictive genetic information)
  • racial or ethnic origin
  • political opinions
  • membership of a political association, professional or trade association or trade union
  • religious beliefs or affiliations
  • philosophical beliefs
  • sexual orientation or practices
  • criminal record
  • biometric information that is to be used for certain purposes
  • biometric templates.

For a summary of the APPs, see the APP quick reference tool. For more detail, see the full text of the APPs. Additional information on complying with the APPs can be found in the APP guidelines. The OAIC also provides a training webinar on the APPs, aimed at people who are unfamiliar with the Privacy Act.